stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/littlewizard-1.2.2/acconfig.h
Examining data/littlewizard-1.2.2/liblw/board.cc
Examining data/littlewizard-1.2.2/liblw/boardset.cc
Examining data/littlewizard-1.2.2/liblw/command.cc
Examining data/littlewizard-1.2.2/liblw/environment.cc
Examining data/littlewizard-1.2.2/liblw/message.cc
Examining data/littlewizard-1.2.2/liblw/paritycommand.cc
Examining data/littlewizard-1.2.2/liblw/piece.cc
Examining data/littlewizard-1.2.2/liblw/pixmap.cc
Examining data/littlewizard-1.2.2/liblw/pixmapset.cc
Examining data/littlewizard-1.2.2/liblw/program.cc
Examining data/littlewizard-1.2.2/liblw/project.cc
Examining data/littlewizard-1.2.2/liblw/row.cc
Examining data/littlewizard-1.2.2/liblw/symbol.cc
Examining data/littlewizard-1.2.2/liblw/value.cc
Examining data/littlewizard-1.2.2/liblw/variable.cc
Examining data/littlewizard-1.2.2/liblw/wizard.cc
Examining data/littlewizard-1.2.2/liblw/interpreter.cc
Examining data/littlewizard-1.2.2/liblw/parser.cc
Examining data/littlewizard-1.2.2/liblanguage/commandadd.cc
Examining data/littlewizard-1.2.2/liblanguage/commandand.cc
Examining data/littlewizard-1.2.2/liblanguage/commandappear.cc
Examining data/littlewizard-1.2.2/liblanguage/commandbegin.cc
Examining data/littlewizard-1.2.2/liblanguage/commandbehind.cc
Examining data/littlewizard-1.2.2/liblanguage/commandbrace1.cc
Examining data/littlewizard-1.2.2/liblanguage/commandbrace2.cc
Examining data/littlewizard-1.2.2/liblanguage/commandbreak.cc
Examining data/littlewizard-1.2.2/liblanguage/commandcalculate.cc
Examining data/littlewizard-1.2.2/liblanguage/commandcreate.cc
Examining data/littlewizard-1.2.2/liblanguage/commandconcat.cc
Examining data/littlewizard-1.2.2/liblanguage/commandcontinue.cc
Examining data/littlewizard-1.2.2/liblanguage/commandcontrol.cc
Examining data/littlewizard-1.2.2/liblanguage/commandcontrolgo.cc
Examining data/littlewizard-1.2.2/liblanguage/commanddiv.cc
Examining data/littlewizard-1.2.2/liblanguage/commanddisappear.cc
Examining data/littlewizard-1.2.2/liblanguage/commanddownto.cc
Examining data/littlewizard-1.2.2/liblanguage/commandelse.cc
Examining data/littlewizard-1.2.2/liblanguage/commandend.cc
Examining data/littlewizard-1.2.2/liblanguage/commandeq.cc
Examining data/littlewizard-1.2.2/liblanguage/commandfor.cc
Examining data/littlewizard-1.2.2/liblanguage/commandfor2.cc
Examining data/littlewizard-1.2.2/liblanguage/commandge.cc
Examining data/littlewizard-1.2.2/liblanguage/commandgetposx.cc
Examining data/littlewizard-1.2.2/liblanguage/commandgetposy.cc
Examining data/littlewizard-1.2.2/liblanguage/commandgo.cc
Examining data/littlewizard-1.2.2/liblanguage/commandgt.cc
Examining data/littlewizard-1.2.2/liblanguage/commandif.cc
Examining data/littlewizard-1.2.2/liblanguage/commandindex1.cc
Examining data/littlewizard-1.2.2/liblanguage/commandindex2.cc
Examining data/littlewizard-1.2.2/liblanguage/commandinfront.cc
Examining data/littlewizard-1.2.2/liblanguage/commandle.cc
Examining data/littlewizard-1.2.2/liblanguage/commandleft.cc
Examining data/littlewizard-1.2.2/liblanguage/commandlength.cc
Examining data/littlewizard-1.2.2/liblanguage/commandlt.cc
Examining data/littlewizard-1.2.2/liblanguage/commandmod.cc
Examining data/littlewizard-1.2.2/liblanguage/commandmul.cc
Examining data/littlewizard-1.2.2/liblanguage/commandne.cc
Examining data/littlewizard-1.2.2/liblanguage/commandnot.cc
Examining data/littlewizard-1.2.2/liblanguage/commandopp.cc
Examining data/littlewizard-1.2.2/liblanguage/commandor.cc
Examining data/littlewizard-1.2.2/liblanguage/commandrand.cc
Examining data/littlewizard-1.2.2/liblanguage/commandread.cc
Examining data/littlewizard-1.2.2/liblanguage/commandrepeat.cc
Examining data/littlewizard-1.2.2/liblanguage/commandright.cc
Examining data/littlewizard-1.2.2/liblanguage/commandset.cc
Examining data/littlewizard-1.2.2/liblanguage/commandsetspeed.cc
Examining data/littlewizard-1.2.2/liblanguage/commandsetposx.cc
Examining data/littlewizard-1.2.2/liblanguage/commandsetposy.cc
Examining data/littlewizard-1.2.2/liblanguage/commandstep.cc
Examining data/littlewizard-1.2.2/liblanguage/commandsub.cc
Examining data/littlewizard-1.2.2/liblanguage/commandto.cc
Examining data/littlewizard-1.2.2/liblanguage/commanduntil.cc
Examining data/littlewizard-1.2.2/liblanguage/commandwhile.cc
Examining data/littlewizard-1.2.2/liblanguage/variablegeneric.cc
Examining data/littlewizard-1.2.2/liblanguage/variableworld.cc
Examining data/littlewizard-1.2.2/liblanguage/symbols.cc
Examining data/littlewizard-1.2.2/liblanguage/symbolwizard.cc
Examining data/littlewizard-1.2.2/liblanguage/symbolbreakline.cc
Examining data/littlewizard-1.2.2/liblanguage/symbolremark.cc
Examining data/littlewizard-1.2.2/include/piece.h
Examining data/littlewizard-1.2.2/include/row.h
Examining data/littlewizard-1.2.2/include/board.h
Examining data/littlewizard-1.2.2/include/pixmapset.h
Examining data/littlewizard-1.2.2/include/wizard.h
Examining data/littlewizard-1.2.2/include/boardset.h
Examining data/littlewizard-1.2.2/include/pixmap.h
Examining data/littlewizard-1.2.2/include/command.h
Examining data/littlewizard-1.2.2/include/program.h
Examining data/littlewizard-1.2.2/include/value.h
Examining data/littlewizard-1.2.2/include/message.h
Examining data/littlewizard-1.2.2/include/variable.h
Examining data/littlewizard-1.2.2/include/project.h
Examining data/littlewizard-1.2.2/include/environment.h
Examining data/littlewizard-1.2.2/include/paritycommand.h
Examining data/littlewizard-1.2.2/include/support.h
Examining data/littlewizard-1.2.2/include/symbol.h
Examining data/littlewizard-1.2.2/include/parser.h
Examining data/littlewizard-1.2.2/include/interpreter.h
Examining data/littlewizard-1.2.2/src/main.cc
Examining data/littlewizard-1.2.2/src/interface.cc
Examining data/littlewizard-1.2.2/src/callbacks.cc
Examining data/littlewizard-1.2.2/src/lwtest.cc

