Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/chessx-1.4.6/src/database/analysis.cpp
Examining data/chessx-1.4.6/src/database/analysis.h
Examining data/chessx-1.4.6/src/database/bitboard.cpp
Examining data/chessx-1.4.6/src/database/bitboard.h
Examining data/chessx-1.4.6/src/database/bitfind.h
Examining data/chessx-1.4.6/src/database/board.cpp
Examining data/chessx-1.4.6/src/database/board.h
Examining data/chessx-1.4.6/src/database/circularbuffer.h
Examining data/chessx-1.4.6/src/database/clipboarddatabase.cpp
Examining data/chessx-1.4.6/src/database/clipboarddatabase.h
Examining data/chessx-1.4.6/src/database/ctgbookwriter.cpp
Examining data/chessx-1.4.6/src/database/ctgbookwriter.h
Examining data/chessx-1.4.6/src/database/ctgdatabase.cpp
Examining data/chessx-1.4.6/src/database/ctgdatabase.h
Examining data/chessx-1.4.6/src/database/database.cpp
Examining data/chessx-1.4.6/src/database/database.h
Examining data/chessx-1.4.6/src/database/databaseconversion.cpp
Examining data/chessx-1.4.6/src/database/databaseconversion.h
Examining data/chessx-1.4.6/src/database/databaseinfo.cpp
Examining data/chessx-1.4.6/src/database/datesearch.cpp
Examining data/chessx-1.4.6/src/database/datesearch.h
Examining data/chessx-1.4.6/src/database/downloadmanager.cpp
Examining data/chessx-1.4.6/src/database/downloadmanager.h
Examining data/chessx-1.4.6/src/database/duplicatesearch.cpp
Examining data/chessx-1.4.6/src/database/duplicatesearch.h
Examining data/chessx-1.4.6/src/database/ecoinfo.cpp
Examining data/chessx-1.4.6/src/database/ecoinfo.h
Examining data/chessx-1.4.6/src/database/ecopositions.cpp
Examining data/chessx-1.4.6/src/database/ecopositions.h
Examining data/chessx-1.4.6/src/database/editaction.cpp
Examining data/chessx-1.4.6/src/database/editaction.h
Examining data/chessx-1.4.6/src/database/elosearch.cpp
Examining data/chessx-1.4.6/src/database/elosearch.h
Examining data/chessx-1.4.6/src/database/engine.cpp
Examining data/chessx-1.4.6/src/database/engine.h
Examining data/chessx-1.4.6/src/database/enginedata.cpp
Examining data/chessx-1.4.6/src/database/enginedata.h
Examining data/chessx-1.4.6/src/database/enginelist.cpp
Examining data/chessx-1.4.6/src/database/enginelist.h
Examining data/chessx-1.4.6/src/database/engineoptiondata.cpp
Examining data/chessx-1.4.6/src/database/engineoptiondata.h
Examining data/chessx-1.4.6/src/database/engineparameter.h
Examining data/chessx-1.4.6/src/database/eventinfo.cpp
Examining data/chessx-1.4.6/src/database/eventinfo.h
Examining data/chessx-1.4.6/src/database/ficsclient.cpp
Examining data/chessx-1.4.6/src/database/ficsclient.h
Examining data/chessx-1.4.6/src/database/ficsdatabase.cpp
Examining data/chessx-1.4.6/src/database/ficsdatabase.h
Examining data/chessx-1.4.6/src/database/filter.cpp
Examining data/chessx-1.4.6/src/database/filter.h
Examining data/chessx-1.4.6/src/database/filtermodel.cpp
Examining data/chessx-1.4.6/src/database/filtermodel.h
Examining data/chessx-1.4.6/src/database/filtersearch.cpp
Examining data/chessx-1.4.6/src/database/filtersearch.h
Examining data/chessx-1.4.6/src/database/game.cpp
Examining data/chessx-1.4.6/src/database/game.h
Examining data/chessx-1.4.6/src/database/gameid.h
Examining data/chessx-1.4.6/src/database/historylist.cpp
Examining data/chessx-1.4.6/src/database/historylist.h
Examining data/chessx-1.4.6/src/database/index.cpp
Examining data/chessx-1.4.6/src/database/index.h
Examining data/chessx-1.4.6/src/database/indexitem.cpp
Examining data/chessx-1.4.6/src/database/indexitem.h
Examining data/chessx-1.4.6/src/database/memorydatabase.cpp
Examining data/chessx-1.4.6/src/database/memorydatabase.h
Examining data/chessx-1.4.6/src/database/move.h
Examining data/chessx-1.4.6/src/database/movedata.cpp
Examining data/chessx-1.4.6/src/database/movedata.h
Examining data/chessx-1.4.6/src/database/movelist.h
Examining data/chessx-1.4.6/src/database/nag.cpp
Examining data/chessx-1.4.6/src/database/nag.h
Examining data/chessx-1.4.6/src/database/numbersearch.cpp
Examining data/chessx-1.4.6/src/database/numbersearch.h
Examining data/chessx-1.4.6/src/database/openingtree.cpp
Examining data/chessx-1.4.6/src/database/openingtree.h
Examining data/chessx-1.4.6/src/database/openingtreethread.cpp
Examining data/chessx-1.4.6/src/database/openingtreethread.h
Examining data/chessx-1.4.6/src/database/output.cpp
Examining data/chessx-1.4.6/src/database/output.h
Examining data/chessx-1.4.6/src/database/outputoptions.cpp
Examining data/chessx-1.4.6/src/database/outputoptions.h
Examining data/chessx-1.4.6/src/database/partialdate.cpp
Examining data/chessx-1.4.6/src/database/partialdate.h
Examining data/chessx-1.4.6/src/database/pdbtest.cpp
Examining data/chessx-1.4.6/src/database/pdbtest.h
Examining data/chessx-1.4.6/src/database/pgndatabase.cpp
Examining data/chessx-1.4.6/src/database/pgndatabase.h
Examining data/chessx-1.4.6/src/database/piece.cpp
Examining data/chessx-1.4.6/src/database/piece.h
Examining data/chessx-1.4.6/src/database/playerdata.cpp
Examining data/chessx-1.4.6/src/database/playerdata.h
Examining data/chessx-1.4.6/src/database/playerdatabase.cpp
Examining data/chessx-1.4.6/src/database/playerdatabase.h
Examining data/chessx-1.4.6/src/database/playerinfo.cpp
Examining data/chessx-1.4.6/src/database/playerinfo.h
Examining data/chessx-1.4.6/src/database/polyglotdatabase.cpp
Examining data/chessx-1.4.6/src/database/polyglotdatabase.h
