Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/akregator-20.08.2/configuration/akregator_config_appearance.cpp Examining data/akregator-20.08.2/configuration/akregator_config_appearance.h Examining data/akregator-20.08.2/configuration/akregator_config_plugins.cpp Examining data/akregator-20.08.2/configuration/akregator_config_userfeedback.h Examining data/akregator-20.08.2/configuration/settings_advanced.h Examining data/akregator-20.08.2/configuration/akregatorconfigurepluginlistwidget.cpp Examining data/akregator-20.08.2/configuration/akregator_config_archive.h Examining data/akregator-20.08.2/configuration/akregator_config_general.h Examining data/akregator-20.08.2/configuration/akregator_config_plugins.h Examining data/akregator-20.08.2/configuration/akregator_config_browser.cpp Examining data/akregator-20.08.2/configuration/akregatorconfigurepluginlistwidget.h Examining data/akregator-20.08.2/configuration/settings_advanced.cpp Examining data/akregator-20.08.2/configuration/akregator_config_advanced.cpp Examining data/akregator-20.08.2/configuration/akregator_config_archive.cpp Examining data/akregator-20.08.2/configuration/akregator_config_general.cpp Examining data/akregator-20.08.2/configuration/akregator_config_browser.h Examining data/akregator-20.08.2/configuration/akregator_config_userfeedback.cpp Examining data/akregator-20.08.2/configuration/akregator_config_advanced.h Examining data/akregator-20.08.2/interfaces/storagefactoryregistry.h Examining data/akregator-20.08.2/interfaces/userfeedback/userfeedbackmanager.h Examining data/akregator-20.08.2/interfaces/userfeedback/akregatoruserfeedbackprovider.cpp Examining data/akregator-20.08.2/interfaces/userfeedback/akregatoruserfeedbackprovider.h Examining data/akregator-20.08.2/interfaces/userfeedback/userfeedbackmanager.cpp Examining data/akregator-20.08.2/interfaces/plugin.cpp Examining data/akregator-20.08.2/interfaces/storagefactory.h Examining data/akregator-20.08.2/interfaces/article.h Examining data/akregator-20.08.2/interfaces/feedlistmanagementinterface.h Examining data/akregator-20.08.2/interfaces/types.h Examining data/akregator-20.08.2/interfaces/feedlistmanagementinterface.cpp Examining data/akregator-20.08.2/interfaces/command.h Examining data/akregator-20.08.2/interfaces/storage.h Examining data/akregator-20.08.2/interfaces/storagefactoryregistry.cpp Examining data/akregator-20.08.2/interfaces/plugin.h Examining data/akregator-20.08.2/interfaces/command.cpp Examining data/akregator-20.08.2/interfaces/feedstorage.h Examining data/akregator-20.08.2/kontactplugin/akregator_plugin.cpp Examining data/akregator-20.08.2/kontactplugin/akregator_plugin.h Examining data/akregator-20.08.2/export/akregatorstorageexporter.cpp Examining data/akregator-20.08.2/src/treenodevisitor.h Examining data/akregator-20.08.2/src/abstractselectioncontroller.cpp Examining data/akregator-20.08.2/src/crashwidget/crashwidget.h Examining data/akregator-20.08.2/src/crashwidget/crashwidget.cpp Examining data/akregator-20.08.2/src/akregratormigrateapplication.cpp Examining data/akregator-20.08.2/src/selectioncontroller.cpp Examining data/akregator-20.08.2/src/articleviewerwidget.h Examining data/akregator-20.08.2/src/akregator_options.h Examining data/akregator-20.08.2/src/widgets/searchbar.h Examining data/akregator-20.08.2/src/widgets/statussearchline.cpp Examining data/akregator-20.08.2/src/widgets/akregatorcentralwidget.cpp Examining data/akregator-20.08.2/src/widgets/akregatorcentralwidget.h Examining data/akregator-20.08.2/src/widgets/statussearchline.h Examining data/akregator-20.08.2/src/widgets/searchbar.cpp Examining data/akregator-20.08.2/src/akregator_part.h Examining data/akregator-20.08.2/src/tabwidget.cpp Examining data/akregator-20.08.2/src/mainwindow.h Examining data/akregator-20.08.2/src/subscription/subscriptionlistview.cpp Examining data/akregator-20.08.2/src/subscription/subscriptionlistview.h Examining data/akregator-20.08.2/src/subscription/subscriptionlistmodel.h Examining data/akregator-20.08.2/src/subscription/subscriptionlistjobs.cpp Examining data/akregator-20.08.2/src/subscription/subscriptionlistmodel.cpp Examining data/akregator-20.08.2/src/subscription/subscriptionlistdelegate.cpp