Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/rafkill-1.2.2/src/animation.cpp
Examining data/rafkill-1.2.2/src/booster.cpp
Examining data/rafkill-1.2.2/src/config.cpp
Examining data/rafkill-1.2.2/src/ebox.cpp
Examining data/rafkill-1.2.2/src/explode.cpp
Examining data/rafkill-1.2.2/src/explode_animate.cpp
Examining data/rafkill-1.2.2/src/fader.cpp
Examining data/rafkill-1.2.2/src/font.cpp
Examining data/rafkill-1.2.2/src/group.cpp
Examining data/rafkill-1.2.2/src/gunobj.cpp
Examining data/rafkill-1.2.2/src/init.cpp
Examining data/rafkill-1.2.2/src/keyboard.cpp
Examining data/rafkill-1.2.2/src/level.cpp
Examining data/rafkill-1.2.2/src/loading_screen.cpp
Examining data/rafkill-1.2.2/src/logic.cpp
Examining data/rafkill-1.2.2/src/main.cpp
Examining data/rafkill-1.2.2/src/move.cpp
Examining data/rafkill-1.2.2/src/move_find.cpp
Examining data/rafkill-1.2.2/src/music.cpp
Examining data/rafkill-1.2.2/src/pck.cpp
Examining data/rafkill-1.2.2/src/playerobj.cpp
Examining data/rafkill-1.2.2/src/rfield.cpp
Examining data/rafkill-1.2.2/src/rfont.cpp
Examining data/rafkill-1.2.2/src/rgbhandle.cpp
Examining data/rafkill-1.2.2/src/rmenu.cpp
Examining data/rafkill-1.2.2/src/rmenu_animation.cpp
Examining data/rafkill-1.2.2/src/section.cpp
Examining data/rafkill-1.2.2/src/shipobj.cpp
Examining data/rafkill-1.2.2/src/strings.cpp
Examining data/rafkill-1.2.2/src/timedifference.cpp
Examining data/rafkill-1.2.2/src/trigger.cpp
Examining data/rafkill-1.2.2/src/trigtable.cpp
Examining data/rafkill-1.2.2/src/weaponobj.cpp
Examining data/rafkill-1.2.2/src/weapons/weapon_angle.cpp
Examining data/rafkill-1.2.2/src/weapons/weapon_beam.cpp
Examining data/rafkill-1.2.2/src/weapons/weapon_bounce.cpp
Examining data/rafkill-1.2.2/src/weapons/weapon_chain.cpp
Examining data/rafkill-1.2.2/src/weapons/weapon_damage.cpp
Examining data/rafkill-1.2.2/src/weapons/weapon_emissle.cpp
Examining data/rafkill-1.2.2/src/weapons/weapon_laser.cpp
Examining data/rafkill-1.2.2/src/weapons/weapon_massive.cpp
Examining data/rafkill-1.2.2/src/weapons/weapon_only_damage.cpp
Examining data/rafkill-1.2.2/src/weapons/weapon_pulse.cpp
Examining data/rafkill-1.2.2/src/weapons/weapon_rocket.cpp
Examining data/rafkill-1.2.2/src/weapons/weapon_rotate.cpp
Examining data/rafkill-1.2.2/src/weapons/weapon_stick.cpp
Examining data/rafkill-1.2.2/src/weapons/weapon_yehat.cpp
Examining data/rafkill-1.2.2/src/weapons/weapon_angle.h
Examining data/rafkill-1.2.2/src/weapons/weapon_beam.h
Examining data/rafkill-1.2.2/src/weapons/weapon_bounce.h
Examining data/rafkill-1.2.2/src/weapons/weapon_chain.h
Examining data/rafkill-1.2.2/src/weapons/weapon_damage.h
Examining data/rafkill-1.2.2/src/weapons/weapon_emissle.h
Examining data/rafkill-1.2.2/src/weapons/weapon_follow.h
Examining data/rafkill-1.2.2/src/weapons/weapon_laser.h
Examining data/rafkill-1.2.2/src/weapons/weapon_massive.h
Examining data/rafkill-1.2.2/src/weapons/weapon_only_damage.h
Examining data/rafkill-1.2.2/src/weapons/weapon_pulse.h
Examining data/rafkill-1.2.2/src/weapons/weapon_rocket.h
Examining data/rafkill-1.2.2/src/weapons/weapon_rotate.h
Examining data/rafkill-1.2.2/src/weapons/weapon_stick.h
Examining data/rafkill-1.2.2/src/weapons/weapon_yehat.h
Examining data/rafkill-1.2.2/src/weapons/weapon_shatter.cpp
Examining data/rafkill-1.2.2/src/weapons/weapon_shatter.h
Examining data/rafkill-1.2.2/src/weapons/weapon_follow.cpp
Examining data/rafkill-1.2.2/src/guns/gun_angle.cpp
Examining data/rafkill-1.2.2/src/guns/gun_arc.cpp
Examining data/rafkill-1.2.2/src/guns/gun_beam.cpp
Examining data/rafkill-1.2.2/src/guns/gun_chain.cpp
Examining data/rafkill-1.2.2/src/guns/gun_destruct.cpp
Examining data/rafkill-1.2.2/src/guns/gun_ecork.cpp
Examining data/rafkill-1.2.2/src/guns/gun_edfstraight.cpp
Examining data/rafkill-1.2.2/src/guns/gun_ednstraight.cpp
Examining data/rafkill-1.2.2/src/guns/gun_eflarge.cpp
Examining data/rafkill-1.2.2/src/guns/gun_efmsingle.cpp
Examining data/rafkill-1.2.2/src/guns/gun_efsingle.cpp
Examining data/rafkill-1.2.2/src/guns/gun_elarge.cpp
Examining data/rafkill-1.2.2/src/guns/gun_emissle.cpp
Examining data/rafkill-1.2.2/src/guns/gun_emlight.cpp
Examining data/rafkill-1.2.2/src/guns/gun_eside.cpp
Examining data/rafkill-1.2.2/src/guns/gun_estraight.cpp
Examining data/rafkill-1.2.2/src/guns/gun_etwirl.cpp