FINAL RESULTS:

data/littlewizard-1.2.2/liblanguage/commandrand.cc:32:16:  [3] (random) g_random_int_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	guint randv = g_random_int_range (0, end);
data/littlewizard-1.2.2/liblw/board.cc:389:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		gint piecesize = atoi (piecesizestr);
data/littlewizard-1.2.2/liblw/board.cc:405:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			gint wizardposx = atoi (wizardposxstr);
data/littlewizard-1.2.2/liblw/board.cc:406:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			gint wizardposy = atoi (wizardposystr);
data/littlewizard-1.2.2/liblw/board.cc:407:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			gint wizarddirection = atoi (wizarddirectionstr) - 1;
data/littlewizard-1.2.2/liblw/piece.cc:338:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			id = atoi (idstr);
data/littlewizard-1.2.2/liblw/value.cc:44:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	return atoi (s);
data/littlewizard-1.2.2/src/lwtest.cc:35:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		 	FILE *f = fopen (filename,  "w");
data/littlewizard-1.2.2/src/lwtest.cc:47:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		 	FILE *f = fopen (filename,  "w");

ANALYSIS SUMMARY:

Hits = 9
Lines analyzed = 12661 in approximately 0.35 seconds (35722 lines/second)
Physical Source Lines of Code (SLOC) = 7723
Hits@level = [0]   4 [1]   0 [2]   8 [3]   1 [4]   0 [5]   0
Hits@level+ = [0+]  13 [1+]   9 [2+]   9 [3+]   1 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 1.68328 [1+] 1.16535 [2+] 1.16535 [3+] 0.129483 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.