Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libcsfml-2.5/doc/mainpage.hpp
Examining data/libcsfml-2.5/include/SFML/Audio.h
Examining data/libcsfml-2.5/include/SFML/Audio/Export.h
Examining data/libcsfml-2.5/include/SFML/Audio/Listener.h
Examining data/libcsfml-2.5/include/SFML/Audio/Music.h
Examining data/libcsfml-2.5/include/SFML/Audio/Sound.h
Examining data/libcsfml-2.5/include/SFML/Audio/SoundBuffer.h
Examining data/libcsfml-2.5/include/SFML/Audio/SoundBufferRecorder.h
Examining data/libcsfml-2.5/include/SFML/Audio/SoundRecorder.h
Examining data/libcsfml-2.5/include/SFML/Audio/SoundStatus.h
Examining data/libcsfml-2.5/include/SFML/Audio/SoundStream.h
Examining data/libcsfml-2.5/include/SFML/Audio/Types.h
Examining data/libcsfml-2.5/include/SFML/Config.h
Examining data/libcsfml-2.5/include/SFML/GPUPreference.h
Examining data/libcsfml-2.5/include/SFML/Graphics.h
Examining data/libcsfml-2.5/include/SFML/Graphics/BlendMode.h
Examining data/libcsfml-2.5/include/SFML/Graphics/CircleShape.h
Examining data/libcsfml-2.5/include/SFML/Graphics/Color.h
Examining data/libcsfml-2.5/include/SFML/Graphics/ConvexShape.h
Examining data/libcsfml-2.5/include/SFML/Graphics/Export.h
Examining data/libcsfml-2.5/include/SFML/Graphics/Font.h
Examining data/libcsfml-2.5/include/SFML/Graphics/FontInfo.h
Examining data/libcsfml-2.5/include/SFML/Graphics/Glsl.h
Examining data/libcsfml-2.5/include/SFML/Graphics/Glyph.h
Examining data/libcsfml-2.5/include/SFML/Graphics/Image.h
Examining data/libcsfml-2.5/include/SFML/Graphics/PrimitiveType.h
Examining data/libcsfml-2.5/include/SFML/Graphics/Rect.h
Examining data/libcsfml-2.5/include/SFML/Graphics/RectangleShape.h
Examining data/libcsfml-2.5/include/SFML/Graphics/RenderStates.h
Examining data/libcsfml-2.5/include/SFML/Graphics/RenderTexture.h
Examining data/libcsfml-2.5/include/SFML/Graphics/RenderWindow.h
Examining data/libcsfml-2.5/include/SFML/Graphics/Shader.h
Examining data/libcsfml-2.5/include/SFML/Graphics/Shape.h
Examining data/libcsfml-2.5/include/SFML/Graphics/Sprite.h
Examining data/libcsfml-2.5/include/SFML/Graphics/Text.h
Examining data/libcsfml-2.5/include/SFML/Graphics/Texture.h
Examining data/libcsfml-2.5/include/SFML/Graphics/Transform.h
Examining data/libcsfml-2.5/include/SFML/Graphics/Transformable.h
Examining data/libcsfml-2.5/include/SFML/Graphics/Types.h
Examining data/libcsfml-2.5/include/SFML/Graphics/Vertex.h
Examining data/libcsfml-2.5/include/SFML/Graphics/VertexArray.h
Examining data/libcsfml-2.5/include/SFML/Graphics/VertexBuffer.h
Examining data/libcsfml-2.5/include/SFML/Graphics/View.h
Examining data/libcsfml-2.5/include/SFML/Network.h
Examining data/libcsfml-2.5/include/SFML/Network/Export.h
Examining data/libcsfml-2.5/include/SFML/Network/Ftp.h
Examining data/libcsfml-2.5/include/SFML/Network/Http.h
Examining data/libcsfml-2.5/include/SFML/Network/IpAddress.h
Examining data/libcsfml-2.5/include/SFML/Network/Packet.h
Examining data/libcsfml-2.5/include/SFML/Network/SocketSelector.h
Examining data/libcsfml-2.5/include/SFML/Network/SocketStatus.h
Examining data/libcsfml-2.5/include/SFML/Network/TcpListener.h
Examining data/libcsfml-2.5/include/SFML/Network/TcpSocket.h
Examining data/libcsfml-2.5/include/SFML/Network/Types.h
Examining data/libcsfml-2.5/include/SFML/Network/UdpSocket.h
