stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/mancala-1.0.3/mancala.c
Examining data/mancala-1.0.3/mancala.h
Examining data/mancala-1.0.3/minimax.c
Examining data/mancala-1.0.3/minimax.h
Examining data/mancala-1.0.3/rulestxt.c
Examining data/mancala-1.0.3/textmain.c
Examining data/mancala-1.0.3/xmain.c

FINAL RESULTS:

data/mancala-1.0.3/textmain.c:41:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf((q < MAX_HOLES - 1) ? "%c:%2d | " : "%c:%2d\n",
data/mancala-1.0.3/textmain.c:45:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf((q < MAX_HOLES - 1) ? "-----+-" : "----");
data/mancala-1.0.3/textmain.c:49:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf((q < MAX_HOLES - 1) ? "%c:%2d | " : "%c:%2d\n",
data/mancala-1.0.3/xmain.c:112:5:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    vsprintf(s, format, ap);
data/mancala-1.0.3/xmain.c:177:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(s, "version %s", VERSION);
data/mancala-1.0.3/mancala.c:221:5:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    srand(time(NULL));
data/mancala-1.0.3/mancala.c:77:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&boardStack[idx], &boardStack[idx - 1], sizeof(Board));
data/mancala-1.0.3/textmain.c:63:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char   s[80];
data/mancala-1.0.3/textmain.c:64:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char   playerName[2][20] = { "player at bottom", "player at top" };
data/mancala-1.0.3/textmain.c:72:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	maxPly[0] = maxPly[1] = atoi(argv[1]);
data/mancala-1.0.3/textmain.c:74:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	maxPly[1] = atoi(argv[1]);
data/mancala-1.0.3/textmain.c:75:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	maxPly[0] = atoi(argv[2]);
data/mancala-1.0.3/textmain.c:77:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	maxPly[1] = atoi(argv[1]);
data/mancala-1.0.3/textmain.c:78:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	maxPly[0] = atoi(argv[2]);
data/mancala-1.0.3/textmain.c:79:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	stones_pr_hole = atoi(argv[3]);
data/mancala-1.0.3/xmain.c:49:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *playerName[2] = { "the human player", "the computer" };
data/mancala-1.0.3/xmain.c:82:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char   s[10];
data/mancala-1.0.3/xmain.c:86:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s, "%d", getMancala(p));
data/mancala-1.0.3/xmain.c:89:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(s, "%d", getHole(p, q));
data/mancala-1.0.3/xmain.c:109:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    s[120];
data/mancala-1.0.3/xmain.c:174:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[20];

ANALYSIS SUMMARY:

Hits = 21
Lines analyzed = 1353 in approximately 0.05 seconds (26641 lines/second)
Physical Source Lines of Code (SLOC) = 710
Hits@level = [0]  19 [1]   0 [2]  15 [3]   1 [4]   5 [5]   0
Hits@level+ = [0+]  40 [1+]  21 [2+]  21 [3+]   6 [4+]   5 [5+]   0
Hits/KSLOC@level+ = [0+] 56.338 [1+] 29.5775 [2+] 29.5775 [3+] 8.4507 [4+] 7.04225 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.