Examining data/chessx-1.4.6/src/database/polyglotwriter.cpp
Examining data/chessx-1.4.6/src/database/polyglotwriter.h
Examining data/chessx-1.4.6/src/database/positionsearch.cpp
Examining data/chessx-1.4.6/src/database/positionsearch.h
Examining data/chessx-1.4.6/src/database/query.cpp
Examining data/chessx-1.4.6/src/database/query.h
Examining data/chessx-1.4.6/src/database/rand64.h
Examining data/chessx-1.4.6/src/database/refcount.cpp
Examining data/chessx-1.4.6/src/database/refcount.h
Examining data/chessx-1.4.6/src/database/result.cpp
Examining data/chessx-1.4.6/src/database/result.h
Examining data/chessx-1.4.6/src/database/search.cpp
Examining data/chessx-1.4.6/src/database/search.h
Examining data/chessx-1.4.6/src/database/settings.cpp
Examining data/chessx-1.4.6/src/database/settings.h
Examining data/chessx-1.4.6/src/database/spellchecker.cpp
Examining data/chessx-1.4.6/src/database/spellchecker.h
Examining data/chessx-1.4.6/src/database/square.h
Examining data/chessx-1.4.6/src/database/streamdatabase.cpp
Examining data/chessx-1.4.6/src/database/streamdatabase.h
Examining data/chessx-1.4.6/src/database/tablebase.cpp
Examining data/chessx-1.4.6/src/database/tablebase.h
Examining data/chessx-1.4.6/src/database/tags.cpp
Examining data/chessx-1.4.6/src/database/tags.h
Examining data/chessx-1.4.6/src/database/tagsearch.cpp
Examining data/chessx-1.4.6/src/database/tagsearch.h
Examining data/chessx-1.4.6/src/database/tagvalues.h
Examining data/chessx-1.4.6/src/database/telnetclient.cpp
Examining data/chessx-1.4.6/src/database/telnetclient.h
Examining data/chessx-1.4.6/src/database/threadedguess.cpp
Examining data/chessx-1.4.6/src/database/threadedguess.h
Examining data/chessx-1.4.6/src/database/tristatetree.cpp
Examining data/chessx-1.4.6/src/database/tristatetree.h
Examining data/chessx-1.4.6/src/database/uciengine.cpp
Examining data/chessx-1.4.6/src/database/uciengine.h
Examining data/chessx-1.4.6/src/database/version.h
Examining data/chessx-1.4.6/src/database/wbengine.cpp
Examining data/chessx-1.4.6/src/database/wbengine.h
Examining data/chessx-1.4.6/src/database/databaseinfo.h
Examining data/chessx-1.4.6/src/dialogs/aboutdlg.cpp
Examining data/chessx-1.4.6/src/dialogs/aboutdlg.h
Examining data/chessx-1.4.6/src/dialogs/actiondialog.cpp
Examining data/chessx-1.4.6/src/dialogs/actiondialog.h
Examining data/chessx-1.4.6/src/dialogs/boardsearchdialog.cpp
Examining data/chessx-1.4.6/src/dialogs/boardsearchdialog.h
Examining data/chessx-1.4.6/src/dialogs/commentdialog.cpp
Examining data/chessx-1.4.6/src/dialogs/commentdialog.h
Examining data/chessx-1.4.6/src/dialogs/copydialog.cpp
Examining data/chessx-1.4.6/src/dialogs/copydialog.h
Examining data/chessx-1.4.6/src/dialogs/dlgsavebook.cpp
Examining data/chessx-1.4.6/src/dialogs/dlgsavebook.h
Examining data/chessx-1.4.6/src/dialogs/matchparameterdlg.cpp
Examining data/chessx-1.4.6/src/dialogs/matchparameterdlg.h
Examining data/chessx-1.4.6/src/dialogs/preferences.h
Examining data/chessx-1.4.6/src/dialogs/promotiondialog.cpp
Examining data/chessx-1.4.6/src/dialogs/promotiondialog.h
Examining data/chessx-1.4.6/src/dialogs/quicksearch.cpp
Examining data/chessx-1.4.6/src/dialogs/quicksearch.h
Examining data/chessx-1.4.6/src/dialogs/recipientaddressdialog.cpp
Examining data/chessx-1.4.6/src/dialogs/recipientaddressdialog.h
Examining data/chessx-1.4.6/src/dialogs/renametagdialog.cpp
Examining data/chessx-1.4.6/src/dialogs/renametagdialog.h
Examining data/chessx-1.4.6/src/dialogs/savedialog.h
Examining data/chessx-1.4.6/src/dialogs/tagdialog.cpp
Examining data/chessx-1.4.6/src/dialogs/tagdialog.h
Examining data/chessx-1.4.6/src/dialogs/preferences.cpp
Examining data/chessx-1.4.6/src/dialogs/savedialog.cpp
Examining data/chessx-1.4.6/src/guess/attacks.h
Examining data/chessx-1.4.6/src/guess/common.h
Examining data/chessx-1.4.6/src/guess/compileeco.cpp
Examining data/chessx-1.4.6/src/guess/compileeco.h
Examining data/chessx-1.4.6/src/guess/error.h
Examining data/chessx-1.4.6/src/guess/guess.cpp
Examining data/chessx-1.4.6/src/guess/guess.h
Examining data/chessx-1.4.6/src/guess/guessengine.cpp
Examining data/chessx-1.4.6/src/guess/guessengine.h
Examining data/chessx-1.4.6/src/guess/hash.h
Examining data/chessx-1.4.6/src/guess/misc.cpp
Examining data/chessx-1.4.6/src/guess/misc.h
Examining data/chessx-1.4.6/src/guess/movelist.cpp
Examining data/chessx-1.4.6/src/guess/movelist.h
Examining data/chessx-1.4.6/src/guess/position.h
Examining data/chessx-1.4.6/src/guess/recog.cpp
Examining data/chessx-1.4.6/src/guess/recog.h
Examining data/chessx-1.4.6/src/guess/sqlist.h
Examining data/chessx-1.4.6/src/guess/sqmove.h
Examining data/chessx-1.4.6/src/guess/sqset.h
Examining data/chessx-1.4.6/src/guess/position.cpp
Examining data/chessx-1.4.6/src/gui/analysiswidget.cpp
Examining data/chessx-1.4.6/src/gui/analysiswidget.h
Examining data/chessx-1.4.6/src/gui/boardsetup.cpp
Examining data/chessx-1.4.6/src/gui/boardsetup.h
Examining data/chessx-1.4.6/src/gui/boardsetuptoolbutton.cpp
Examining data/chessx-1.4.6/src/gui/boardsetuptoolbutton.h
Examining data/chessx-1.4.6/src/gui/boardtheme.cpp
Examining data/chessx-1.4.6/src/gui/boardtheme.h
Examining data/chessx-1.4.6/src/gui/boardview.cpp
Examining data/chessx-1.4.6/src/gui/boardview.h
Examining data/chessx-1.4.6/src/gui/boardviewex.cpp
Examining data/chessx-1.4.6/src/gui/boardviewex.h
Examining data/chessx-1.4.6/src/gui/chartwidget.cpp
Examining data/chessx-1.4.6/src/gui/chartwidget.h