Examining data/rafkill-1.2.2/src/guns/gun_etwirl_find.cpp
Examining data/rafkill-1.2.2/src/guns/gun_etwirl_machine.cpp
Examining data/rafkill-1.2.2/src/guns/gun_fire.cpp
Examining data/rafkill-1.2.2/src/guns/gun_follow.cpp
Examining data/rafkill-1.2.2/src/guns/gun_laser.cpp
Examining data/rafkill-1.2.2/src/guns/gun_machine.cpp
Examining data/rafkill-1.2.2/src/guns/gun_massive.cpp
Examining data/rafkill-1.2.2/src/guns/gun_minimissle.cpp
Examining data/rafkill-1.2.2/src/guns/gun_missle.cpp
Examining data/rafkill-1.2.2/src/guns/gun_pulse.cpp
Examining data/rafkill-1.2.2/src/guns/gun_rotate.cpp
Examining data/rafkill-1.2.2/src/guns/gun_shatter.cpp
Examining data/rafkill-1.2.2/src/guns/gun_spread.cpp
Examining data/rafkill-1.2.2/src/guns/gun_stick.cpp
Examining data/rafkill-1.2.2/src/guns/gun_swirl.cpp
Examining data/rafkill-1.2.2/src/guns/gun_tractor_beam.cpp
Examining data/rafkill-1.2.2/src/guns/gun_yehat.cpp
Examining data/rafkill-1.2.2/src/guns/gun_angle.h
Examining data/rafkill-1.2.2/src/guns/gun_arc.h
Examining data/rafkill-1.2.2/src/guns/gun_beam.h
Examining data/rafkill-1.2.2/src/guns/gun_chain.h
Examining data/rafkill-1.2.2/src/guns/gun_destruct.h
Examining data/rafkill-1.2.2/src/guns/gun_ecork.h
Examining data/rafkill-1.2.2/src/guns/gun_edfstraight.h
Examining data/rafkill-1.2.2/src/guns/gun_ednstraight.h
Examining data/rafkill-1.2.2/src/guns/gun_eflarge.h
Examining data/rafkill-1.2.2/src/guns/gun_efmsingle.h
Examining data/rafkill-1.2.2/src/guns/gun_efsingle.h
Examining data/rafkill-1.2.2/src/guns/gun_elarge.h
Examining data/rafkill-1.2.2/src/guns/gun_emissle.h
Examining data/rafkill-1.2.2/src/guns/gun_emlight.h
Examining data/rafkill-1.2.2/src/guns/gun_eside.h
Examining data/rafkill-1.2.2/src/guns/gun_estraight.h
Examining data/rafkill-1.2.2/src/guns/gun_etwirl.h
Examining data/rafkill-1.2.2/src/guns/gun_etwirl_find.h
Examining data/rafkill-1.2.2/src/guns/gun_etwirl_machine.h
Examining data/rafkill-1.2.2/src/guns/gun_findgun.h
Examining data/rafkill-1.2.2/src/guns/gun_fire.h
Examining data/rafkill-1.2.2/src/guns/gun_follow.h
Examining data/rafkill-1.2.2/src/guns/gun_laser.h
Examining data/rafkill-1.2.2/src/guns/gun_machine.h
Examining data/rafkill-1.2.2/src/guns/gun_machine_circle.h
Examining data/rafkill-1.2.2/src/guns/gun_massive.h
Examining data/rafkill-1.2.2/src/guns/gun_minimissle.h
Examining data/rafkill-1.2.2/src/guns/gun_missle.h
Examining data/rafkill-1.2.2/src/guns/gun_pulse.h
Examining data/rafkill-1.2.2/src/guns/gun_rotate.h
Examining data/rafkill-1.2.2/src/guns/gun_saber.h
Examining data/rafkill-1.2.2/src/guns/gun_shatter.h
Examining data/rafkill-1.2.2/src/guns/gun_spread.h
Examining data/rafkill-1.2.2/src/guns/gun_stick.h
Examining data/rafkill-1.2.2/src/guns/gun_swirl.h
Examining data/rafkill-1.2.2/src/guns/gun_tractor_beam.h
Examining data/rafkill-1.2.2/src/guns/gun_yehat.h
Examining data/rafkill-1.2.2/src/guns/gun_findgun.cpp
Examining data/rafkill-1.2.2/src/guns/gun_machine_circle.cpp
Examining data/rafkill-1.2.2/src/guns/gun_saber.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_animation.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_meteor.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_num_show.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_player.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_protect.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_rotate.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_ship_destruct.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_ship_shield.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_angle.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_arc.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_bomb.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_chain.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_cork.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_dissipate.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_emissle.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_explode.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_fire.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_firetrail.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_follow.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_laser.