Examining data/libcsfml-2.5/include/SFML/OpenGL.h
Examining data/libcsfml-2.5/include/SFML/System.h
Examining data/libcsfml-2.5/include/SFML/System/Clock.h
Examining data/libcsfml-2.5/include/SFML/System/Export.h
Examining data/libcsfml-2.5/include/SFML/System/InputStream.h
Examining data/libcsfml-2.5/include/SFML/System/Mutex.h
Examining data/libcsfml-2.5/include/SFML/System/Sleep.h
Examining data/libcsfml-2.5/include/SFML/System/Thread.h
Examining data/libcsfml-2.5/include/SFML/System/Time.h
Examining data/libcsfml-2.5/include/SFML/System/Types.h
Examining data/libcsfml-2.5/include/SFML/System/Vector2.h
Examining data/libcsfml-2.5/include/SFML/System/Vector3.h
Examining data/libcsfml-2.5/include/SFML/Window.h
Examining data/libcsfml-2.5/include/SFML/Window/Clipboard.h
Examining data/libcsfml-2.5/include/SFML/Window/Context.h
Examining data/libcsfml-2.5/include/SFML/Window/Cursor.h
Examining data/libcsfml-2.5/include/SFML/Window/Event.h
Examining data/libcsfml-2.5/include/SFML/Window/Export.h
Examining data/libcsfml-2.5/include/SFML/Window/Joystick.h
Examining data/libcsfml-2.5/include/SFML/Window/JoystickIdentification.h
Examining data/libcsfml-2.5/include/SFML/Window/Keyboard.h
Examining data/libcsfml-2.5/include/SFML/Window/Mouse.h
Examining data/libcsfml-2.5/include/SFML/Window/Sensor.h
Examining data/libcsfml-2.5/include/SFML/Window/Touch.h
Examining data/libcsfml-2.5/include/SFML/Window/Types.h
Examining data/libcsfml-2.5/include/SFML/Window/VideoMode.h
Examining data/libcsfml-2.5/include/SFML/Window/Window.h
Examining data/libcsfml-2.5/include/SFML/Window/WindowHandle.h
Examining data/libcsfml-2.5/src/SFML/Audio/Listener.cpp
Examining data/libcsfml-2.5/src/SFML/Audio/Music.cpp
Examining data/libcsfml-2.5/src/SFML/Audio/MusicStruct.h
Examining data/libcsfml-2.5/src/SFML/Audio/Sound.cpp
Examining data/libcsfml-2.5/src/SFML/Audio/SoundBuffer.cpp
Examining data/libcsfml-2.5/src/SFML/Audio/SoundBufferRecorder.cpp
Examining data/libcsfml-2.5/src/SFML/Audio/SoundBufferRecorderStruct.h
Examining data/libcsfml-2.5/src/SFML/Audio/SoundBufferStruct.h
Examining data/libcsfml-2.5/src/SFML/Audio/SoundRecorder.cpp
Examining data/libcsfml-2.5/src/SFML/Audio/SoundRecorderStruct.h
Examining data/libcsfml-2.5/src/SFML/Audio/SoundStream.cpp
Examining data/libcsfml-2.5/src/SFML/Audio/SoundStreamStruct.h
Examining data/libcsfml-2.5/src/SFML/Audio/SoundStruct.h
Examining data/libcsfml-2.5/src/SFML/CallbackStream.h
Examining data/libcsfml-2.5/src/SFML/ConvertEvent.h
Examining data/libcsfml-2.5/src/SFML/Graphics/BlendMode.cpp
Examining data/libcsfml-2.5/src/SFML/Graphics/CircleShape.cpp
Examining data/libcsfml-2.5/src/SFML/Graphics/CircleShapeStruct.h
Examining data/libcsfml-2.5/src/SFML/Graphics/Color.cpp
Examining data/libcsfml-2.5/src/SFML/Graphics/ConvertRenderStates.hpp
Examining data/libcsfml-2.5/src/SFML/Graphics/ConvertTransform.hpp
Examining data/libcsfml-2.5/src/SFML/Graphics/ConvexShape.cpp
Examining data/libcsfml-2.5/src/SFML/Graphics/ConvexShapeStruct.h
Examining data/libcsfml-2.5/src/SFML/Graphics/Font.cpp
Examining data/libcsfml-2.5/src/SFML/Graphics/FontStruct.h
Examining data/libcsfml-2.5/src/SFML/Graphics/Image.cpp
Examining data/libcsfml-2.5/src/SFML/Graphics/ImageStruct.h