Examining data/chessx-1.4.6/src/gui/chessbrowser.cpp
Examining data/chessx-1.4.6/src/gui/chessbrowser.h
Examining data/chessx-1.4.6/src/gui/colorlist.cpp
Examining data/chessx-1.4.6/src/gui/colorlist.h
Examining data/chessx-1.4.6/src/gui/databaselist.cpp
Examining data/chessx-1.4.6/src/gui/databaselist.h
Examining data/chessx-1.4.6/src/gui/databaselistmodel.cpp
Examining data/chessx-1.4.6/src/gui/databaselistmodel.h
Examining data/chessx-1.4.6/src/gui/digitalclock.cpp
Examining data/chessx-1.4.6/src/gui/digitalclock.h
Examining data/chessx-1.4.6/src/gui/dockwidgetex.cpp
Examining data/chessx-1.4.6/src/gui/dockwidgetex.h
Examining data/chessx-1.4.6/src/gui/ecolistwidget.cpp
Examining data/chessx-1.4.6/src/gui/ecolistwidget.h
Examining data/chessx-1.4.6/src/gui/ecothread.h
Examining data/chessx-1.4.6/src/gui/engineoptiondialog.cpp
Examining data/chessx-1.4.6/src/gui/engineoptiondialog.h
Examining data/chessx-1.4.6/src/gui/engineoptionlist.cpp
Examining data/chessx-1.4.6/src/gui/engineoptionlist.h
Examining data/chessx-1.4.6/src/gui/engineoptionmodel.cpp
Examining data/chessx-1.4.6/src/gui/engineoptionmodel.h
Examining data/chessx-1.4.6/src/gui/eventlistwidget.cpp
Examining data/chessx-1.4.6/src/gui/eventlistwidget.h
Examining data/chessx-1.4.6/src/gui/exclusiveactiongroup.cpp
Examining data/chessx-1.4.6/src/gui/exclusiveactiongroup.h
Examining data/chessx-1.4.6/src/gui/exttool.cpp
Examining data/chessx-1.4.6/src/gui/exttool.h
Examining data/chessx-1.4.6/src/gui/ficsconsole.cpp
Examining data/chessx-1.4.6/src/gui/ficsconsole.h
Examining data/chessx-1.4.6/src/gui/gamelist.cpp
Examining data/chessx-1.4.6/src/gui/gamelist.h
Examining data/chessx-1.4.6/src/gui/GameMimeData.h
Examining data/chessx-1.4.6/src/gui/gamewindow.h
Examining data/chessx-1.4.6/src/gui/helpbrowser.cpp
Examining data/chessx-1.4.6/src/gui/helpbrowser.h
Examining data/chessx-1.4.6/src/gui/helpbrowsershell.cpp
Examining data/chessx-1.4.6/src/gui/helpbrowsershell.h
Examining data/chessx-1.4.6/src/gui/historylabel.cpp
Examining data/chessx-1.4.6/src/gui/historylabel.h
Examining data/chessx-1.4.6/src/gui/kbaction.cpp
Examining data/chessx-1.4.6/src/gui/kbaction.h
Examining data/chessx-1.4.6/src/gui/loadquery.cpp
Examining data/chessx-1.4.6/src/gui/loadquery.h
Examining data/chessx-1.4.6/src/gui/logstream.cpp
Examining data/chessx-1.4.6/src/gui/logstream.h
Examining data/chessx-1.4.6/src/gui/main.cpp
Examining data/chessx-1.4.6/src/gui/mainwindow.cpp
Examining data/chessx-1.4.6/src/gui/mainwindow.h
Examining data/chessx-1.4.6/src/gui/mainwindowabout.cpp
Examining data/chessx-1.4.6/src/gui/mainwindowactions.cpp
Examining data/chessx-1.4.6/src/gui/messagedialog.cpp
Examining data/chessx-1.4.6/src/gui/messagedialog.h
Examining data/chessx-1.4.6/src/gui/ooo/converter.cpp
Examining data/chessx-1.4.6/src/gui/ooo/converter.h
Examining data/chessx-1.4.6/src/gui/ooo/document.cpp
Examining data/chessx-1.4.6/src/gui/ooo/document.h
Examining data/chessx-1.4.6/src/gui/ooo/formatproperty.cpp
Examining data/chessx-1.4.6/src/gui/ooo/formatproperty.h
Examining data/chessx-1.4.6/src/gui/ooo/kzip.cpp
Examining data/chessx-1.4.6/src/gui/ooo/kzip.h
Examining data/chessx-1.4.6/src/gui/ooo/styleinformation.cpp
Examining data/chessx-1.4.6/src/gui/ooo/styleinformation.h
Examining data/chessx-1.4.6/src/gui/ooo/styleparser.cpp
Examining data/chessx-1.4.6/src/gui/ooo/styleparser.h
Examining data/chessx-1.4.6/src/gui/openingtreewidget.cpp
Examining data/chessx-1.4.6/src/gui/openingtreewidget.h
Examining data/chessx-1.4.6/src/gui/plaintextedit.cpp
Examining data/chessx-1.4.6/src/gui/plaintextedit.h
Examining data/chessx-1.4.6/src/gui/playerlistwidget.cpp
Examining data/chessx-1.4.6/src/gui/playerlistwidget.h
Examining data/chessx-1.4.6/src/gui/qled.cpp
Examining data/chessx-1.4.6/src/gui/qled.h
Examining data/chessx-1.4.6/src/gui/shellhelper.cpp
Examining data/chessx-1.4.6/src/gui/shellhelper.h
Examining data/chessx-1.4.6/src/gui/simplelabel.cpp
Examining data/chessx-1.4.6/src/gui/simplelabel.h
Examining data/chessx-1.4.6/src/gui/style.cpp
Examining data/chessx-1.4.6/src/gui/style.h
Examining data/chessx-1.4.6/src/gui/tableview.cpp
Examining data/chessx-1.4.6/src/gui/tableview.h
Examining data/chessx-1.4.6/src/gui/textbrowserex.h
Examining data/chessx-1.4.6/src/gui/textedit.cpp
Examining data/chessx-1.4.6/src/gui/textedit.h
Examining data/chessx-1.4.6/src/gui/toolmainwindow.cpp
Examining data/chessx-1.4.6/src/gui/toolmainwindow.h
Examining data/chessx-1.4.6/src/gui/translatingslider.cpp
Examining data/chessx-1.4.6/src/gui/translatingslider.h
Examining data/chessx-1.4.6/src/gui/gamewindow.cpp
Examining data/chessx-1.4.6/src/quazip/crypt.h
Examining data/chessx-1.4.6/src/quazip/ioapi.h
Examining data/chessx-1.4.6/src/quazip/JlCompress.cpp
Examining data/chessx-1.4.6/src/quazip/JlCompress.h
Examining data/chessx-1.4.6/src/quazip/qioapi.cpp
Examining data/chessx-1.4.6/src/quazip/quaadler32.cpp
Examining data/chessx-1.4.6/src/quazip/quaadler32.h
Examining data/chessx-1.4.6/src/quazip/quachecksum32.h
Examining data/chessx-1.4.6/src/quazip/quacrc32.cpp
Examining data/chessx-1.4.6/src/quazip/quacrc32.h
Examining data/chessx-1.4.6/src/quazip/quagzipfile.cpp
Examining data/chessx-1.4.6/src/quazip/quagzipfile.h
Examining data/chessx-1.4.6/src/quazip/quaziodevice.cpp
Examining data/chessx-1.4.6/src/quazip/quaziodevice.h
Examining data/chessx-1.4.6/src/quazip/quazip.cpp
Examining data/chessx-1.4.6/src/quazip/quazip.h