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_light.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_machine.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_massive.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_mini.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_pulse_large.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_pulse_nova.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_pulse_small.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_rocket_heavy.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_rocket_normal.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_rotate.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_s_l.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_s_s.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_saber.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_spread.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_tractor_beam.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_twirl.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_yehat.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_animation.h
Examining data/rafkill-1.2.2/src/hulls/hull_meteor.h
Examining data/rafkill-1.2.2/src/hulls/hull_num_show.h
Examining data/rafkill-1.2.2/src/hulls/hull_player.h
Examining data/rafkill-1.2.2/src/hulls/hull_protect.h
Examining data/rafkill-1.2.2/src/hulls/hull_rotate.h
Examining data/rafkill-1.2.2/src/hulls/hull_ship_destruct.h
Examining data/rafkill-1.2.2/src/hulls/hull_ship_shield.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_angle.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_arc.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_beam.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_bomb.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_chain.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_cork.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_dissipate.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_emissle.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_explode.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_fire.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_firetrail.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_follow.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_laser.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_light.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_machine.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_massive.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_mini.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_pulse_large.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_pulse_nova.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_pulse_small.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_rocket_heavy.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_rocket_normal.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_rotate.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_s_l.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_s_s.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_saber.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_shatter.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_spread.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_tractor_beam.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_twirl.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_yehat.h
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_shatter.cpp
Examining data/rafkill-1.2.2/src/hulls/hull_weapon_beam.cpp
Examining data/rafkill-1.2.2/src/animation.h
Examining data/rafkill-1.2.2/src/bitmap.h
Examining data/rafkill-1.2.2/src/booster.h
Examining data/rafkill-1.2.2/src/config.h
Examining data/rafkill-1.2.2/src/defs.h
Examining data/rafkill-1.2.2/src/drawer.h
Examining data/rafkill-1.2.2/src/ebox.h
Examining data/rafkill-1.2.2/src/explode.h
Examining data/rafkill-1.2.2/src/explode_animate.h
Examining data/rafkill-1.2.2/src/fader.h
Examining data/rafkill-1.2.2/src/font.h
Examining data/rafkill-1.2.2/src/group.h
Examining data/rafkill-1.2.2/src/gunobj.h
Examining data/rafkill-1.2.2/src/init.h
Examining data/rafkill-1.2.2/src/keyboard.h
Examining data/rafkill-1.2.2/src/level.h
Examining data/rafkill-1.2.2/src/loadsave.h
