Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/snake4-1.0.14/board.c
Examining data/snake4-1.0.14/board.h
Examining data/snake4-1.0.14/fruit.c
Examining data/snake4-1.0.14/fruit.h
Examining data/snake4-1.0.14/game.c
Examining data/snake4-1.0.14/game.h
Examining data/snake4-1.0.14/gameobject.c
Examining data/snake4-1.0.14/gameobject.h
Examining data/snake4-1.0.14/headbanger.c
Examining data/snake4-1.0.14/headbanger.h
Examining data/snake4-1.0.14/mushroom.c
Examining data/snake4-1.0.14/mushroom.h
Examining data/snake4-1.0.14/score.c
Examining data/snake4-1.0.14/score.h
Examining data/snake4-1.0.14/scull.c
Examining data/snake4-1.0.14/scull.h
Examining data/snake4-1.0.14/slimpill.c
Examining data/snake4-1.0.14/slimpill.h
Examining data/snake4-1.0.14/snake.c
Examining data/snake4-1.0.14/snake.h
Examining data/snake4-1.0.14/snake4.c
Examining data/snake4-1.0.14/suid.c
Examining data/snake4-1.0.14/suid.h
Examining data/snake4-1.0.14/win.c
Examining data/snake4-1.0.14/win.h
FINAL RESULTS:
data/snake4-1.0.14/score.c:68:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret, s);
data/snake4-1.0.14/score.c:434:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, " # %-10.10s %-25.25s %6.6s %3.3s %s",
data/snake4-1.0.14/score.c:463:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "%3d. %-10s %-25.25s %6ld %3d %s", n + 1,
data/snake4-1.0.14/game.h:5:20: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define RANDOM(x) (random() % (x))
data/snake4-1.0.14/game.h:6:23: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define RANDOMIZE(x) (srandom((unsigned) (x)))
data/snake4-1.0.14/score.c:107:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dateTime[20], *rname, *s;
data/snake4-1.0.14/score.c:223:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[100], *uname, *rname, *score, *level, *dateTime;
data/snake4-1.0.14/score.c:239:34: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hs = scoreNewInit(uname, rname, atol(score), atoi(level), dateTime);
data/snake4-1.0.14/score.c:239:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hs = scoreNewInit(uname, rname, atol(score), atoi(level), dateTime);
data/snake4-1.0.14/score.c:248:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[81];
data/snake4-1.0.14/score.c:254:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(line);
data/snake4-1.0.14/score.c:293:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(SCOREFILE, "r")) == NULL)
data/snake4-1.0.14/score.c:334:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(SCOREFILE, "r+")) == NULL) {
data/snake4-1.0.14/score.c:432:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[81];
data/snake4-1.0.14/score.c:442:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[81];
data/snake4-1.0.14/score.c:454:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[81];
data/snake4-1.0.14/score.c:461:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, "%3d.", n + 1);
data/snake4-1.0.14/score.c:488:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[81];
data/snake4-1.0.14/score.c:495:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((merge = fopen(file, "r")) == NULL)
data/snake4-1.0.14/score.c:501:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((orig = fopen(SCOREFILE, "r+")) == NULL) {
data/snake4-1.0.14/score.c:511:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(line);
data/snake4-1.0.14/win.c:190:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[10];
data/snake4-1.0.14/win.c:214:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num, "%d", q + MIN_LEVEL);
data/snake4-1.0.14/win.c:335:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[40];
data/snake4-1.0.14/win.c:337:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "Level: %d", gameLevel);
data/snake4-1.0.14/win.c:344:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[40];
data/snake4-1.0.14/win.c:346:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "Lives: %d", MAX_ROUNDS - gameRound + 1);
data/snake4-1.0.14/win.c:353:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[40];
data/snake4-1.0.14/win.c:355:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "Score:%7ld", gameScore);
data/snake4-1.0.14/win.c:362:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[40];
data/snake4-1.0.14/win.c:364:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "High:%7ld", gameHighscore);
data/snake4-1.0.14/board.c:338:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XDrawString(winDisplay, boardWin, boardGC, x, y, s, strlen(s));
data/snake4-1.0.14/board.c:353:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(scoreGetHeadSepStr()) + 3;
data/snake4-1.0.14/score.c:66:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ret = malloc(strlen(s) + 1)) == NULL)
data/snake4-1.0.14/score.c:227:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (line[strlen(line) - 1] == '\n')
data/snake4-1.0.14/score.c:228:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line) - 1] = '\0';
data/snake4-1.0.14/score.c:280:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(hs->userName) ? hs->userName : "nobody",
data/snake4-1.0.14/score.c:281:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(hs->realName) ? hs->realName : "An Anonymous Gamer",
ANALYSIS SUMMARY:
Hits = 38
Lines analyzed = 3636 in approximately 0.08 seconds (42991 lines/second)
Physical Source Lines of Code (SLOC) = 2709
Hits@level = [0] 9 [1] 7 [2] 26 [3] 2 [4] 3 [5] 0
Hits@level+ = [0+] 47 [1+] 38 [2+] 31 [3+] 5 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 17.3496 [1+] 14.0273 [2+] 11.4433 [3+] 1.8457 [4+] 1.10742 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.