Examining data/chessx-1.4.6/src/quazip/quazip_global.h
Examining data/chessx-1.4.6/src/quazip/quazipdir.cpp
Examining data/chessx-1.4.6/src/quazip/quazipdir.h
Examining data/chessx-1.4.6/src/quazip/quazipfile.cpp
Examining data/chessx-1.4.6/src/quazip/quazipfile.h
Examining data/chessx-1.4.6/src/quazip/quazipfileinfo.h
Examining data/chessx-1.4.6/src/quazip/quazipnewinfo.cpp
Examining data/chessx-1.4.6/src/quazip/quazipnewinfo.h
Examining data/chessx-1.4.6/src/quazip/unzip.c
Examining data/chessx-1.4.6/src/quazip/unzip.h
Examining data/chessx-1.4.6/src/quazip/zip.c
Examining data/chessx-1.4.6/src/quazip/zip.h
FINAL RESULTS:
data/chessx-1.4.6/src/guess/guessengine.cpp:2901:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, ap);
data/chessx-1.4.6/src/guess/guessengine.cpp:2904:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(LogFile, format, ap);
data/chessx-1.4.6/src/gui/main.cpp:137:68: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QString shortSystemLang = QString("chessx_%1.qm").arg(QLocale::system().name().left(2));
data/chessx-1.4.6/src/gui/main.cpp:138:67: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QString fullSystemLang = QString("chessx_%1.qm").arg(QLocale::system().name().left(5));
data/chessx-1.4.6/src/guess/common.h:875:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/chessx-1.4.6/src/guess/common.h:877:5: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(seed);
data/chessx-1.4.6/src/guess/common.h:886:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return random() ^ (random() << 16) ^ (random() >> 16);
data/chessx-1.4.6/src/guess/common.h:886:24: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return random() ^ (random() << 16) ^ (random() >> 16);
data/chessx-1.4.6/src/guess/common.h:886:43: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return random() ^ (random() << 16) ^ (random() >> 16);
data/chessx-1.4.6/src/gui/mainwindow.cpp:376:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(0));
data/chessx-1.4.6/src/gui/mainwindowactions.cpp:1360:56: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
gameLoad(databaseInfo()->filter()->indexToGame(random));
data/chessx-1.4.6/src/quazip/crypt.h:119:9: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)(time(NULL) ^ ZCR_SEED2));
data/chessx-1.4.6/src/database/bitboard.cpp:104:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char Castle[64] =
data/chessx-1.4.6/src/database/bitboard.cpp:1362:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f[9];
data/chessx-1.4.6/src/database/bitboard.h:239:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_piece[64]; // type of piece on this square
data/chessx-1.4.6/src/database/bitboard.h:247:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_pawnCount[2]; // Number of pawns for each side
data/chessx-1.4.6/src/database/bitboard.h:248:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_pieceCount[2]; // Number of pieces INCLUDING pawns for each side
data/chessx-1.4.6/src/database/board.cpp:267:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(file.open(QIODevice::ReadOnly))
data/chessx-1.4.6/src/database/ctgdatabase.cpp:28:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool CtgDatabase::open(const QString &filename, bool)
data/chessx-1.4.6/src/database/ctgdatabase.cpp:80:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file->open(readOnly ? QIODevice::ReadOnly : QIODevice::WriteOnly))
data/chessx-1.4.6/src/database/ctgdatabase.h:15:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const QString& filename, bool);
data/chessx-1.4.6/src/database/database.h:51:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const QString& filename, bool utf8) = 0;
data/chessx-1.4.6/src/database/databaseconversion.cpp:51:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(inFile.open(QIODevice::ReadOnly)))
data/chessx-1.4.6/src/database/databaseinfo.cpp:79:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!m_database->open(filename, m_utf8))
data/chessx-1.4.6/src/database/databaseinfo.cpp:100:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool DatabaseInfo::open(bool utf8)
data/chessx-1.4.6/src/database/databaseinfo.h:45:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(bool utf8);
data/chessx-1.4.6/src/database/downloadmanager.cpp:117:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file.open(QIODevice::WriteOnly))
data/chessx-1.4.6/src/database/ecopositions.cpp:23:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(file.open(QIODevice::ReadOnly))
data/chessx-1.4.6/src/database/engine.cpp:41:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (m_logFile.open(QIODevice::WriteOnly))
data/chessx-1.4.6/src/database/game.cpp:23:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char strSquareNames[64][3] =
data/chessx-1.4.6/src/database/output.cpp:91:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(file.open(QIODevice::ReadOnly))
data/chessx-1.4.6/src/database/output.cpp:953:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!f.open(QIODevice::WriteOnly | QIODevice::Text))
data/chessx-1.4.6/src/database/output.cpp:969:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!f.open(QIODevice::WriteOnly | QIODevice::Text))
data/chessx-1.4.6/src/database/output.cpp:985:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!f.open(QIODevice::WriteOnly | QIODevice::Text))