Examining data/akregator-20.08.2/src/subscription/subscriptionlistjobs.h Examining data/akregator-20.08.2/src/subscription/subscriptionlistdelegate.h Examining data/akregator-20.08.2/src/pluginmanager.cpp Examining data/akregator-20.08.2/src/articlelistview.cpp Examining data/akregator-20.08.2/src/openurlrequest.cpp Examining data/akregator-20.08.2/src/aboutdata.h Examining data/akregator-20.08.2/src/articlejobs.h Examining data/akregator-20.08.2/src/frame/mainframe.h Examining data/akregator-20.08.2/src/frame/framemanager.h Examining data/akregator-20.08.2/src/frame/webengine/webengineframe.cpp Examining data/akregator-20.08.2/src/frame/webengine/akrwebengineviewer.h Examining data/akregator-20.08.2/src/frame/webengine/akrwebengineviewer.cpp Examining data/akregator-20.08.2/src/frame/webengine/webengineframe.h Examining data/akregator-20.08.2/src/frame/framemanager.cpp Examining data/akregator-20.08.2/src/frame/frame.h Examining data/akregator-20.08.2/src/frame/frame.cpp Examining data/akregator-20.08.2/src/frame/mainframe.cpp Examining data/akregator-20.08.2/src/abstractselectioncontroller.h Examining data/akregator-20.08.2/src/articleviewerwidget.cpp Examining data/akregator-20.08.2/src/trayicon.h Examining data/akregator-20.08.2/src/urlhandler/webengine/urlhandlerwebenginemanager.h Examining data/akregator-20.08.2/src/urlhandler/webengine/urlhandlerwebengine.cpp Examining data/akregator-20.08.2/src/urlhandler/webengine/urlhandlerwebenginemanager.cpp Examining data/akregator-20.08.2/src/urlhandler/webengine/urlhandlerwebengine.h Examining data/akregator-20.08.2/src/articleviewer-ng/webengine/articleviewerwebenginewidgetng.cpp Examining data/akregator-20.08.2/src/articleviewer-ng/webengine/articlehtmlwebenginewriter.cpp Examining data/akregator-20.08.2/src/articleviewer-ng/webengine/articleviewerwebenginewidgetng.h Examining data/akregator-20.08.2/src/articleviewer-ng/webengine/articleviewerwebenginepage.cpp Examining data/akregator-20.08.2/src/articleviewer-ng/webengine/articleviewerwebenginepage.h Examining data/akregator-20.08.2/src/articleviewer-ng/webengine/articleviewerwebengine.cpp Examining data/akregator-20.08.2/src/articleviewer-ng/webengine/articleviewerwebengine.h Examining data/akregator-20.08.2/src/articleviewer-ng/webengine/articlehtmlwebenginewriter.h Examining data/akregator-20.08.2/src/mainwidget.cpp Examining data/akregator-20.08.2/src/dummystorage/storagefactorydummyimpl.h Examining data/akregator-20.08.2/src/dummystorage/storagedummyimpl.cpp Examining data/akregator-20.08.2/src/dummystorage/storagefactorydummyimpl.cpp Examining data/akregator-20.08.2/src/dummystorage/storagedummyimpl.h Examining data/akregator-20.08.2/src/dummystorage/feedstoragedummyimpl.cpp Examining data/akregator-20.08.2/src/dummystorage/feedstoragedummyimpl.h Examining data/akregator-20.08.2/src/utils.h Examining data/akregator-20.08.2/src/articlemodel.cpp Examining data/akregator-20.08.2/src/mainwidget.h Examining data/akregator-20.08.2/src/mainwindow.cpp Examining data/akregator-20.08.2/src/folder.cpp Examining data/akregator-20.08.2/src/kernel.cpp Examining data/akregator-20.08.2/src/unityservicemanager.cpp Examining data/akregator-20.08.2/src/selectioncontroller.h Examining data/akregator-20.08.2/src/job/downloadarticlejob.cpp Examining data/akregator-20.08.2/src/job/downloadfeediconjob.h Examining data/akregator-20.08.2/src/job/autotests/downloadfeediconjobtest.cpp Examining data/akregator-20.08.2/src/job/autotests/downloadfeediconjobtest.h Examining data/akregator-20.08.2/src/job/downloadarticlejob.h Examining data/akregator-20.08.2/src/job/downloadfeediconjob.cpp Examining data/akregator-20.08.2/src/progressmanager.h Examining data/akregator-20.08.2/src/feed/feed.cpp Examining data/akregator-20.08.2/src/feed/feedretriever.cpp Examining data/akregator-20.08.2/src/feed/feedlist.h Examining data/akregator-20.08.2/src/feed/feedpropertiesdialog.cpp Examining data/akregator-20.08.2/src/feed/feedlist.cpp Examining data/akregator-20.08.2/src/feed/feedretriever.h Examining data/akregator-20.08.2/src/feed/feed.h Examining data/akregator-20.08.2/src/feed/feedpropertiesdialog.h Examining data/akregator-20.08.2/src/utils/temporaryvalue.h Examining