Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/kpat-20.08.3/dealerinfo.h Examining data/kpat-20.08.3/dealerinfo.cpp Examining data/kpat-20.08.3/soundengine.h Examining data/kpat-20.08.3/gypsy.cpp Examining data/kpat-20.08.3/golf.cpp Examining data/kpat-20.08.3/golf.h Examining data/kpat-20.08.3/soundengine.cpp Examining data/kpat-20.08.3/grandf.cpp Examining data/kpat-20.08.3/mod3.h Examining data/kpat-20.08.3/view.h Examining data/kpat-20.08.3/patpile.cpp Examining data/kpat-20.08.3/mainwindow.h Examining data/kpat-20.08.3/autotests/shuffle_test.cpp Examining data/kpat-20.08.3/autotests/freecell_solver.cpp Examining data/kpat-20.08.3/autotests/solver_format.cpp Examining data/kpat-20.08.3/autotests/settings_for_tests.cpp Examining data/kpat-20.08.3/autotests/golf_solver_wins.cpp Examining data/kpat-20.08.3/autotests/solve_by_name.cpp Examining data/kpat-20.08.3/dealer.cpp Examining data/kpat-20.08.3/yukon.cpp Examining data/kpat-20.08.3/numbereddealdialog.h Examining data/kpat-20.08.3/numbereddealdialog.cpp Examining data/kpat-20.08.3/libkcardgame/kcardscene.h Examining data/kpat-20.08.3/libkcardgame/kcardpile.cpp Examining data/kpat-20.08.3/libkcardgame/kcardtheme.h Examining data/kpat-20.08.3/libkcardgame/kcarddeck.h Examining data/kpat-20.08.3/libkcardgame/kcardpile.h Examining data/kpat-20.08.3/libkcardgame/kcarddeck.cpp Examining data/kpat-20.08.3/libkcardgame/kabstractcarddeck_p.h Examining data/kpat-20.08.3/libkcardgame/kcardscene.cpp Examining data/kpat-20.08.3/libkcardgame/common.h Examining data/kpat-20.08.3/libkcardgame/kcard.cpp Examining data/kpat-20.08.3/libkcardgame/kabstractcarddeck.cpp Examining data/kpat-20.08.3/libkcardgame/kcardthemewidget.h Examining data/kpat-20.08.3/libkcardgame/kcardthemewidget.cpp Examining data/kpat-20.08.3/libkcardgame/kcardthemewidget_p.h Examining data/kpat-20.08.3/libkcardgame/kcardtheme.cpp Examining data/kpat-20.08.3/libkcardgame/kabstractcarddeck.h Examining data/kpat-20.08.3/libkcardgame/kcard_p.h Examining data/kpat-20.08.3/libkcardgame/kcard.h Examining data/kpat-20.08.3/simon.cpp Examining data/kpat-20.08.3/clock.cpp Examining data/kpat-20.08.3/view.cpp Examining data/kpat-20.08.3/gypsy.h Examining data/kpat-20.08.3/mod3.cpp Examining data/kpat-20.08.3/freecell.h Examining data/kpat-20.08.3/messagebox.cpp Examining data/kpat-20.08.3/idiot.h Examining data/kpat-20.08.3/patpile.h Examining data/kpat-20.08.3/idiot.cpp Examining data/kpat-20.08.3/speeds.h Examining data/kpat-20.08.3/klondike.cpp Examining data/kpat-20.08.3/simon.h Examining data/kpat-20.08.3/gamestate.h Examining data/kpat-20.08.3/fcs_soft_suspend_test.c Examining data/kpat-20.08.3/mainwindow.cpp Examining data/kpat-20.08.3/gameselectionscene.h Examining data/kpat-20.08.3/grandf.h Examining data/kpat-20.08.3/statisticsdialog.h Examining data/kpat-20.08.3/freecell.cpp Examining data/kpat-20.08.3/yukon.h Examining data/kpat-20.08.3/spider.h Examining data/kpat-20.08.3/shuffle.h Examining data/kpat-20.08.3/main.cpp Examining data/kpat-20.08.3/spider.cpp Examining data/kpat-20.08.3/gameselectionscene.cpp Examining data/kpat-20.08.3/pileutils.h Examining data/kpat-20.08.3/messagebox.h Examining data/kpat-20.08.3/dealer.h Examining data/kpat-20.08.3/clock.h Examining data/kpat-20.08.3/fortyeight.cpp Examining data/kpat-20.08.3/klondike.h Examining data/kpat-20.08.3/renderer.h Examining data/kpat-20.08.3/statisticsdialog.cpp Examining data/kpat-20.08.3/fortyeight.h Examining data/kpat-20.08.3/pileutils.cpp Examining data/kpat-20.08.3/patsolve/yukonsolver.h Examining data/kpat-20.08.3/patsolve/memory.h Examining data/kpat-20.08.3/patsolve/yukonsolver.cpp Examining data/kpat-20.08.3/patsolve/fortyeightsolver.h Examining data/kpat-20.08.3/patsolve/idiotsolver.h Examining data/kpat-20.08.3/patsolve/clocksolver.cpp Examining data/kpat-20.08.3/patsolve/freecellsolver.cpp Examining data/kpat-20.08.3/patsolve/spidersolver.h Examining data/kpat-20.08.3/patsolve/gypsysolver.cpp Examining data/kpat-20.08.3/patsolve/spidersolver.cpp Examining data/kpat-20.08.3/patsolve/abstract_fc_solve_solver.cpp Examining data/kpat-20.08.3/patsolve/simonsolver.h Examining data/kpat-20.08.3/patsolve/solverinterface.h Examining data/kpat-20.08.3/patsolve/mod3solver.h Examining data/kpat-20.08.3/patsolve/simonsolver.cpp Examining data/kpat-20.08.3/patsolve/klondikesolver.h Examining data/kpat-20.08.3/patsolve/idiotsolver.cpp Examining data/kpat-20.08.3/patsolve/grandfsolver.cpp