Examining data/libcsfml-2.5/src/SFML/Graphics/Rect.cpp
Examining data/libcsfml-2.5/src/SFML/Graphics/RectangleShape.cpp
Examining data/libcsfml-2.5/src/SFML/Graphics/RectangleShapeStruct.h
Examining data/libcsfml-2.5/src/SFML/Graphics/RenderTexture.cpp
Examining data/libcsfml-2.5/src/SFML/Graphics/RenderTextureStruct.h
Examining data/libcsfml-2.5/src/SFML/Graphics/RenderWindow.cpp
Examining data/libcsfml-2.5/src/SFML/Graphics/RenderWindowStruct.h
Examining data/libcsfml-2.5/src/SFML/Graphics/Shader.cpp
Examining data/libcsfml-2.5/src/SFML/Graphics/ShaderStruct.h
Examining data/libcsfml-2.5/src/SFML/Graphics/Shape.cpp
Examining data/libcsfml-2.5/src/SFML/Graphics/ShapeStruct.h
Examining data/libcsfml-2.5/src/SFML/Graphics/Sprite.cpp
Examining data/libcsfml-2.5/src/SFML/Graphics/SpriteStruct.h
Examining data/libcsfml-2.5/src/SFML/Graphics/Text.cpp
Examining data/libcsfml-2.5/src/SFML/Graphics/TextStruct.h
Examining data/libcsfml-2.5/src/SFML/Graphics/Texture.cpp
Examining data/libcsfml-2.5/src/SFML/Graphics/TextureStruct.h
Examining data/libcsfml-2.5/src/SFML/Graphics/Transform.cpp
Examining data/libcsfml-2.5/src/SFML/Graphics/Transformable.cpp
Examining data/libcsfml-2.5/src/SFML/Graphics/TransformableStruct.h
Examining data/libcsfml-2.5/src/SFML/Graphics/VertexArray.cpp
Examining data/libcsfml-2.5/src/SFML/Graphics/VertexArrayStruct.h
Examining data/libcsfml-2.5/src/SFML/Graphics/VertexBuffer.cpp
Examining data/libcsfml-2.5/src/SFML/Graphics/VertexBufferStruct.h
Examining data/libcsfml-2.5/src/SFML/Graphics/View.cpp
Examining data/libcsfml-2.5/src/SFML/Graphics/ViewStruct.h
Examining data/libcsfml-2.5/src/SFML/Internal.h
Examining data/libcsfml-2.5/src/SFML/Main/SFML_Main.cpp
Examining data/libcsfml-2.5/src/SFML/Network/Ftp.cpp
Examining data/libcsfml-2.5/src/SFML/Network/FtpStruct.h
Examining data/libcsfml-2.5/src/SFML/Network/Http.cpp
Examining data/libcsfml-2.5/src/SFML/Network/HttpStruct.h
Examining data/libcsfml-2.5/src/SFML/Network/IpAddress.cpp
Examining data/libcsfml-2.5/src/SFML/Network/Packet.cpp
Examining data/libcsfml-2.5/src/SFML/Network/PacketStruct.h
Examining data/libcsfml-2.5/src/SFML/Network/SocketSelector.cpp
Examining data/libcsfml-2.5/src/SFML/Network/SocketSelectorStruct.h
Examining data/libcsfml-2.5/src/SFML/Network/TcpListener.cpp
Examining data/libcsfml-2.5/src/SFML/Network/TcpListenerStruct.h
Examining data/libcsfml-2.5/src/SFML/Network/TcpSocket.cpp
Examining data/libcsfml-2.5/src/SFML/Network/TcpSocketStruct.h
Examining data/libcsfml-2.5/src/SFML/Network/UdpSocket.cpp
Examining data/libcsfml-2.5/src/SFML/Network/UdpSocketStruct.h
Examining data/libcsfml-2.5/src/SFML/System/Clock.cpp
Examining data/libcsfml-2.5/src/SFML/System/ClockStruct.h
Examining data/libcsfml-2.5/src/SFML/System/Mutex.cpp
Examining data/libcsfml-2.5/src/SFML/System/MutexStruct.h
Examining data/libcsfml-2.5/src/SFML/System/Sleep.cpp
Examining data/libcsfml-2.5/src/SFML/System/Thread.cpp
Examining data/libcsfml-2.5/src/SFML/System/ThreadStruct.h
Examining data/libcsfml-2.5/src/SFML/System/Time.cpp
Examining data/libcsfml-2.5/src/SFML/Window/Clipboard.cpp
Examining data/libcsfml-2.5/src/SFML/Window/Context.cpp
Examining data/libcsfml-2.5/src/SFML/Window/ContextSettingsInternal.h
Examining data/libcsfml-2.5/src/SFML/Window/ContextStruct.h