data/akregator-20.08.2/src/utils/filtercolumnsproxymodel.cpp Examining data/akregator-20.08.2/src/utils/filtercolumnsproxymodel.h Examining data/akregator-20.08.2/src/articlematcher.h Examining data/akregator-20.08.2/src/tabwidget.h Examining data/akregator-20.08.2/src/main.cpp Examining data/akregator-20.08.2/src/utils.cpp Examining data/akregator-20.08.2/src/notificationmanager.h Examining data/akregator-20.08.2/src/addfeeddialog.cpp Examining data/akregator-20.08.2/src/fetchqueue.cpp Examining data/akregator-20.08.2/src/notificationmanager.cpp Examining data/akregator-20.08.2/src/fetchqueue.h Examining data/akregator-20.08.2/src/folder.h Examining data/akregator-20.08.2/src/treenode.h Examining data/akregator-20.08.2/src/actions/actionmanager.cpp Examining data/akregator-20.08.2/src/actions/actions.cpp Examining data/akregator-20.08.2/src/actions/actionmanagerimpl.h Examining data/akregator-20.08.2/src/actions/actionmanager.h Examining data/akregator-20.08.2/src/actions/actionmanagerimpl.cpp Examining data/akregator-20.08.2/src/actions/actions.h Examining data/akregator-20.08.2/src/akregratormigrateapplication.h Examining data/akregator-20.08.2/src/kernel.h Examining data/akregator-20.08.2/src/command/loadfeedlistcommand.cpp Examining data/akregator-20.08.2/src/command/editsubscriptioncommand.cpp Examining data/akregator-20.08.2/src/command/importfeedlistcommand.h Examining data/akregator-20.08.2/src/command/importfeedlistcommand.cpp Examining data/akregator-20.08.2/src/command/deletesubscriptioncommand.h Examining data/akregator-20.08.2/src/command/createfeedcommand.h Examining data/akregator-20.08.2/src/command/loadfeedlistcommand.h Examining data/akregator-20.08.2/src/command/deletesubscriptioncommand.cpp Examining data/akregator-20.08.2/src/command/createfeedcommand.cpp Examining data/akregator-20.08.2/src/command/createfoldercommand.cpp Examining data/akregator-20.08.2/src/command/editsubscriptioncommand.h Examining data/akregator-20.08.2/src/command/expireitemscommand.h Examining data/akregator-20.08.2/src/command/expireitemscommand.cpp Examining data/akregator-20.08.2/src/command/createfoldercommand.h Examining data/akregator-20.08.2/src/addfeeddialog.h Examining data/akregator-20.08.2/src/pluginmanager.h Examining data/akregator-20.08.2/src/formatter/defaultcombinedviewformatter.cpp Examining data/akregator-20.08.2/src/formatter/grantleeutil.cpp Examining data/akregator-20.08.2/src/formatter/grantleeviewformatter.cpp Examining data/akregator-20.08.2/src/formatter/defaultnormalviewformatter.cpp Examining data/akregator-20.08.2/src/formatter/defaultnormalviewformatter.h Examining data/akregator-20.08.2/src/formatter/grantleeviewformatter.h Examining data/akregator-20.08.2/src/formatter/articlegrantleeobject.h Examining data/akregator-20.08.2/src/formatter/articleformatter.cpp Examining data/akregator-20.08.2/src/formatter/articleformatter.h Examining data/akregator-20.08.2/src/formatter/articlegrantleeobject.cpp Examining data/akregator-20.08.2/src/formatter/grantleeutil.h Examining data/akregator-20.08.2/src/formatter/defaultcombinedviewformatter.h Examining data/akregator-20.08.2/src/unityservicemanager.h Examining data/akregator-20.08.2/src/articlemodel.h Examining data/akregator-20.08.2/src/trayicon.cpp Examining data/akregator-20.08.2/src/articlelistview.h Examining data/akregator-20.08.2/src/articlejobs.cpp Examining data/akregator-20.08.2/src/shared.h Examining data/akregator-20.08.2/src/treenode.cpp Examining data/akregator-20.08.2/src/treenodevisitor.cpp Examining data/akregator-20.08.2/src/article.cpp Examining data/akregator-20.08.2/src/aboutdata.cpp Examining data/akregator-20.08.2/src/progressmanager.cpp Examining data/akregator-20.08.2/src/articlematcher.cpp Examining data/akregator-20.08.2/src/openurlrequest.h Examining data/akregator-20.08.2/src/akregator_part.cpp Examining data/akregator-20.08.2/plugins/mk4storage/mk4plugin.cpp Examining data/akregator-20.08.2/plugins/mk4storage/storagefactorymk4impl.cpp Examining data/akregator-20.08.2/plugins/mk4storage/metakit/include/mk4io.h Examining data/akregator-20.08.2/plugins/mk4storage/metakit/include/mk4str.h Examining data/akregator-20.08.2/plugins/mk4storage/metakit/include/mk4dll.h