data/chessx-1.4.6/src/database/output.cpp:1001:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!f.open(QIODevice::WriteOnly | QIODevice::Append | QIODevice::Text))
data/chessx-1.4.6/src/database/output.cpp:1027:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!f.open(QIODevice::WriteOnly | QIODevice::Append | QIODevice::Text))
data/chessx-1.4.6/src/database/pdbtest.cpp:31:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(pdb.open(db_name))
data/chessx-1.4.6/src/database/pdbtest.cpp:148:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(pdb.open(db_name))
data/chessx-1.4.6/src/database/pgndatabase.cpp:42:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool PgnDatabase::open(const QString& filename, bool utf8)
data/chessx-1.4.6/src/database/pgndatabase.cpp:97:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file.open(QIODevice::ReadOnly))
data/chessx-1.4.6/src/database/pgndatabase.cpp:191:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file.open(QIODevice::WriteOnly))
data/chessx-1.4.6/src/database/pgndatabase.cpp:322:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file->open(QIODevice::ReadOnly);
data/chessx-1.4.6/src/database/pgndatabase.cpp:335:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer->open(QIODevice::ReadOnly | QIODevice::Text);
data/chessx-1.4.6/src/database/pgndatabase.h:39:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const QString& filename, bool utf8);
data/chessx-1.4.6/src/database/pgndatabase.h:162:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newAllocation, m_gameOffsets64, m_count * sizeof(qint64));
data/chessx-1.4.6/src/database/pgndatabase.h:169:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newAllocation, m_gameOffsets32, m_count * sizeof(qint32));
data/chessx-1.4.6/src/database/playerdatabase.cpp:49:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_mapfile.open(QIODevice::ReadWrite);
data/chessx-1.4.6/src/database/playerdatabase.cpp:57:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_datafile.open(QIODevice::ReadWrite);
data/chessx-1.4.6/src/database/playerdatabase.cpp:71:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool PlayerDatabase::open(const QString& fname)
data/chessx-1.4.6/src/database/playerdatabase.cpp:75:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!m_mapfile.open(QIODevice::ReadWrite))
data/chessx-1.4.6/src/database/playerdatabase.cpp:106:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!m_datafile.open(QIODevice::ReadWrite))
data/chessx-1.4.6/src/database/playerdatabase.h:36:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const QString& fname);
data/chessx-1.4.6/src/database/polyglotdatabase.cpp:55:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool PolyglotDatabase::open(const QString &filename, bool)
data/chessx-1.4.6/src/database/polyglotdatabase.cpp:107:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file->open(readOnly ? QIODevice::ReadOnly : QIODevice::WriteOnly))
data/chessx-1.4.6/src/database/polyglotdatabase.h:109:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const QString& filename, bool);
data/chessx-1.4.6/src/database/spellchecker.cpp:30:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file.open(QIODevice::ReadOnly))
data/chessx-1.4.6/src/database/spellchecker.cpp:90:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::WriteOnly);
data/chessx-1.4.6/src/database/spellchecker.cpp:133:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file.open(QIODevice::ReadOnly))
data/chessx-1.4.6/src/dialogs/preferences.cpp:366:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(dictFile.open(QIODevice::ReadOnly))
data/chessx-1.4.6/src/guess/common.h:126:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char smallBoardT [32];
data/chessx-1.4.6/src/guess/common.h:138:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char sanStringT [ 10]; // SAN Move Notation
data/chessx-1.4.6/src/guess/common.h:142:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char fileNameT [512];
data/chessx-1.4.6/src/guess/common.h:162:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char ecoStringT [6]; /* "A00j1" */
data/chessx-1.4.6/src/guess/common.h:183:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char RESULT_CHAR [4] = { '*', '1', '0', '=' };
data/chessx-1.4.6/src/guess/common.h:184:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char RESULT_STR [4][4] = { "*", "1-0", "0-1", "=-=" };
data/chessx-1.4.6/src/guess/common.h:185:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char RESULT_LONGSTR [4][8] = { "*", "1-0", "0-1", "1/2-1/2" };
data/chessx-1.4.6/src/guess/common.h:200:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char COLOR_CHAR [3] = {'W', 'B', '_' };
data/chessx-1.4.6/src/guess/compileeco.cpp:95:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file.open(QIODevice::ReadOnly))
data/chessx-1.4.6/src/guess/compileeco.cpp:194:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::WriteOnly);
data/chessx-1.4.6/src/guess/compileeco.cpp:202:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gfile.open(QIODevice::WriteOnly);
data/chessx-1.4.6/src/guess/guessengine.cpp:1027:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fyleHasPassers[2] = {0, 0};
data/chessx-1.4.6/src/guess/guessengine.cpp:2963:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[10];
data/chessx-1.4.6/src/guess/guessengine.h:98:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fyleHasPassers[2]; // One bit per file, indicating passed pawns.
