Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/kmahjongg-20.04.3/src/selectionanimation.cpp
Examining data/kmahjongg-20.04.3/src/demoanimation.h
Examining data/kmahjongg-20.04.3/src/gamescene.cpp
Examining data/kmahjongg-20.04.3/src/gameremovedtiles.h
Examining data/kmahjongg-20.04.3/src/kmtypes.h
Examining data/kmahjongg-20.04.3/src/gameview.cpp
Examining data/kmahjongg-20.04.3/src/kmahjongg.cpp
Examining data/kmahjongg-20.04.3/src/movelistanimation.cpp
Examining data/kmahjongg-20.04.3/src/editor.h
Examining data/kmahjongg-20.04.3/src/gameview.h
Examining data/kmahjongg-20.04.3/src/boardlayout.h
Examining data/kmahjongg-20.04.3/src/gamebackground.h
Examining data/kmahjongg-20.04.3/src/gamescene.h
Examining data/kmahjongg-20.04.3/src/gamedata.cpp
Examining data/kmahjongg-20.04.3/src/main.cpp
Examining data/kmahjongg-20.04.3/src/version.h
Examining data/kmahjongg-20.04.3/src/editor.cpp
Examining data/kmahjongg-20.04.3/src/kmahjongglayout.cpp
Examining data/kmahjongg-20.04.3/src/gameitem.h
Examining data/kmahjongg-20.04.3/src/movelistanimation.h
Examining data/kmahjongg-20.04.3/src/gameitem.cpp
Examining data/kmahjongg-20.04.3/src/kmahjongglayoutselector.cpp
Examining data/kmahjongg-20.04.3/src/demoanimation.cpp
Examining data/kmahjongg-20.04.3/src/frameimage.h
Examining data/kmahjongg-20.04.3/src/selectionanimation.h
Examining data/kmahjongg-20.04.3/src/kmahjongglayout.h
Examining data/kmahjongg-20.04.3/src/boardlayout.cpp
Examining data/kmahjongg-20.04.3/src/gamedata.h
Examining data/kmahjongg-20.04.3/src/kmahjongg.h
Examining data/kmahjongg-20.04.3/src/frameimage.cpp
Examining data/kmahjongg-20.04.3/src/gamebackground.cpp
Examining data/kmahjongg-20.04.3/src/kmahjongglayoutselector.h
Examining data/kmahjongg-20.04.3/src/gameremovedtiles.cpp
FINAL RESULTS:
data/kmahjongg-20.04.3/src/gamedata.cpp:248:41: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
position = static_cast<int>(random.getLong(m_numTilesToGenerate));
data/kmahjongg-20.04.3/src/gamedata.cpp:405:24: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
position = random.getLong(m_numTilesToGenerate);
data/kmahjongg-20.04.3/src/gamedata.cpp:580:23: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
p2 = p1 = random.getLong(remaining - 2);
data/kmahjongg-20.04.3/src/gamedata.cpp:584:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
p2 = random.getLong(remaining - 2);
data/kmahjongg-20.04.3/src/gamedata.cpp:680:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
to = random.getLong(144);
data/kmahjongg-20.04.3/src/gamedata.cpp:902:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random.setSeed(0); // WABA: Why is the seed reset?
data/kmahjongg-20.04.3/src/gamedata.cpp:903:21: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
short pos = random.getLong(posCount) & -2; // Even value
data/kmahjongg-20.04.3/src/gamedata.cpp:1080:20: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int pos1 = random.getLong(count);
data/kmahjongg-20.04.3/src/gamedata.cpp:1081:20: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int pos2 = random.getLong(count);
data/kmahjongg-20.04.3/src/gamedata.h:91:21: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
KRandomSequence random;
data/kmahjongg-20.04.3/src/gameview.cpp:221:33: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
m_gameNumber = KRandom::random();
data/kmahjongg-20.04.3/src/gameview.cpp:228:17: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
m_gameData->random.setSeed(m_gameNumber);
data/kmahjongg-20.04.3/src/boardlayout.cpp:66:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::ReadWrite)) {
data/kmahjongg-20.04.3/src/boardlayout.cpp:118:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f.open(QIODevice::ReadOnly)) {
data/kmahjongg-20.04.3/src/boardlayout.cpp:166:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f.open(QIODevice::ReadOnly)) {
data/kmahjongg-20.04.3/src/boardlayout.cpp:270:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to, m_board.data(), m_width * m_height * m_depth);
data/kmahjongg-20.04.3/src/gamedata.h:117:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_removedCharacter[9];
data/kmahjongg-20.04.3/src/gamedata.h:118:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_removedBamboo[9];
data/kmahjongg-20.04.3/src/gamedata.h:119:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_removedRod[9];
data/kmahjongg-20.04.3/src/gamedata.h:120:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_removedDragon[3];
data/kmahjongg-20.04.3/src/gamedata.h:121:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_removedWind[9];
data/kmahjongg-20.04.3/src/gamedata.h:122:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_removedFlower[4];
data/kmahjongg-20.04.3/src/gamedata.h:123:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_removedSeason[4];
data/kmahjongg-20.04.3/src/kmahjongg.cpp:595:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!infile.open(QFile::ReadOnly)) {
data/kmahjongg-20.04.3/src/kmahjongg.cpp:671:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!outfile.open(QFile::WriteOnly)) {
data/kmahjongg-20.04.3/src/kmahjongglayout.cpp:88:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!bgfile.open(QIODevice::ReadOnly)) {
ANALYSIS SUMMARY:
Hits = 26
Lines analyzed = 7672 in approximately 0.83 seconds (9252 lines/second)
Physical Source Lines of Code (SLOC) = 4694
Hits@level = [0] 0 [1] 0 [2] 14 [3] 12 [4] 0 [5] 0
Hits@level+ = [0+] 26 [1+] 26 [2+] 26 [3+] 12 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 5.53899 [1+] 5.53899 [2+] 5.53899 [3+] 2.55646 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.