Examining data/akregator-20.08.2/plugins/mk4storage/metakit/include/mk4.h Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/std.cpp Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/string.cpp Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/handler.cpp Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/borc.h Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/format.h Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/mfc.h Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/view.cpp Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/remap.h Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/custom.h Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/column.h Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/handler.h Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/field.h Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/derived.cpp Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/store.cpp Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/fileio.cpp Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/column.cpp Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/header.h Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/field.cpp Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/custom.cpp Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/persist.h Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/derived.h Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/doxy.h Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/univ.cpp Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/store.h Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/gnuc.h Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/mwcw.h Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/viewx.cpp Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/format.cpp Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/remap.cpp Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/table.cpp Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/std.h Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/msvc.h Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/win.h Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/persist.cpp Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/univ.h Examining data/akregator-20.08.2/plugins/mk4storage/storagefactorymk4impl.h Examining data/akregator-20.08.2/plugins/mk4storage/mk4plugin.h Examining data/akregator-20.08.2/plugins/mk4storage/storagemk4impl.cpp Examining data/akregator-20.08.2/plugins/mk4storage/feedstoragemk4impl.h Examining data/akregator-20.08.2/plugins/mk4storage/storagemk4impl.h Examining data/akregator-20.08.2/plugins/mk4storage/feedstoragemk4impl.cpp FINAL RESULTS: data/akregator-20.08.2/plugins/mk4storage/metakit/src/header.h:204:30: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. #error Exactly one operating system should have been defined data/akregator-20.08.2/plugins/mk4storage/metakit/src/univ.cpp:33:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return strcpy(s, p); data/akregator-20.08.2/plugins/mk4storage/metakit/src/view.cpp:153:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(sPropModsFile, fmt_, arg_); data/akregator-20.08.2/plugins/mk4storage/metakit/src/viewx.cpp:156:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return strcpy((char *)Buffer().SetBuffer(strlen(str_) + 1), str_); data/akregator-20.08.2/plugins/mk4storage/metakit/src/view.cpp:64:5: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. InitializeCriticalSection(&gCritSect); data/akregator-20.08.2/plugins/mk4storage/metakit/src/view.cpp:74:5: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&gCritSect); data/akregator-20.08.2/export/akregatorstorageexporter.cpp:380:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!out.open(stdout, QIODevice::WriteOnly)) { data/akregator-20.08.2/interfaces/storage.h:58:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual bool open(bool autoCommit = false) = 0; data/akregator-20.08.2/plugins/mk4storage/metakit/src/column.cpp:27:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to, from, n_); data/akregator-20.08.2/plugins/mk4storage/metakit/src/column.cpp:333:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, p, n); // some