Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/xvier-1.0/patchlevel.h
Examining data/xvier-1.0/vier.c
Examining data/xvier-1.0/vier.h
Examining data/xvier-1.0/xvier.c
Examining data/xvier-1.0/xvier.h
Examining data/xvier-1.0/vierinit.c
FINAL RESULTS:
data/xvier-1.0/xvier.c:482:5: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(progname, av);
data/xvier-1.0/xvier.c:589:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(yellowmovestring, "%s to move", playercolor[0]);
data/xvier-1.0/xvier.c:590:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(redmovestring, "%s to move", playercolor[1]);
data/xvier-1.0/vier.c:487:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((int) time(NULL));
data/xvier-1.0/vier.c:474:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch, buf[10];
data/xvier-1.0/vier.c:478:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(rows = atoi(argv[1])) < 4 || rows > MAXRC ||
data/xvier-1.0/vier.c:479:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(columns = atoi(argv[2])) < 4 || columns > MAXRC) {
data/xvier-1.0/vier.c:484:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%dR%dC", rows, columns);
data/xvier-1.0/xvier.c:71:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *playercolor[2], levelnumstring[2] = "0",
data/xvier-1.0/xvier.c:378:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[10], **fontnames, *av[4], row_string[3], column_string[3];
data/xvier-1.0/xvier.c:408:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((rows = atoi(argv[i])) < 4 || rows > MAXRC)
data/xvier-1.0/xvier.c:415:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((columns = atoi(argv[i])) < 4 || columns > MAXRC)
data/xvier-1.0/xvier.c:426:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
level = atoi(argv[i]);
data/xvier-1.0/xvier.c:476:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(row_string, "%d", rows);
data/xvier-1.0/xvier.c:477:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(column_string, "%d", columns);
data/xvier-1.0/xvier.c:531:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char defaultstring[10];
data/xvier-1.0/xvier.c:533:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(defaultstring, "%dx%d", DEFAULTWIDTH, DEFAULTHEIGHT);
data/xvier-1.0/vier.c:30:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(0, ch, 1) < 1) {
data/xvier-1.0/xvier.c:160:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
messagestring[newindex], strlen(messagestring[newindex]));
data/xvier-1.0/xvier.c:275:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(messagestring[j]), &d1, &d2, &d3, &tmpsize);
data/xvier-1.0/xvier.c:293:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XTextExtents(fontstructarray[i], playercolor[0], strlen(playercolor[0]),
data/xvier-1.0/xvier.c:297:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XTextExtents(fontstructarray[i], playercolor[1], strlen(playercolor[1]),
data/xvier-1.0/xvier.c:504:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(pipei[0], &text[i], 1) < 1) {
data/xvier-1.0/xvier.c:922:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(playercolor[1 - c_index]));
data/xvier-1.0/xvier.c:927:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(playercolor[c_index]));
data/xvier-1.0/xvier.c:930:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(messagestring[message_index]));
data/xvier-1.0/xvier.c:1098:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(pipei[0], &answer, 1) < 1) {
ANALYSIS SUMMARY:
Hits = 27
Lines analyzed = 2084 in approximately 0.06 seconds (34833 lines/second)
Physical Source Lines of Code (SLOC) = 1996
Hits@level = [0] 16 [1] 10 [2] 13 [3] 1 [4] 3 [5] 0
Hits@level+ = [0+] 43 [1+] 27 [2+] 17 [3+] 4 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 21.5431 [1+] 13.5271 [2+] 8.51703 [3+] 2.00401 [4+] 1.50301 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.