Examining data/rafkill-1.2.2/src/loading_screen.h
Examining data/rafkill-1.2.2/src/logic.h
Examining data/rafkill-1.2.2/src/main.h
Examining data/rafkill-1.2.2/src/menu.h
Examining data/rafkill-1.2.2/src/move.h
Examining data/rafkill-1.2.2/src/move_find.h
Examining data/rafkill-1.2.2/src/music.h
Examining data/rafkill-1.2.2/src/pck.h
Examining data/rafkill-1.2.2/src/playerobj.h
Examining data/rafkill-1.2.2/src/raptor.h
Examining data/rafkill-1.2.2/src/rfield.h
Examining data/rafkill-1.2.2/src/rfont.h
Examining data/rafkill-1.2.2/src/rgbhandle.h
Examining data/rafkill-1.2.2/src/rmenu.h
Examining data/rafkill-1.2.2/src/rmenu_animation.h
Examining data/rafkill-1.2.2/src/section.h
Examining data/rafkill-1.2.2/src/shipobj.h
Examining data/rafkill-1.2.2/src/strings.h
Examining data/rafkill-1.2.2/src/system.h
Examining data/rafkill-1.2.2/src/timedifference.h
Examining data/rafkill-1.2.2/src/trigger.h
Examining data/rafkill-1.2.2/src/trigtable.h
Examining data/rafkill-1.2.2/src/weaponobj.h
Examining data/rafkill-1.2.2/src/fonts.h
Examining data/rafkill-1.2.2/src/sound.h
Examining data/rafkill-1.2.2/src/wormhole.h
Examining data/rafkill-1.2.2/src/raptor.cpp
Examining data/rafkill-1.2.2/src/defs.cpp
Examining data/rafkill-1.2.2/src/hull.cpp
Examining data/rafkill-1.2.2/src/hull.h
Examining data/rafkill-1.2.2/src/spaceobj.cpp
Examining data/rafkill-1.2.2/src/spaceobj.h
Examining data/rafkill-1.2.2/src/bitmap.cpp
Examining data/rafkill-1.2.2/src/menu.cpp
Examining data/rafkill-1.2.2/src/drawer.cpp
Examining data/rafkill-1.2.2/src/loadsave.cpp
Examining data/rafkill-1.2.2/src/system.cpp
Examining data/rafkill-1.2.2/data/raptor.h
Examining data/rafkill-1.2.2/data/sound.h
FINAL RESULTS:
data/rafkill-1.2.2/src/bitmap.cpp:529:14: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void Bitmap::printf( int x, int y, int color, FONT * f, const char * str, ... ) const{
data/rafkill-1.2.2/src/bitmap.cpp:541:14: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void Bitmap::printf( int x, int y, int color, Font * f, const char * str, ... ) const{
data/rafkill-1.2.2/src/bitmap.cpp:553:14: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void Bitmap::printf( int x, int y, int color, Font * f, const string & str ) const{
data/rafkill-1.2.2/src/bitmap.cpp:554:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( x, y, color, f, str.c_str() );
data/rafkill-1.2.2/src/bitmap.h:81:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void printf( int x, int y, int color, FONT * f, const char * str, ... ) const;
data/rafkill-1.2.2/src/bitmap.h:82:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void printf( int x, int y, int color, Font * f, const char * str, ... ) const;
data/rafkill-1.2.2/src/bitmap.h:83:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void printf( int x, int y, int color, Font * f, const string & str ) const;
data/rafkill-1.2.2/src/config.cpp:56:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( buf, "%s = %d", bname, &key );
data/rafkill-1.2.2/src/defs.cpp:303:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( buffer, (getInstallDirectory() + "data").c_str() );
data/rafkill-1.2.2/src/defs.cpp:305:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( buffer, file );
data/rafkill-1.2.2/src/drawer.cpp:113:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
work->printf( view_port + 11, GRAPHICS_Y - font.getHeight() - 2 + Y_BLIT_OFFSET, Bitmap::makeColor(255,128,0), &font, temp );
data/rafkill-1.2.2/src/drawer.cpp:134:10: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
work->printf( sx+view_port, sy+Y_BLIT_OFFSET, col, &font, "%c", temp[q] );
data/rafkill-1.2.2/src/hulls/hull_num_show.cpp:40:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
mock->printf( 0, 0, shade[col], &font, "%d", spc );
data/rafkill-1.2.2/src/loading_screen.cpp:66:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
Bitmap::Screen->printf( 300, 220, color, &font, "Loading" );
data/rafkill-1.2.2/src/loadsave.cpp:316:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( wname, weapon_begin );
data/rafkill-1.2.2/src/loadsave.cpp:324:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( wd->name, wname );
data/rafkill-1.2.2/src/menu.cpp:392:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( sub2, "%s: %d", legal[z]->GetName(), legal[z]->Worth() );