copying can be avoided, overwritten below... data/akregator-20.08.2/plugins/mk4storage/metakit/src/column.cpp:553:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, _segments.GetAt(i), n); data/akregator-20.08.2/plugins/mk4storage/metakit/src/column.cpp:794:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, iter.BufLoad(), iter.BufLen()); data/akregator-20.08.2/plugins/mk4storage/metakit/src/column.cpp:813:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(iter.BufSave(), p, iter.BufLen()); data/akregator-20.08.2/plugins/mk4storage/metakit/src/derived.cpp:644:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(scratch, ar, size * sizeof(T)); data/akregator-20.08.2/plugins/mk4storage/metakit/src/fileio.cpp:85:56: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). static FILE *(*my_fopen)(const char *, const char *) = fopen; data/akregator-20.08.2/plugins/mk4storage/metakit/src/fileio.cpp:121:62: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). my_fopen = (FILE * (*)(const char *, const char *))F(fopen); data/akregator-20.08.2/plugins/mk4storage/metakit/src/fileio.cpp:152:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define fopen my_fopen data/akregator-20.08.2/plugins/mk4storage/metakit/src/fileio.cpp:352:9: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(CP_UTF8, 0, fname_, -1, wName, MAX_PATH); data/akregator-20.08.2/plugins/mk4storage/metakit/src/fileio.cpp:359:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _cleanup = _file = fopen(fname_, mode_ > 0 ? "r+b" : "rb"); data/akregator-20.08.2/plugins/mk4storage/metakit/src/fileio.cpp:375:9: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(CP_UTF8, 0, fname_, -1, wName, MAX_PATH); data/akregator-20.08.2/plugins/mk4storage/metakit/src/fileio.cpp:381:28: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _cleanup = _file = fopen(fname_, "w+b"); data/akregator-20.08.2/plugins/mk4storage/metakit/src/fileio.cpp:432:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempBuf[4096]; data/akregator-20.08.2/plugins/mk4storage/metakit/src/fileio.cpp:434:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. buf_ = memcpy(tempBuf, buf_, len_); data/akregator-20.08.2/plugins/mk4storage/metakit/src/format.cpp:741:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(iter.BufSave(), buf_.Contents() + spos, iter.BufLen()); data/akregator-20.08.2/plugins/mk4storage/metakit/src/format.cpp:932:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. d4_assert(((const char *)ptr)[length_ - 1] == 0); data/akregator-20.08.2/plugins/mk4storage/metakit/src/handler.cpp:24:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char zeros[8]; data/akregator-20.08.2/plugins/mk4storage/metakit/src/header.h:132:31: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define d4_memmove(d, s, n) bcopy(s, d, n) data/akregator-20.08.2/plugins/mk4storage/metakit/src/persist.cpp:628:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_curr, buf_, len_); data/akregator-20.08.2/plugins/mk4storage/metakit/src/persist.cpp:1185:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_oldBuf, _oldCurr, k); data/akregator-20.08.2/plugins/mk4storage/metakit/src/persist.cpp:1248:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/akregator-20.08.2/plugins/mk4storage/metakit/src/store.cpp:579:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer_, _buffer + _position, length_); data/akregator-20.08.2/plugins/mk4storage/metakit/src/store.cpp:601:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_buffer + _position, buffer_, n); data/akregator-20.08.2/plugins/mk4storage/metakit/src/string.cpp:177:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result._value + 2, a.Data(), aCnt); data/akregator-20.08.2/plugins/mk4storage/metakit/src/string.cpp:178:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result._value + 2 + aCnt, b.Data(), sum - aCnt); data/akregator-20.08.2/plugins/mk4storage/metakit/src/string.cpp:214:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_value + 2, p, n); data/akregator-20.08.2/plugins/mk4storage/metakit/src/table.cpp:106:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t, _buffer, sizeof _buffer); data/akregator-20.08.2/plugins/mk4storage/metakit/src/table.cpp:107:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_buffer, bytes_._buffer, sizeof _buffer); data/akregator-20.08.2/plugins/mk4storage/metakit/src/table.cpp:108:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bytes_._buffer, t, sizeof _buffer); data/akregator-20.08.2/plugins/mk4storage/metakit/src/table.cpp:151:32: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. _contents = (t4_byte *)memcpy(_copy ? d4_new t4_byte[_size] : _buffer, data/akregator-20.08.2/plugins/mk4storage/metakit/src/univ.cpp:51:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return fopen(name_, mode_); data/akregator-20.08.2/plugins/mk4storage/metakit/src/viewx.cpp:632:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, orig.Contents(), off_); data/akregator-20.08.2/plugins/mk4storage/metakit/src/viewx.cpp:633:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr + off_, buf_.Contents(), n); data/akregator-20.08.2/plugins/mk4storage/metakit/src/viewx.cpp:634:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr + off_ + n, orig.Contents() + off_, orig.Size() - off_); data/akregator-20.08.2/plugins/mk4storage/storagemk4impl.cpp:134:42: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool Akregator::Backend::StorageMK4Impl::open(bool autoCommit) data/akregator-20.08.2/plugins/mk4storage/storagemk4impl.h:63:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(bool autoCommit = false) override; data/akregator-20.08.2/src/akregator_part.cpp:217:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_storage->open(true); data/akregator-20.08.2/src/akregator_part.cpp:443:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::WriteOnly)) { data/akregator-20.08.2/src/akregator_part.cpp:542:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!tempFile.open()) { data/akregator-20.08.2/src/akregator_part.cpp:556:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::ReadOnly)) { data/akregator-20.08.2/src/articleviewer-ng/webengine/articleviewerwebenginewidgetng.cpp:174:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dialog->open(); data/akregator-20.08.2/src/command/loadfeedlistcommand.cpp:158:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly)) { data/akregator-20.08.2/src/dummystorage/storagedummyimpl.cpp:75:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool StorageDummyImpl::open(bool /*autoCommit*/) data/akregator-20.08.2/src/dummystorage/storagedummyimpl.h:50:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(bool autoCommit = false) override; data/akregator-20.08.2/src/folder.cpp:289:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void Folder::setOpen(bool open) data/akregator-20.08.2/src/folder.cpp:291:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_open = open; data/akregator-20.08.2/src/folder.h:142:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void setOpen(bool open); data/akregator-20.08.2/src/job/downloadarticlejob.cpp:58:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mTemporaryFile->open(); data/akregator-20.08.2/plugins/mk4storage/metakit/src/string.cpp:141:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Init(p, p != nullptr ? strlen(p) : 0); data/akregator-20.08.2/plugins/mk4storage/metakit/src/string.cpp:223:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return n < 255 ? n : n + strlen((const char *)_value + 2 + 255); data/akregator-20.08.2/plugins/mk4storage/metakit/src/univ.cpp:32:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *s = (char *)malloc(strlen(p) + 1); data/akregator-20.08.2/plugins/mk4storage/metakit/src/viewx.cpp:156:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strcpy((char *)Buffer().SetBuffer(strlen(str_) + 1), str_); data/akregator-20.08.2/plugins/mk4storage/metakit/src/viewx.cpp:656:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SetData(c4_Bytes(value_, strlen(value_) + 1)); ANALYSIS SUMMARY: Hits = 62 Lines analyzed = 43786 in approximately 1.38 seconds (31713 lines/second) Physical Source Lines of Code (SLOC) = 29160 Hits@level = [0] 14 [1] 5 [2] 51 [3] 2 [4] 4 [5] 0 Hits@level+ = [0+] 76 [1+] 62 [2+] 57 [3+] 6 [4+] 4 [5+] 0 Hits/KSLOC@level+ = [0+] 2.60631 [1+] 2.1262 [2+] 1.95473 [3+] 0.205761 [4+] 0.137174 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.