Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/kpat-20.08.3/dealerinfo.h
Examining data/kpat-20.08.3/dealerinfo.cpp
Examining data/kpat-20.08.3/soundengine.h
Examining data/kpat-20.08.3/gypsy.cpp
Examining data/kpat-20.08.3/golf.cpp
Examining data/kpat-20.08.3/golf.h
Examining data/kpat-20.08.3/soundengine.cpp
Examining data/kpat-20.08.3/grandf.cpp
Examining data/kpat-20.08.3/mod3.h
Examining data/kpat-20.08.3/view.h
Examining data/kpat-20.08.3/patpile.cpp
Examining data/kpat-20.08.3/mainwindow.h
Examining data/kpat-20.08.3/autotests/shuffle_test.cpp
Examining data/kpat-20.08.3/autotests/freecell_solver.cpp
Examining data/kpat-20.08.3/autotests/solver_format.cpp
Examining data/kpat-20.08.3/autotests/settings_for_tests.cpp
Examining data/kpat-20.08.3/autotests/golf_solver_wins.cpp
Examining data/kpat-20.08.3/autotests/solve_by_name.cpp
Examining data/kpat-20.08.3/dealer.cpp
Examining data/kpat-20.08.3/yukon.cpp
Examining data/kpat-20.08.3/numbereddealdialog.h
Examining data/kpat-20.08.3/numbereddealdialog.cpp
Examining data/kpat-20.08.3/libkcardgame/kcardscene.h
Examining data/kpat-20.08.3/libkcardgame/kcardpile.cpp
Examining data/kpat-20.08.3/libkcardgame/kcardtheme.h
Examining data/kpat-20.08.3/libkcardgame/kcarddeck.h
Examining data/kpat-20.08.3/libkcardgame/kcardpile.h
Examining data/kpat-20.08.3/libkcardgame/kcarddeck.cpp
Examining data/kpat-20.08.3/libkcardgame/kabstractcarddeck_p.h
Examining data/kpat-20.08.3/libkcardgame/kcardscene.cpp
Examining data/kpat-20.08.3/libkcardgame/common.h
Examining data/kpat-20.08.3/libkcardgame/kcard.cpp
Examining data/kpat-20.08.3/libkcardgame/kabstractcarddeck.cpp
Examining data/kpat-20.08.3/libkcardgame/kcardthemewidget.h
Examining data/kpat-20.08.3/libkcardgame/kcardthemewidget.cpp
Examining data/kpat-20.08.3/libkcardgame/kcardthemewidget_p.h
Examining data/kpat-20.08.3/libkcardgame/kcardtheme.cpp
Examining data/kpat-20.08.3/libkcardgame/kabstractcarddeck.h
Examining data/kpat-20.08.3/libkcardgame/kcard_p.h
Examining data/kpat-20.08.3/libkcardgame/kcard.h
Examining data/kpat-20.08.3/simon.cpp
Examining data/kpat-20.08.3/clock.cpp
Examining data/kpat-20.08.3/view.cpp
Examining data/kpat-20.08.3/gypsy.h
Examining data/kpat-20.08.3/mod3.cpp
Examining data/kpat-20.08.3/freecell.h
Examining data/kpat-20.08.3/messagebox.cpp
Examining data/kpat-20.08.3/idiot.h
Examining data/kpat-20.08.3/patpile.h
Examining data/kpat-20.08.3/idiot.cpp
Examining data/kpat-20.08.3/speeds.h
Examining data/kpat-20.08.3/klondike.cpp
Examining data/kpat-20.08.3/simon.h
Examining data/kpat-20.08.3/gamestate.h
Examining data/kpat-20.08.3/fcs_soft_suspend_test.c
Examining data/kpat-20.08.3/mainwindow.cpp
Examining data/kpat-20.08.3/gameselectionscene.h
Examining data/kpat-20.08.3/grandf.h
Examining data/kpat-20.08.3/statisticsdialog.h
Examining data/kpat-20.08.3/freecell.cpp
Examining data/kpat-20.08.3/yukon.h
Examining data/kpat-20.08.3/spider.h
Examining data/kpat-20.08.3/shuffle.h
Examining data/kpat-20.08.3/main.cpp
Examining data/kpat-20.08.3/spider.cpp
Examining data/kpat-20.08.3/gameselectionscene.cpp
Examining data/kpat-20.08.3/pileutils.h
Examining data/kpat-20.08.3/messagebox.h
Examining data/kpat-20.08.3/dealer.h
Examining data/kpat-20.08.3/clock.h
Examining data/kpat-20.08.3/fortyeight.cpp
Examining data/kpat-20.08.3/klondike.h
Examining data/kpat-20.08.3/renderer.h
Examining data/kpat-20.08.3/statisticsdialog.cpp
Examining data/kpat-20.08.3/fortyeight.h
Examining data/kpat-20.08.3/pileutils.cpp
Examining data/kpat-20.08.3/patsolve/yukonsolver.h
Examining data/kpat-20.08.3/patsolve/memory.h
Examining data/kpat-20.08.3/patsolve/yukonsolver.cpp
Examining data/kpat-20.08.3/patsolve/fortyeightsolver.h
Examining data/kpat-20.08.3/patsolve/idiotsolver.h
Examining data/kpat-20.08.3/patsolve/clocksolver.cpp
Examining data/kpat-20.08.3/patsolve/freecellsolver.cpp
Examining data/kpat-20.08.3/patsolve/spidersolver.h
Examining data/kpat-20.08.3/patsolve/gypsysolver.cpp
Examining data/kpat-20.08.3/patsolve/spidersolver.cpp
Examining data/kpat-20.08.3/patsolve/abstract_fc_solve_solver.cpp
Examining data/kpat-20.08.3/patsolve/simonsolver.h
Examining data/kpat-20.08.3/patsolve/solverinterface.h
Examining data/kpat-20.08.3/patsolve/mod3solver.h
Examining data/kpat-20.08.3/patsolve/simonsolver.cpp
Examining data/kpat-20.08.3/patsolve/klondikesolver.h
Examining data/kpat-20.08.3/patsolve/idiotsolver.cpp
Examining data/kpat-20.08.3/patsolve/grandfsolver.cpp