data/chessx-1.4.6/src/guess/position.cpp:242:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mat[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
data/chessx-1.4.6/src/guess/position.cpp:3518:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
HalfMoveClock = (unsigned short) atoi(s);
data/chessx-1.4.6/src/guess/position.cpp:3532:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int i = atoi(s);
data/chessx-1.4.6/src/guess/position.h:82:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Material[16]; // count of each type of piece
data/chessx-1.4.6/src/guess/position.h:83:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ListPos[64]; // ListPos stores the position in
data/chessx-1.4.6/src/guess/position.h:87:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char NumOnRank[16][8];
data/chessx-1.4.6/src/guess/position.h:88:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char NumOnFyle[16][8];
data/chessx-1.4.6/src/guess/position.h:89:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char NumOnLeftDiag[16][16]; // Num Queens/Bishops
data/chessx-1.4.6/src/guess/position.h:90:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char NumOnRightDiag[16][16];
data/chessx-1.4.6/src/guess/position.h:91:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char NumOnSquareColor[16][2];
data/chessx-1.4.6/src/gui/helpbrowser.cpp:37:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( f.open( QIODevice::ReadOnly ) )
data/chessx-1.4.6/src/gui/logstream.cpp:63:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logfile.open(currentPath.toLatin1().data(), ios::app);
data/chessx-1.4.6/src/gui/mainwindow.cpp:969:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(zip.open(QuaZip::mdUnzip))
data/chessx-1.4.6/src/gui/mainwindow.cpp:977:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::ReadOnly);
data/chessx-1.4.6/src/gui/mainwindow.cpp:986:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(out.open(QIODevice::WriteOnly))
data/chessx-1.4.6/src/gui/mainwindow.cpp:1054:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f.open(QFile::ReadWrite);
data/chessx-1.4.6/src/gui/mainwindow.cpp:1083:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!db->open(utf8))
data/chessx-1.4.6/src/gui/mainwindowactions.cpp:97:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!pgnfile.open(QIODevice::WriteOnly))
data/chessx-1.4.6/src/gui/mainwindowactions.cpp:2498:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
&& fSrc.open(QIODevice::ReadOnly) &&
data/chessx-1.4.6/src/gui/mainwindowactions.cpp:2499:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fDest.open(QIODevice::WriteOnly | QIODevice::Append | QIODevice::Text))
data/chessx-1.4.6/src/gui/mainwindowactions.cpp:2538:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (streamDb.open(src, false))
data/chessx-1.4.6/src/gui/ooo/converter.cpp:74:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!oooDocument.open())
data/chessx-1.4.6/src/gui/ooo/document.cpp:28:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool Document::open() {
data/chessx-1.4.6/src/gui/ooo/document.h:21:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open();
data/chessx-1.4.6/src/gui/ooo/kzip.cpp:147:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (d->open(QIODevice::ReadWrite)) {
data/chessx-1.4.6/src/gui/ooo/kzip.cpp:404:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f.open(QFile::ReadOnly)) {
data/chessx-1.4.6/src/gui/ooo/kzip.h:127:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer1[UNZIP_READ_BUFFER];
data/chessx-1.4.6/src/gui/ooo/kzip.h:128:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer2[UNZIP_READ_BUFFER];
data/chessx-1.4.6/src/gui/style.cpp:24:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (style.open(QIODevice::ReadOnly | QIODevice::Text))
data/chessx-1.4.6/src/gui/textedit.cpp:410:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::ReadOnly))
data/chessx-1.4.6/src/gui/textedit.cpp:903:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly | QIODevice::Text))
data/chessx-1.4.6/src/quazip/JlCompress.cpp:13:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/chessx-1.4.6/src/quazip/JlCompress.cpp:59:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!inFile.open(QIODevice::ReadOnly))
data/chessx-1.4.6/src/quazip/JlCompress.cpp:66:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!outFile.open(QIODevice::WriteOnly, QuaZipNewInfo(fileDest, inFile.fileName())))
data/chessx-1.4.6/src/quazip/JlCompress.cpp:206:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!inFile.open(QIODevice::ReadOnly) || inFile.getZipError() != UNZ_OK)
data/chessx-1.4.6/src/quazip/JlCompress.cpp:226:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!outFile.open(QIODevice::WriteOnly))
data/chessx-1.4.6/src/quazip/JlCompress.cpp:286:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!zip.open(QuaZip::mdCreate))
data/chessx-1.4.6/src/quazip/JlCompress.cpp:325:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!zip.open(QuaZip::mdCreate))
data/chessx-1.4.6/src/quazip/JlCompress.cpp:370:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!zip.open(QuaZip::mdCreate))
data/chessx-1.4.6/src/quazip/JlCompress.cpp:412:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!zip.open(QuaZip::mdUnzip))
data/chessx-1.4.6/src/quazip/JlCompress.cpp:453:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!zip.open(QuaZip::mdUnzip))
data/chessx-1.4.6/src/quazip/JlCompress.cpp:497:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!zip.open(QuaZip::mdUnzip))
data/chessx-1.4.6/src/quazip/JlCompress.cpp:545:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!zip->open(QuaZip::mdUnzip))
data/chessx-1.4.6/src/quazip/crypt.h:105:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[RAND_HEAD_LEN - 2]; /* random header */
data/chessx-1.4.6/src/quazip/qioapi.cpp:46:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
iodevice->open(QIODevice::ReadOnly);
data/chessx-1.4.6/src/quazip/qioapi.cpp:50:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
iodevice->open(QIODevice::ReadWrite);
data/chessx-1.4.6/src/quazip/qioapi.cpp:54:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
iodevice->open(QIODevice::WriteOnly);
data/chessx-1.4.6/src/quazip/quagzipfile.cpp:18:36: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
template<typename FileId> bool open(FileId id,