Examining data/libcsfml-2.5/src/SFML/Window/Cursor.cpp
Examining data/libcsfml-2.5/src/SFML/Window/CursorStruct.h
Examining data/libcsfml-2.5/src/SFML/Window/Joystick.cpp
Examining data/libcsfml-2.5/src/SFML/Window/Keyboard.cpp
Examining data/libcsfml-2.5/src/SFML/Window/Mouse.cpp
Examining data/libcsfml-2.5/src/SFML/Window/Sensor.cpp
Examining data/libcsfml-2.5/src/SFML/Window/Touch.cpp
Examining data/libcsfml-2.5/src/SFML/Window/VideoMode.cpp
Examining data/libcsfml-2.5/src/SFML/Window/Window.cpp
Examining data/libcsfml-2.5/src/SFML/Window/WindowStruct.h
Examining data/libcsfml-2.5/debian/tests/csfml_test.c
FINAL RESULTS:
data/libcsfml-2.5/include/SFML/Config.h:73:27: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#error This operating system is not supported by SFML library
data/libcsfml-2.5/include/SFML/Window/Event.h:83:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sfBool system;
data/libcsfml-2.5/src/SFML/ConvertEvent.h:61:48: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
event->key.system = SFMLEvent.key.system ? sfTrue : sfFalse;
data/libcsfml-2.5/src/SFML/Network/IpAddress.cpp:93:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(string, address.address);
data/libcsfml-2.5/debian/tests/csfml_test.c:16:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/libcsfml-2.5/include/SFML/Network/IpAddress.h:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[16];
data/libcsfml-2.5/src/SFML/Graphics/Transform.cpp:61:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(matrix, converted.getMatrix(), 16 * sizeof(float));
data/libcsfml-2.5/include/SFML/System/InputStream.h:46:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sfInputStreamReadFunc read; ///< Function to read data from the stream
data/libcsfml-2.5/src/SFML/CallbackStream.h:71:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual sf::Int64 read(void* data, sf::Int64 size)
data/libcsfml-2.5/src/SFML/CallbackStream.h:73:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return myStream.read ? myStream.read(data, size, myStream.userData) : -1;
data/libcsfml-2.5/src/SFML/CallbackStream.h:73:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return myStream.read ? myStream.read(data, size, myStream.userData) : -1;
data/libcsfml-2.5/src/SFML/Network/IpAddress.cpp:39:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(result.address, address.toString().c_str(), 16);
data/libcsfml-2.5/src/SFML/Network/TcpSocket.cpp:78:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(result.address, address.toString().c_str(), 16);
data/libcsfml-2.5/src/SFML/Network/UdpSocket.cpp:116:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(remoteAddress->address, address.toString().c_str(), 16);
data/libcsfml-2.5/src/SFML/Network/UdpSocket.cpp:152:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(remoteAddress->address, address.toString().c_str(), 16);
ANALYSIS SUMMARY:
Hits = 15
Lines analyzed = 25410 in approximately 0.55 seconds (46507 lines/second)
Physical Source Lines of Code (SLOC) = 7784
Hits@level = [0] 7 [1] 8 [2] 3 [3] 0 [4] 4 [5] 0
Hits@level+ = [0+] 22 [1+] 15 [2+] 7 [3+] 4 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 2.82631 [1+] 1.92703 [2+] 0.899281 [3+] 0.513875 [4+] 0.513875 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.