Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/moon-lander-1.0/DT_drawtext.h
Examining data/moon-lander-1.0/gamelib.h
Examining data/moon-lander-1.0/DT_drawtext.c
Examining data/moon-lander-1.0/game_lib.c
Examining data/moon-lander-1.0/moon_lander.c
FINAL RESULTS:
data/moon-lander-1.0/moon_lander.c:271:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s/.moon_lander", pwp->pw_dir);
data/moon-lander-1.0/moon_lander.c:310:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s/.moon_lander", pwp->pw_dir);
data/moon-lander-1.0/moon_lander.c:356:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(options[0],"%s", "Fancy Terrain");
data/moon-lander-1.0/moon_lander.c:357:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(options[1],"%s", "Progressive Gravity");
data/moon-lander-1.0/moon_lander.c:358:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(options[2],"%s", "Landing Pad Speed Warning");
data/moon-lander-1.0/moon_lander.c:359:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(options[3],"%s", "Variable Speed Landing Pads");
data/moon-lander-1.0/moon_lander.c:360:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(options[4],"%s", "Number Of Ships");
data/moon-lander-1.0/moon_lander.c:448:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(selected_text,"%s","**");
data/moon-lander-1.0/moon_lander.c:451:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(selected_text,"%s"," ");
data/moon-lander-1.0/moon_lander.c:454:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(display_string, "%s %s - %d", selected_text, options[count], value[count] );
data/moon-lander-1.0/moon_lander.c:572:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%simages/blank_terrain.gif", DATAPATH);
data/moon-lander-1.0/moon_lander.c:1783:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%simages/win_icon.bmp", DATAPATH);
data/moon-lander-1.0/moon_lander.c:1790:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%simages/miniship2.bmp", DATAPATH);
data/moon-lander-1.0/moon_lander.c:1793:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%simages/newship.png", DATAPATH);
data/moon-lander-1.0/moon_lander.c:1796:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%simages/thrust1.png", DATAPATH);
data/moon-lander-1.0/moon_lander.c:1799:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%simages/thrust2.png", DATAPATH);
data/moon-lander-1.0/moon_lander.c:1802:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%simages/thrust_left.bmp", DATAPATH);
data/moon-lander-1.0/moon_lander.c:1805:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%simages/thrust_right.bmp", DATAPATH);
data/moon-lander-1.0/moon_lander.c:1808:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%simages/logo.png", DATAPATH);
data/moon-lander-1.0/moon_lander.c:1811:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%simages/backgrounds/red_plain.jpg", DATAPATH);
data/moon-lander-1.0/moon_lander.c:1814:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%simages/magigames_steel.gif", DATAPATH);
data/moon-lander-1.0/moon_lander.c:1820:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%ssounds/Blaster_1.wav", DATAPATH);
data/moon-lander-1.0/moon_lander.c:1824:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%ssounds/Retro_3.wav", DATAPATH);
data/moon-lander-1.0/moon_lander.c:1828:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%ssounds/jet_lp.wav", DATAPATH);
data/moon-lander-1.0/moon_lander.c:1832:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%ssounds/Space_Bubbles_2.wav", DATAPATH);
data/moon-lander-1.0/moon_lander.c:1835:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%ssounds/beep1b.wav", DATAPATH);
data/moon-lander-1.0/moon_lander.c:1839:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%ssounds/honk.wav", DATAPATH);
data/moon-lander-1.0/moon_lander.c:1843:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%ssounds/explosion2.wav", DATAPATH);
data/moon-lander-1.0/moon_lander.c:1846:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%ssounds/eagle_has_landed.wav", DATAPATH);
data/moon-lander-1.0/moon_lander.c:1861:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%sfonts/ConsoleFont.bmp", DATAPATH);
data/moon-lander-1.0/moon_lander.c:1864:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%sfonts/LargeFont.bmp", DATAPATH);
data/moon-lander-1.0/moon_lander.c:1874:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%simages/kablam/exp%02d.png",DATAPATH, count);
data/moon-lander-1.0/moon_lander.c:586:5: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(time(NULL));
data/moon-lander-1.0/moon_lander.c:589:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
y = random()%TERRAIN_YSIZE;
data/moon-lander-1.0/moon_lander.c:592:15: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
miny = ( (random()%(TERRAIN_YSIZE/2)) + 10);
data/moon-lander-1.0/moon_lander.c:593:15: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