data/chessx-1.4.6/src/quazip/quagzipfile.cpp:20:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gzFile open(int fd, const char *modeString);
data/chessx-1.4.6/src/quazip/quagzipfile.cpp:21:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gzFile open(const QString &name, const char *modeString);
data/chessx-1.4.6/src/quazip/quagzipfile.cpp:24:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gzFile QuaGzipFilePrivate::open(const QString &name, const char *modeString)
data/chessx-1.4.6/src/quazip/quagzipfile.cpp:29:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gzFile QuaGzipFilePrivate::open(int fd, const char *modeString)
data/chessx-1.4.6/src/quazip/quagzipfile.cpp:35:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool QuaGzipFilePrivate::open(FileId id, QIODevice::OpenMode mode,
data/chessx-1.4.6/src/quazip/quagzipfile.cpp:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modeString[2];
data/chessx-1.4.6/src/quazip/quagzipfile.cpp:59:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gzd = open(id, modeString);
data/chessx-1.4.6/src/quazip/quagzipfile.cpp:109:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool QuaGzipFile::open(QIODevice::OpenMode mode)
data/chessx-1.4.6/src/quazip/quagzipfile.cpp:112:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!d->open(d->fileName, mode, error))
data/chessx-1.4.6/src/quazip/quagzipfile.cpp:117:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return QIODevice::open(mode);
data/chessx-1.4.6/src/quazip/quagzipfile.cpp:120:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool QuaGzipFile::open(int fd, QIODevice::OpenMode mode)
data/chessx-1.4.6/src/quazip/quagzipfile.cpp:123:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!d->open(fd, mode, error))
data/chessx-1.4.6/src/quazip/quagzipfile.cpp:128:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return QIODevice::open(mode);
data/chessx-1.4.6/src/quazip/quagzipfile.h:22:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(QIODevice::OpenMode mode);
data/chessx-1.4.6/src/quazip/quagzipfile.h:23:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(int fd, QIODevice::OpenMode mode);
data/chessx-1.4.6/src/quazip/quaziodevice.cpp:49:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
debug.open(QIODevice::WriteOnly);
data/chessx-1.4.6/src/quazip/quaziodevice.cpp:53:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
indebug.open(QIODevice::WriteOnly);
data/chessx-1.4.6/src/quazip/quaziodevice.cpp:132:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool QuaZIODevice::open(QIODevice::OpenMode mode)
data/chessx-1.4.6/src/quazip/quaziodevice.cpp:150:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return QIODevice::open(mode);
data/chessx-1.4.6/src/quazip/quaziodevice.h:18:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(QIODevice::OpenMode);
data/chessx-1.4.6/src/quazip/quazip.cpp:133:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool QuaZip::open(Mode mode, zlib_filefunc_def* ioApi)
data/chessx-1.4.6/src/quazip/quazip.h:178:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(Mode mode, zlib_filefunc_def *ioApi = NULL);
data/chessx-1.4.6/src/quazip/quazipfile.cpp:254:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool QuaZipFile::open(OpenMode mode)
data/chessx-1.4.6/src/quazip/quazipfile.cpp:256:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(mode, NULL);
data/chessx-1.4.6/src/quazip/quazipfile.cpp:259:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool QuaZipFile::open(OpenMode mode, int *method, int *level, bool raw, const char *password)
data/chessx-1.4.6/src/quazip/quazipfile.cpp:276:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!p->zip->open(QuaZip::mdUnzip))
data/chessx-1.4.6/src/quazip/quazipfile.cpp:323:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool QuaZipFile::open(OpenMode mode, const QuaZipNewInfo& info,
data/chessx-1.4.6/src/quazip/quazipfile.h:292:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(OpenMode mode);
data/chessx-1.4.6/src/quazip/quazipfile.h:298:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inline bool open(OpenMode mode, const char *password)
data/chessx-1.4.6/src/quazip/quazipfile.h:300:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(mode, NULL, NULL, false, password);
data/chessx-1.4.6/src/quazip/quazipfile.h:314:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(OpenMode mode, int *method, int *level, bool raw, const char *password = NULL);
data/chessx-1.4.6/src/quazip/quazipfile.h:343:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(OpenMode mode, const QuaZipNewInfo& info,
data/chessx-1.4.6/src/quazip/unzip.c:869:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szCurrentFileName[UNZ_MAXFILENAMEINZIP+1];
data/chessx-1.4.6/src/quazip/unzip.c:1070:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source[12];
data/chessx-1.4.6/src/quazip/zip.c:111:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[SIZEDATA_INDATABLOCK];
data/chessx-1.4.6/src/quazip/zip.c:282:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/chessx-1.4.6/src/quazip/zip.c:907:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bufHead[RAND_HEAD_LEN];
data/chessx-1.4.6/src/database/bitboard.cpp:1787:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(san)>=5)
data/chessx-1.4.6/src/database/bitboard.cpp:1796:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(san)>=3)
data/chessx-1.4.6/src/database/index.cpp:188:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool Index::read(QDataStream &in, volatile bool *breakFlag, short version)
data/chessx-1.4.6/src/database/index.cpp:208:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_indexItems[i]->read(in);
data/chessx-1.4.6/src/database/index.h:114:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(QDataStream& in, volatile bool *breakFlag, short version);
data/chessx-1.4.6/src/database/indexitem.cpp:59:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void IndexItem::read(QDataStream& in)
data/chessx-1.4.6/src/database/indexitem.h:59:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(QDataStream& in);
data/chessx-1.4.6/src/database/outputoptions.cpp:210:47: [1] (obsolete) ulimit:
This C routine is considered obsolete (as opposed to the shell command by
the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2),
setrlimit(2), and sysconf(3) instead.
