Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/xmille-2.0/control/co_class.h
Examining data/xmille-2.0/control/control.h
Examining data/xmille-2.0/control/init.c
Examining data/xmille-2.0/control/scrollbar.c
Examining data/xmille-2.0/control/affirm.c
Examining data/xmille-2.0/control/prompted.c
Examining data/xmille-2.0/control/dispatch.c
Examining data/xmille-2.0/control/button.c
Examining data/xmille-2.0/background.h
Examining data/xmille-2.0/card.h
Examining data/xmille-2.0/comp.c
Examining data/xmille-2.0/color.h
Examining data/xmille-2.0/init.c
Examining data/xmille-2.0/mille.h
Examining data/xmille-2.0/end.c
Examining data/xmille-2.0/print.c
Examining data/xmille-2.0/types.c
Examining data/xmille-2.0/ui.h
Examining data/xmille-2.0/cards/display.c
Examining data/xmille-2.0/cards/color.h
Examining data/xmille-2.0/cards/go.c
Examining data/xmille-2.0/cards/stop.c
Examining data/xmille-2.0/cards/background.h
Examining data/xmille-2.0/cards/right.c
Examining data/xmille-2.0/cards/speed.c
Examining data/xmille-2.0/cards/end.c
Examining data/xmille-2.0/cards/flat.c
Examining data/xmille-2.0/cards/accident.c
Examining data/xmille-2.0/cards/repairs.c
Examining data/xmille-2.0/cards/blank.c
Examining data/xmille-2.0/cards/ace.c
Examining data/xmille-2.0/cards/spare.c
Examining data/xmille-2.0/cards/puncture.c
Examining data/xmille-2.0/cards/out.h
Examining data/xmille-2.0/cards/gas.c
Examining data/xmille-2.0/cards/out.c
Examining data/xmille-2.0/cards/extra.c
Examining data/xmille-2.0/cards/25.c
Examining data/xmille-2.0/cards/50.c
Examining data/xmille-2.0/cards/75.c
Examining data/xmille-2.0/cards/100.c
Examining data/xmille-2.0/cards/200.c
Examining data/xmille-2.0/cards/deck.c
Examining data/xmille-2.0/save.c
Examining data/xmille-2.0/varpush.c
Examining data/xmille-2.0/ui.c
Examining data/xmille-2.0/roll.c
Examining data/xmille-2.0/move.c
Examining data/xmille-2.0/misc.c
Examining data/xmille-2.0/extern.c
Examining data/xmille-2.0/animate.c
Examining data/xmille-2.0/mille.c
Examining data/xmille-2.0/drawcard.c
FINAL RESULTS:
data/xmille-2.0/move.c:331:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (buf, format, arg);
data/xmille-2.0/move.c:339:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (buf, format, arg);
data/xmille-2.0/save.c:101:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Initstr, "%s [%s]\n", file, buf);
data/xmille-2.0/ui.c:113:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (buf, string, arg);
data/xmille-2.0/ui.c:672:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (buffer, Score_fmt, pp->mileage);
data/xmille-2.0/ui.c:674:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (buffer, Score_fmt, pp->safescore);
data/xmille-2.0/ui.c:680:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (buffer, Score_fmt, pp->coupscore);
data/xmille-2.0/ui.c:690:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (buffer, Score_fmt, pp->hand_tot);
data/xmille-2.0/ui.c:692:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (buffer, Score_fmt, pp->total);
data/xmille-2.0/ui.c:694:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (buffer, Score_fmt, pp->games);
data/xmille-2.0/mille.c:57:2: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(getpid());
data/xmille-2.0/mille.c:59:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(getpid());
data/xmille-2.0/mille.c:62:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(0);
data/xmille-2.0/roll.c:27:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
tot += random() % nsides + 1;
data/xmille-2.0/control/prompted.c:37:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char returnbuffer[256];
data/xmille-2.0/control/prompted.c:144:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[20], *pbuf;
data/xmille-2.0/mille.c:14:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _sobuf[BUFSIZ];
data/xmille-2.0/mille.c:26:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outf = fopen("q", "w");
data/xmille-2.0/move.c:329:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[512];
data/xmille-2.0/move.c:337:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[512];
data/xmille-2.0/save.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/xmille-2.0/save.c:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/xmille-2.0/save.c:84:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((inf = open(file, 0)) < 0) {
data/xmille-2.0/ui.c:30:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Initstr[100]; /* initial string for error field */
data/xmille-2.0/ui.c:31:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *_cn[NUM_CARDS] = { /* Card name buffer */