data/rafkill-1.2.2/src/menu.cpp:616:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf, "%s/.rafkill%d.rap", System::getHomeDirectory().c_str(), number+1 );
data/rafkill-1.2.2/src/menu.cpp:628:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( temp, "Slot %d %s", number+1, xbuf );
data/rafkill-1.2.2/src/raptor.cpp:147:10: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
work.printf( 100, y_begin + q * 30, color, normalFont, creds[q] );
data/rafkill-1.2.2/src/raptor.cpp:230:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( temp, "Slot %d %s", q+1, xbuf );
data/rafkill-1.2.2/src/raptor.cpp:275:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
work.printf( 10, 10, Bitmap::makeColor( 200, 64, 23 ), normalFont, "Press a key" );
data/rafkill-1.2.2/src/raptor.cpp:676:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
text.printf( 0, 0, Bitmap::makeColor(255,255,255), &font, "YOU DIED" );
data/rafkill-1.2.2/src/raptor.cpp:762:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
work.printf( 320 - font.textLength( "Paused" ) / 2, 240 - 10, Bitmap::makeColor(255,128,0), &font, "Paused" );
data/rafkill-1.2.2/src/rfield.cpp:111:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
work.printf( x, y, col, this->field_font, this->handle );
data/rafkill-1.2.2/src/init.cpp:15:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand( time( NULL ) );
data/rafkill-1.2.2/src/bitmap.cpp:531:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/rafkill-1.2.2/src/bitmap.cpp:543:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/rafkill-1.2.2/src/bitmap.cpp:559:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/rafkill-1.2.2/src/config.cpp:43:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * config = fopen( getConfigFile().c_str(), "rb" );
data/rafkill-1.2.2/src/config.cpp:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 1024 ];
data/rafkill-1.2.2/src/config.cpp:54:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bname[ 1024 ];
data/rafkill-1.2.2/src/defs.cpp:187:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[ 4096 ];
data/rafkill-1.2.2/src/drawer.cpp:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[ 64 ];
data/rafkill-1.2.2/src/drawer.cpp:110:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( temp, "Score %d", score );
data/rafkill-1.2.2/src/drawer.cpp:124:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[ 64 ];
data/rafkill-1.2.2/src/hulls/hull_num_show.cpp:24:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fx[ 128 ];
data/rafkill-1.2.2/src/hulls/hull_num_show.cpp:25:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( fx, "%d", spc );
data/rafkill-1.2.2/src/hulls/hull_num_show.cpp:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fx[ 128 ];
data/rafkill-1.2.2/src/hulls/hull_num_show.cpp:34:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( fx, "%d", spc );
data/rafkill-1.2.2/src/level.cpp:423:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fv = fopen( file_name, "rb" );
data/rafkill-1.2.2/src/level.cpp:696:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char final_file[ 4096 ];
data/rafkill-1.2.2/src/loadsave.cpp:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[ 2048 + 64 ];
data/rafkill-1.2.2/src/loadsave.cpp:84:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pow[ 10 ];
data/rafkill-1.2.2/src/loadsave.cpp:95:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pow[ 10 ];
data/rafkill-1.2.2/src/loadsave.cpp:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char final[ 1024 ];
data/rafkill-1.2.2/src/loadsave.cpp:105:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fv = fopen( filename, "wb" );
data/rafkill-1.2.2/src/loadsave.cpp:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ 128 ];
data/rafkill-1.2.2/src/loadsave.cpp:254:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[ 2048 + 64 ];
data/rafkill-1.2.2/src/loadsave.cpp:256:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fv = fopen( filename, "rb" );
data/rafkill-1.2.2/src/loadsave.cpp:266:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char final[ size+1 ];
data/rafkill-1.2.2/src/loadsave.cpp:315:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wname[ 128 ];