maxy = ( (random()%(TERRAIN_YSIZE/2) + TERRAIN_YSIZE/2) -10 );
data/moon-lander-1.0/moon_lander.c:597:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/moon-lander-1.0/moon_lander.c:621:14: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
yfluct = ( (random()%10) - 5);
data/moon-lander-1.0/moon_lander.c:689:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
speed = ( random() % 3 );
data/moon-lander-1.0/moon_lander.c:738:14: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
miny = ( (random()%(TERRAIN_YSIZE/2)) + 10);
data/moon-lander-1.0/moon_lander.c:739:14: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
maxy = ( (random()%(TERRAIN_YSIZE/2) + TERRAIN_YSIZE/2) - 25 );
data/moon-lander-1.0/moon_lander.c:754:14: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
miny = ( (random()%(TERRAIN_YSIZE/2)) + 10);
data/moon-lander-1.0/moon_lander.c:755:14: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
maxy = ( (random()%(TERRAIN_YSIZE/2) + TERRAIN_YSIZE/2) - 10 );
data/moon-lander-1.0/moon_lander.c:179:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024];
data/moon-lander-1.0/moon_lander.c:183:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char files[MAXFILES][NAME_MAX + 1];
data/moon-lander-1.0/moon_lander.c:257:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[200];
data/moon-lander-1.0/moon_lander.c:275:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filename, "moon_lander.conf");
data/moon-lander-1.0/moon_lander.c:280:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (file = fopen(filename, "w")) != NULL) {
data/moon-lander-1.0/moon_lander.c:297:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[200];
data/moon-lander-1.0/moon_lander.c:314:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filename, "moon_lander.conf");
data/moon-lander-1.0/moon_lander.c:319:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (file = fopen(filename, "r")) != NULL) {
data/moon-lander-1.0/moon_lander.c:348:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char options[5][100];
data/moon-lander-1.0/moon_lander.c:349:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char display_string[150];
data/moon-lander-1.0/moon_lander.c:350:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char selected_text[2];
data/moon-lander-1.0/moon_lander.c:552:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[100];
data/moon-lander-1.0/moon_lander.c:785:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char display_string[100];
data/moon-lander-1.0/moon_lander.c:788:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(display_string, "Fuel %d", game->fuel);
data/moon-lander-1.0/moon_lander.c:794:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(display_string, "X Velocity %.2f", game->ship.x_vel);
data/moon-lander-1.0/moon_lander.c:800:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(display_string, "Y Velocity %.2f", game->ship.y_vel);
data/moon-lander-1.0/moon_lander.c:806:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(display_string, "Score: %d", game->score);
data/moon-lander-1.0/moon_lander.c:815:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(display_string, "%d", game->current_level.landing_score[count] );
data/moon-lander-1.0/moon_lander.c:1022:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char display_string[100];
data/moon-lander-1.0/moon_lander.c:1098:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(display_string, "Level: %d", (game->difficulty) + 1);
data/moon-lander-1.0/moon_lander.c:1426:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char display_string[100];
data/moon-lander-1.0/moon_lander.c:1502:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(display_string, "**PAUSED**");
data/moon-lander-1.0/moon_lander.c:1595:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(display_string, "**DEMO MODE - Press Arrow Keys To Exit**");
data/moon-lander-1.0/moon_lander.c:1750:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[100];
data/moon-lander-1.0/moon_lander.c:1752:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[100];
data/moon-lander-1.0/DT_drawtext.c:204:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(string) < (surface->w-x)/CurrentFont->CharWidth)
data/moon-lander-1.0/DT_drawtext.c:205:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
characters = strlen(string);
data/moon-lander-1.0/moon_lander.c:215:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(files[count], filename, NAME_MAX + 1);
ANALYSIS SUMMARY:
Hits = 71
Lines analyzed = 2699 in approximately 0.07 seconds (38091 lines/second)
Physical Source Lines of Code (SLOC) = 1732
Hits@level = [0] 27 [1] 3 [2] 25 [3] 11 [4] 32 [5] 0
Hits@level+ = [0+] 98 [1+] 71 [2+] 68 [3+] 43 [4+] 32 [5+] 0
Hits/KSLOC@level+ = [0+] 56.582 [1+] 40.9931 [2+] 39.261 [3+] 24.8268 [4+] 18.4758 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.