data/xmille-2.0/ui.c:81:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[512];
data/xmille-2.0/ui.c:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/xmille-2.0/ui.c:211:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[512];
data/xmille-2.0/ui.c:213:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "Cards: %3d ", numberLeft);
data/xmille-2.0/ui.c:357:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[20];
data/xmille-2.0/ui.c:374:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "%d", i);
data/xmille-2.0/ui.c:666:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[512];
data/xmille-2.0/varpush.c:45:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/xmille-2.0/varpush.c:50:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((outf = fopen(buf, "w")) == NULL) {
data/xmille-2.0/control/affirm.c:55:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
label_w = XTextWidth(co_font, label, strlen(label));
data/xmille-2.0/control/affirm.c:122:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
label, strlen (label));
data/xmille-2.0/control/button.c:63:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
twidth = XTextWidth (font, text, strlen(text));
data/xmille-2.0/control/button.c:239:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XDrawImageString (dpy, w, gc, b->x, b->y, b->text, strlen (b->text));
data/xmille-2.0/control/prompted.c:68:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
label_w = XTextWidth(co_font, label, strlen(label));
data/xmille-2.0/control/prompted.c:136:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XDrawImageString (dpy, prompted, co_fore_gc, label_x, LABEL_Y, label, strlen (label));
data/xmille-2.0/control/prompted.c:198:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return XTextWidth (co_font, string, strlen(string));
data/xmille-2.0/control/prompted.c:218:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XDrawImageString (dpy, textbox, my, 0, TEXTBOX_VP, string, strlen(string));
data/xmille-2.0/save.c:21:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(), write();
data/xmille-2.0/save.c:41:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, Fromfile,sizeof(buf));
data/xmille-2.0/save.c:43:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf, GetpromptedInput ("file: "), sizeof(buf));
data/xmille-2.0/save.c:44:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp = buf + strlen (buf);
data/xmille-2.0/save.c:62:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, ctime(tp), sizeof(buf));
data/xmille-2.0/save.c:92:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
varpush(inf, read);
data/xmille-2.0/save.c:94:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, ctime(&sbuf.st_mtime),sizeof(buf));
data/xmille-2.0/ui.c:84:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (orig);
data/xmille-2.0/ui.c:91:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf, orig, len);
data/xmille-2.0/ui.c:104:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string, strlen(string));
data/xmille-2.0/ui.c:117:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
o, strlen(o));
data/xmille-2.0/ui.c:127:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string, strlen(string));
data/xmille-2.0/ui.c:215:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer, strlen (buffer));
data/xmille-2.0/ui.c:380:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width = XTextWidth (font, buffer, strlen(buffer));
data/xmille-2.0/ui.c:382:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
y1, buffer, strlen(buffer));
data/xmille-2.0/ui.c:385:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
y2, buffer, strlen(buffer));
data/xmille-2.0/ui.c:657:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SCORE_Y + SCORE_H * (line + 1), text, strlen (text));
data/xmille-2.0/varpush.c:9:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(), write();
data/xmille-2.0/varpush.c:13:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(buf);
data/xmille-2.0/varpush.c:41:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (func == read) {
data/xmille-2.0/varpush.c:42:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(file, &temp, sizeof temp);
ANALYSIS SUMMARY:
Hits = 63
Lines analyzed = 5178 in approximately 0.14 seconds (35867 lines/second)
Physical Source Lines of Code (SLOC) = 4392
Hits@level = [0] 26 [1] 29 [2] 20 [3] 4 [4] 10 [5] 0
Hits@level+ = [0+] 89 [1+] 63 [2+] 34 [3+] 14 [4+] 10 [5+] 0
Hits/KSLOC@level+ = [0+] 20.2641 [1+] 14.3443 [2+] 7.74135 [3+] 3.18761 [4+] 2.27687 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.