Examining data/kpat-20.08.3/patsolve/clocksolver.h
Examining data/kpat-20.08.3/patsolve/abstract_fc_solve_solver.h
Examining data/kpat-20.08.3/patsolve/memory.cpp
Examining data/kpat-20.08.3/patsolve/golfsolver.cpp
Examining data/kpat-20.08.3/patsolve/mod3solver.cpp
Examining data/kpat-20.08.3/patsolve/patsolve.h
Examining data/kpat-20.08.3/patsolve/golfsolver.h
Examining data/kpat-20.08.3/patsolve/grandfsolver.h
Examining data/kpat-20.08.3/patsolve/fortyeightsolver.cpp
Examining data/kpat-20.08.3/patsolve/klondikesolver.cpp
Examining data/kpat-20.08.3/patsolve/patsolve.cpp
Examining data/kpat-20.08.3/patsolve/gypsysolver.h
Examining data/kpat-20.08.3/patsolve/freecellsolver.h
Examining data/kpat-20.08.3/hint.h
Examining data/kpat-20.08.3/renderer.cpp
FINAL RESULTS:
data/kpat-20.08.3/patsolve/freecellsolver.cpp:470:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(board_as_string, deal->solverFormat().toLatin1().constData());
data/kpat-20.08.3/patsolve/golfsolver.cpp:346:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(board_as_string, deal->solverFormat().toLatin1().constData());
data/kpat-20.08.3/patsolve/patsolve.cpp:249:19: [4] (buffer) strecpy:
This function does not protect against buffer overflows (CWE-120). Ensure
the destination has 4 times the size of the source, to leave room for
expansion.
static inline int strecpy(unsigned char *d, unsigned char *s)
data/kpat-20.08.3/patsolve/patsolve.cpp:286:7: [4] (buffer) strecpy:
This function does not protect against buffer overflows (CWE-120). Ensure
the destination has 4 times the size of the source, to leave room for
expansion.
i = strecpy(W[w], l->pile);
data/kpat-20.08.3/patsolve/simonsolver.cpp:419:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(board_as_string, deal->solverFormat().toLatin1().constData());
data/kpat-20.08.3/main.cpp:212:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
of.open(QIODevice::ReadOnly);
data/kpat-20.08.3/main.cpp:250:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open( QFile::WriteOnly );
data/kpat-20.08.3/main.cpp:257:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open( QFile::WriteOnly );
data/kpat-20.08.3/mainwindow.cpp:778:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stateFile.open( QFile::WriteOnly | QFile::Truncate );
data/kpat-20.08.3/mainwindow.cpp:901:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open( QBuffer::ReadOnly );
data/kpat-20.08.3/mainwindow.cpp:968:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( !localFile.open( QFile::WriteOnly ) )
data/kpat-20.08.3/mainwindow.cpp:976:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( !tempFile.open() )
data/kpat-20.08.3/mainwindow.cpp:995:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tempFile.open();
data/kpat-20.08.3/patsolve/abstract_fc_solve_solver.cpp:95:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * known_parameters[1] = {nullptr};
data/kpat-20.08.3/patsolve/abstract_fc_solve_solver.h:50:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char board_as_string[4 * 13 * 2 * 4 * 3];
data/kpat-20.08.3/patsolve/freecellsolver.cpp:288:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * freecell_solver_cmd_line_args[CMD_LINE_ARGS_NUM] =
data/kpat-20.08.3/patsolve/golfsolver.h:39:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char board_as_string[4 * 13 * 2 * 4 * 3];
data/kpat-20.08.3/patsolve/gypsysolver.cpp:447:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[10];
data/kpat-20.08.3/patsolve/gypsysolver.cpp:456:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buffer, "DECK%d", i );
data/kpat-20.08.3/patsolve/simonsolver.cpp:150:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * freecell_solver_cmd_line_args[CMD_LINE_ARGS_NUM] =
data/kpat-20.08.3/patsolve/patsolve.cpp:437:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)l->pile, (char*)W[w], Wlen[w] + 1);
data/kpat-20.08.3/patsolve/patsolve.cpp:471:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen((char*)l->pile); /* @@@ use block? */
ANALYSIS SUMMARY:
Hits = 22
Lines analyzed = 23694 in approximately 5.81 seconds (4075 lines/second)
Physical Source Lines of Code (SLOC) = 16313
Hits@level = [0] 150 [1] 2 [2] 15 [3] 0 [4] 5 [5] 0
Hits@level+ = [0+] 172 [1+] 22 [2+] 20 [3+] 5 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 10.5437 [1+] 1.34862 [2+] 1.22602 [3+] 0.306504 [4+] 0.306504 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.