Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/rubiks-20070912/dietz/cu2/config.h
Examining data/rubiks-20070912/dietz/cu2/cu2.cpp
Examining data/rubiks-20070912/dietz/cu2/cu2.h
Examining data/rubiks-20070912/dietz/cu2/main.cpp
Examining data/rubiks-20070912/dietz/mcube/config.h
Examining data/rubiks-20070912/dietz/mcube/main.cpp
Examining data/rubiks-20070912/dietz/mcube/mcube.cpp
Examining data/rubiks-20070912/dietz/mcube/mcube.h
Examining data/rubiks-20070912/dietz/solver/cubex.cpp
Examining data/rubiks-20070912/dietz/solver/cubex.h
Examining data/rubiks-20070912/dietz/solver/loadsave.cpp
Examining data/rubiks-20070912/dietz/solver/main.cpp
Examining data/rubiks-20070912/dietz/solver/loadsave.h
Examining data/rubiks-20070912/dik/cube.c
Examining data/rubiks-20070912/dik/globals.c
Examining data/rubiks-20070912/dik/globals.h
Examining data/rubiks-20070912/dik/longtype.h
Examining data/rubiks-20070912/dik/permcube.c
Examining data/rubiks-20070912/dik/phase1.c
Examining data/rubiks-20070912/dik/phase2.c
Examining data/rubiks-20070912/dik/prntsol.c
Examining data/rubiks-20070912/dik/setcube.c
Examining data/rubiks-20070912/dik/size222.c
Examining data/rubiks-20070912/dik/size333c.c
Examining data/rubiks-20070912/dik/sizedom.c
Examining data/rubiks-20070912/dik/sizekoc1.c
Examining data/rubiks-20070912/dik/sizekoc2.c
Examining data/rubiks-20070912/dik/sizesquare.c
Examining data/rubiks-20070912/dik/trans/choice.c
Examining data/rubiks-20070912/dik/trans/cperm.c
Examining data/rubiks-20070912/dik/trans/eperm.c
Examining data/rubiks-20070912/dik/trans/flip.c
Examining data/rubiks-20070912/dik/trans/sperm.c
Examining data/rubiks-20070912/dik/trans/twist.c
Examining data/rubiks-20070912/dik/rancube.c
Examining data/rubiks-20070912/reid/optimal.c
Examining data/rubiks-20070912/reid/twist.c
FINAL RESULTS:
data/rubiks-20070912/dietz/cu2/main.cpp:286:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL)); // UNremark upon completion
data/rubiks-20070912/dietz/mcube/main.cpp:294:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL)); // UNremark upon completion
data/rubiks-20070912/dietz/solver/main.cpp:113:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/rubiks-20070912/dik/rancube.c:9:5: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom((long)time((time_t *)NULL));
data/rubiks-20070912/dik/rancube.c:12:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
k = random();
data/rubiks-20070912/dietz/cu2/main.cpp:26:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char coltochar[7];
data/rubiks-20070912/dietz/mcube/main.cpp:26:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char coltochar[7];
data/rubiks-20070912/dik/globals.c:3:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char U[3][3], D[3][3], R[3][3], L[3][3], F[3][3], B[3][3];
data/rubiks-20070912/dik/globals.c:4:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cube[3][3][3][2]; /* resp coordinates and number/twist */
data/rubiks-20070912/dik/globals.c:5:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tcube[3][3][3]; /* after phase 1 */
data/rubiks-20070912/dik/globals.c:6:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char moves[MAX_MOVES];
data/rubiks-20070912/dik/globals.h:5:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char U[3][3], D[3][3], L[3][3], R[3][3], F[3][3], B[3][3];
data/rubiks-20070912/dik/globals.h:6:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char cube[3][3][3][2];
data/rubiks-20070912/dik/globals.h:7:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tcube[3][3][3];
data/rubiks-20070912/dik/globals.h:8:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char moves[MAX_MOVES];
data/rubiks-20070912/dik/setcube.c:3:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char corners[8][3][3] = {
data/rubiks-20070912/dik/setcube.c:13:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char edges[12][2][2] = {
data/rubiks-20070912/dik/setcube.c:67:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char corner[3], edge[2];
data/rubiks-20070912/dik/trans/choice.c:8:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char choices_weights[CHOICE_MAGIC];
data/rubiks-20070912/dik/trans/choice.c:12:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char choices_rotate[MAX_CHOICES][MI];
data/rubiks-20070912/dik/trans/cperm.c:8:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cperms_weights[CPERM_MAGIC];
data/rubiks-20070912/dik/trans/cperm.c:12:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cperms_rotate[MAX_CPERMS][MI];
data/rubiks-20070912/dik/trans/eperm.c:8:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char eperms_weights[EPERM_MAGIC];