data/rafkill-1.2.2/src/menu.cpp:342:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char power[ 64 ];
data/rafkill-1.2.2/src/menu.cpp:346:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[ 128 ];
data/rafkill-1.2.2/src/menu.cpp:391:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sub2[ 256 ];
data/rafkill-1.2.2/src/menu.cpp:438:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sub2[ 256 ];
data/rafkill-1.2.2/src/menu.cpp:530:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[ 128 ];
data/rafkill-1.2.2/src/menu.cpp:615:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 2048 + 64 ];
data/rafkill-1.2.2/src/menu.cpp:617:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fv = fopen( buf, "rb" );
data/rafkill-1.2.2/src/menu.cpp:619:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( temp, "Slot %d Empty", number+1 );
data/rafkill-1.2.2/src/menu.cpp:626:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xbuf[ 128 ];
data/rafkill-1.2.2/src/menu.cpp:663:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buyMenuFile[ 4096 ];
data/rafkill-1.2.2/src/pck.cpp:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[ 4096 ];
data/rafkill-1.2.2/src/pck.cpp:78:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fv = fopen( sf, "rb" );
data/rafkill-1.2.2/src/pck.cpp:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileNameCol[ 4096 ];
data/rafkill-1.2.2/src/pck.cpp:137:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fv = fopen( fileNameCol, "rb" );
data/rafkill-1.2.2/src/pck.cpp:141:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fv = fopen( fileNameCol, "wb" );
data/rafkill-1.2.2/src/pck.cpp:154:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fv = fopen( "table.col", "rb" );
data/rafkill-1.2.2/src/pck.cpp:164:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char storage[ size+1 ];
data/rafkill-1.2.2/src/raptor.cpp:221:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[ 2048 + 64 ];
data/rafkill-1.2.2/src/raptor.cpp:227:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xbuf[ 128 ];
data/rafkill-1.2.2/src/raptor.cpp:299:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char backgroundFile[ 4096 ];
data/rafkill-1.2.2/src/raptor.cpp:372:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char soundNum[ 64 ];
data/rafkill-1.2.2/src/raptor.cpp:373:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char musicNum[ 64 ];
data/rafkill-1.2.2/src/raptor.cpp:379:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( soundNum, "Sound volume %d", (int)(Util::sound_vol * 100 ));
data/rafkill-1.2.2/src/raptor.cpp:382:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( musicNum, "Music volume %d", (int)(Music::getVolume() * 100) );
data/rafkill-1.2.2/src/raptor.cpp:430:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[ 64 ];
data/rafkill-1.2.2/src/raptor.cpp:777:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_level[ 64 ];
data/rafkill-1.2.2/src/raptor.cpp:778:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( file_level, "level%d.lev", player->getLevel() );
data/rafkill-1.2.2/src/raptor.cpp:926:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gameSpeed = atoi( &argv[q][2] );
data/rafkill-1.2.2/src/raptor.cpp:945:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char musicPath[ 1024 ];
data/rafkill-1.2.2/src/rfont.cpp:83:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fv = fopen( fname, "rb" );
data/rafkill-1.2.2/src/rgbhandle.cpp:18:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char * want[ 3 ];
data/rafkill-1.2.2/src/drawer.cpp:128:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( unsigned int q = 0; q < strlen( temp ); q++ ) {
data/rafkill-1.2.2/src/loadsave.cpp:107:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite( final, sizeof(char), strlen(final), fv );
data/rafkill-1.2.2/src/raptor.cpp:924:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if ( strlen( argv[q] ) > 2 ){
ANALYSIS SUMMARY:
Hits = 86
Lines analyzed = 22087 in approximately 0.51 seconds (43622 lines/second)
Physical Source Lines of Code (SLOC) = 13809
Hits@level = [0] 43 [1] 3 [2] 57 [3] 1 [4] 25 [5] 0
Hits@level+ = [0+] 129 [1+] 86 [2+] 83 [3+] 26 [4+] 25 [5+] 0
Hits/KSLOC@level+ = [0+] 9.34173 [1+] 6.22782 [2+] 6.01057 [3+] 1.88283 [4+] 1.81041 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.