Examining data/kpat-20.08.3/patsolve/clocksolver.h Examining data/kpat-20.08.3/patsolve/abstract_fc_solve_solver.h Examining data/kpat-20.08.3/patsolve/memory.cpp Examining data/kpat-20.08.3/patsolve/golfsolver.cpp Examining data/kpat-20.08.3/patsolve/mod3solver.cpp Examining data/kpat-20.08.3/patsolve/patsolve.h Examining data/kpat-20.08.3/patsolve/golfsolver.h Examining data/kpat-20.08.3/patsolve/grandfsolver.h Examining data/kpat-20.08.3/patsolve/fortyeightsolver.cpp Examining data/kpat-20.08.3/patsolve/klondikesolver.cpp Examining data/kpat-20.08.3/patsolve/patsolve.cpp Examining data/kpat-20.08.3/patsolve/gypsysolver.h Examining data/kpat-20.08.3/patsolve/freecellsolver.h Examining data/kpat-20.08.3/hint.h Examining data/kpat-20.08.3/renderer.cpp FINAL RESULTS: data/kpat-20.08.3/patsolve/freecellsolver.cpp:470:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(board_as_string, deal->solverFormat().toLatin1().constData()); data/kpat-20.08.3/patsolve/golfsolver.cpp:346:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(board_as_string, deal->solverFormat().toLatin1().constData()); data/kpat-20.08.3/patsolve/patsolve.cpp:249:19: [4] (buffer) strecpy: This function does not protect against buffer overflows (CWE-120). Ensure the destination has 4 times the size of the source, to leave room for expansion. static inline int strecpy(unsigned char *d, unsigned char *s) data/kpat-20.08.3/patsolve/patsolve.cpp:286:7: [4] (buffer) strecpy: This function does not protect against buffer overflows (CWE-120). Ensure the destination has 4 times the size of the source, to leave room for expansion. i = strecpy(W[w], l->pile); data/kpat-20.08.3/patsolve/simonsolver.cpp:419:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(board_as_string, deal->solverFormat().toLatin1().constData()); data/kpat-20.08.3/main.cpp:212:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). of.open(QIODevice::ReadOnly); data/kpat-20.08.3/main.cpp:250:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open( QFile::WriteOnly ); data/kpat-20.08.3/main.cpp:257:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open( QFile::WriteOnly ); data/kpat-20.08.3/mainwindow.cpp:778:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). stateFile.open( QFile::WriteOnly | QFile::Truncate ); data/kpat-20.08.3/mainwindow.cpp:901:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open( QBuffer::ReadOnly ); data/kpat-20.08.3/mainwindow.cpp:968:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( !localFile.open( QFile::WriteOnly ) ) data/kpat-20.08.3/mainwindow.cpp:976:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( !tempFile.open() ) data/kpat-20.08.3/mainwindow.cpp:995:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tempFile.open(); data/kpat-20.08.3/patsolve/abstract_fc_solve_solver.cpp:95:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * known_parameters[1] = {nullptr}; data/kpat-20.08.3/patsolve/abstract_fc_solve_solver.h:50:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char board_as_string[4 * 13 * 2 * 4 * 3]; data/kpat-20.08.3/patsolve/freecellsolver.cpp:288:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * freecell_solver_cmd_line_args[CMD_LINE_ARGS_NUM] = data/kpat-20.08.3/patsolve/golfsolver.h:39:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char board_as_string[4 * 13 * 2 * 4 * 3]; data/kpat-20.08.3/patsolve/gypsysolver.cpp:447:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[10]; data/kpat-20.08.3/patsolve/gypsysolver.cpp:456:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buffer, "DECK%d", i ); data/kpat-20.08.3/patsolve/simonsolver.cpp:150:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * freecell_solver_cmd_line_args[CMD_LINE_ARGS_NUM] = data/kpat-20.08.3/patsolve/patsolve.cpp:437:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char*)l->pile, (char*)W[w], Wlen[w] + 1); data/kpat-20.08.3/patsolve/patsolve.cpp:471:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j = strlen((char*)l->pile); /* @@@ use block? */ ANALYSIS SUMMARY: Hits = 22 Lines analyzed = 23694 in approximately 5.81 seconds (4075 lines/second) Physical Source Lines of Code (SLOC) = 16313 Hits@level = [0] 150 [1] 2 [2] 15 [3] 0 [4] 5 [5] 0 Hits@level+ = [0+] 172 [1+] 22 [2+] 20 [3+] 5 [4+] 5 [5+] 0 Hits/KSLOC@level+ = [0+] 10.5437 [1+] 1.34862 [2+] 1.22602 [3+] 0.306504 [4+] 0.306504 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.