data/rubiks-20070912/dik/trans/eperm.c:12:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char eperms_rotate[MAX_EPERMS][MI];
data/rubiks-20070912/dik/trans/flip.c:8:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char flips_weights[FLIP_MAGIC];
data/rubiks-20070912/dik/trans/flip.c:12:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char flips_rotate[MAX_FLIPS][MI];
data/rubiks-20070912/dik/trans/sperm.c:8:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sperms_weights[SPERM_MAGIC];
data/rubiks-20070912/dik/trans/sperm.c:12:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sperms_rotate[MAX_SPERMS][MI];
data/rubiks-20070912/dik/trans/twist.c:8:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char twists_weights[TWIST_MAGIC];
data/rubiks-20070912/dik/trans/twist.c:12:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char twists_rotate[MAX_TWISTS][MI];
data/rubiks-20070912/reid/optimal.c:264:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char *sym_x_invsym_to_sym[N_SYM];
data/rubiks-20070912/reid/optimal.c:266:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char *invsym_on_twist_ud[N_SYM];
data/rubiks-20070912/reid/optimal.c:267:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char *invsym_on_twist_rl[N_SYM];
data/rubiks-20070912/reid/optimal.c:268:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char *invsym_on_twist_fb[N_SYM];
data/rubiks-20070912/reid/optimal.c:277:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char *twist_x_edge_to_sym[N_TWIST];
data/rubiks-20070912/reid/optimal.c:284:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char *distance[N_CORNER];
data/rubiks-20070912/reid/optimal.c:841:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char (*mem_ptr)[N_SYM];
data/rubiks-20070912/reid/optimal.c:850:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(unsigned char (*)[N_SYM])malloc(sizeof(unsigned char [N_SYM][N_SYM]));
data/rubiks-20070912/reid/optimal.c:949:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char (*mem_ptr)[N_SYM][N_TWIST];
data/rubiks-20070912/reid/optimal.c:957:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
mem_ptr = (unsigned char (*)[N_SYM][N_TWIST])
data/rubiks-20070912/reid/optimal.c:2808:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
fulledge_to_sym = (unsigned char *)malloc(sizeof(unsigned char [N_FULLEDGE]));
data/rubiks-20070912/reid/optimal.c:2895:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(unsigned char *)malloc(sizeof(unsigned char [N_TWIST][N_EDGEQUOT]));
data/rubiks-20070912/reid/optimal.c:3433:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
distance[0] = (unsigned char *)malloc(sizeof(unsigned char [N_DIST_CHARS]));
data/rubiks-20070912/reid/optimal.c:3539:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char edge_str[12][3], corner_str[8][4];
data/rubiks-20070912/reid/optimal.c:3671:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line_str[256];
data/rubiks-20070912/reid/twist.c:523:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line_str[2][MAX_INPUT_LENGTH], tw_str[3];
data/rubiks-20070912/dietz/cu2/main.cpp:82:5: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(stdin);
data/rubiks-20070912/dietz/cu2/main.cpp:356:3: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(stdin);
data/rubiks-20070912/dietz/mcube/main.cpp:82:5: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(stdin);
data/rubiks-20070912/dietz/mcube/main.cpp:368:3: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(stdin);
data/rubiks-20070912/dik/cube.c:178:16: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c = getchar()) != EOF) {
data/rubiks-20070912/dik/cube.c:273:16: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c = getchar()) != '\n') {
data/rubiks-20070912/dik/cube.c:288:6: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = getchar();
data/rubiks-20070912/reid/optimal.c:3546:5: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(string, "%2s %2s %2s %2s %2s %2s %2s %2s %2s %2s %2s %2s %3s %3s %3s %3s %3s %3s %3s %3s",
data/rubiks-20070912/reid/twist.c:539:13: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
num = sscanf(line_str[ii], "%2s%[^\n]", tw_str, line_str[1 - ii]);
ANALYSIS SUMMARY:
Hits = 55
Lines analyzed = 17461 in approximately 0.54 seconds (32341 lines/second)
Physical Source Lines of Code (SLOC) = 14659
Hits@level = [0] 372 [1] 9 [2] 41 [3] 5 [4] 0 [5] 0
Hits@level+ = [0+] 427 [1+] 55 [2+] 46 [3+] 5 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 29.1289 [1+] 3.75196 [2+] 3.138 [3+] 0.341087 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.