if((val >= llimit) && (val <= ulimit))
data/chessx-1.4.6/src/database/pgndatabase.cpp:64:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return (index()->read(in, breakFlag, version));
data/chessx-1.4.6/src/database/polyglotdatabase.cpp:352:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(m_file->read((char*)&c,1)<=0)
data/chessx-1.4.6/src/database/tagvalues.h:76:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual void read(QDataStream&) {}
data/chessx-1.4.6/src/gui/ooo/kzip.cpp:213:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
device()->read((char *) &lh, sizeof (LocalFileHeader));
data/chessx-1.4.6/src/gui/ooo/kzip.cpp:217:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray compressed = device()->read(compressed_size);
data/chessx-1.4.6/src/gui/ooo/kzip.cpp:271:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
device()->read((char *) tmp, 4);
data/chessx-1.4.6/src/gui/ooo/kzip.cpp:289:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
device()->read((char *) &eod, sizeof (EndOfDirectory));
data/chessx-1.4.6/src/gui/ooo/kzip.cpp:305:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
commentario = device()->read(qMin(comment_length, i));
data/chessx-1.4.6/src/gui/ooo/kzip.cpp:310:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read = device()->read((char *) &header.h, sizeof (GentralFileHeader));
data/chessx-1.4.6/src/gui/ooo/kzip.cpp:311:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read < (int) sizeof (GentralFileHeader)) {
data/chessx-1.4.6/src/gui/ooo/kzip.cpp:321:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
header.file_name = device()->read(l);
data/chessx-1.4.6/src/gui/ooo/kzip.cpp:327:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
header.extra_field = device()->read(l);
data/chessx-1.4.6/src/gui/ooo/kzip.cpp:333:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
header.file_comment = device()->read(l);
data/chessx-1.4.6/src/gui/ooo/kzip.cpp:356:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (device()->read(buffer1, UNZIP_EOCD_SIZE) != UNZIP_EOCD_SIZE) {
data/chessx-1.4.6/src/quazip/JlCompress.cpp:14:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
qint64 readLen = inFile.read(buf, 4096);
data/chessx-1.4.6/src/quazip/qioapi.cpp:83:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = (uLong)((QIODevice*)stream)->read((char*)buf, size);
data/chessx-1.4.6/src/quazip/quaziodevice.cpp:176:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(read < maxSize)
data/chessx-1.4.6/src/quazip/quaziodevice.cpp:181:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d->inBufSize = d->io->read(d->inBuf, QUAZIO_INBUFSIZE);
data/chessx-1.4.6/src/quazip/quaziodevice.cpp:193:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(read < maxSize && d->inBufPos < d->inBufSize)
data/chessx-1.4.6/src/quazip/quaziodevice.cpp:197:49: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d->zins.next_out = (Bytef *)(data + read);
data/chessx-1.4.6/src/quazip/quaziodevice.cpp:198:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d->zins.avail_out = (uInt)(maxSize - read); // hope it's less than 2GB
data/chessx-1.4.6/src/quazip/quaziodevice.cpp:209:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/chessx-1.4.6/src/quazip/quaziodevice.cpp:220:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
more = d->io->read(d->inBuf + d->inBufSize, QUAZIO_INBUFSIZE - d->inBufSize);
data/chessx-1.4.6/src/quazip/quaziodevice.cpp:228:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/chessx-1.4.6/src/quazip/quaziodevice.cpp:239:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
indebug.write(data, read);
data/chessx-1.4.6/src/quazip/quaziodevice.cpp:241:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/chessx-1.4.6/src/quazip/unzip.c:852:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(szFileName)>=UNZ_MAXFILENAMEINZIP)
data/chessx-1.4.6/src/quazip/zip.c:768:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_comment = (uInt)strlen(comment);
data/chessx-1.4.6/src/quazip/zip.c:770:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_filename = (uInt)strlen(filename);
data/chessx-1.4.6/src/quazip/zip.c:1204:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_global_comment = (uInt)strlen(global_comment);
ANALYSIS SUMMARY:
Hits = 196
Lines analyzed = 75572 in approximately 1.75 seconds (43157 lines/second)
Physical Source Lines of Code (SLOC) = 59035
Hits@level = [0] 3 [1] 38 [2] 146 [3] 8 [4] 4 [5] 0
Hits@level+ = [0+] 199 [1+] 196 [2+] 158 [3+] 12 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 3.37088 [1+] 3.32006 [2+] 2.67638 [3+] 0.203269 [4+] 0.0677564 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.