Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/chessx-1.4.6/src/database/analysis.cpp Examining data/chessx-1.4.6/src/database/analysis.h Examining data/chessx-1.4.6/src/database/bitboard.cpp Examining data/chessx-1.4.6/src/database/bitboard.h Examining data/chessx-1.4.6/src/database/bitfind.h Examining data/chessx-1.4.6/src/database/board.cpp Examining data/chessx-1.4.6/src/database/board.h Examining data/chessx-1.4.6/src/database/circularbuffer.h Examining data/chessx-1.4.6/src/database/clipboarddatabase.cpp Examining data/chessx-1.4.6/src/database/clipboarddatabase.h Examining data/chessx-1.4.6/src/database/ctgbookwriter.cpp Examining data/chessx-1.4.6/src/database/ctgbookwriter.h Examining data/chessx-1.4.6/src/database/ctgdatabase.cpp Examining data/chessx-1.4.6/src/database/ctgdatabase.h Examining data/chessx-1.4.6/src/database/database.cpp Examining data/chessx-1.4.6/src/database/database.h Examining data/chessx-1.4.6/src/database/databaseconversion.cpp Examining data/chessx-1.4.6/src/database/databaseconversion.h Examining data/chessx-1.4.6/src/database/databaseinfo.cpp Examining data/chessx-1.4.6/src/database/datesearch.cpp Examining data/chessx-1.4.6/src/database/datesearch.h Examining data/chessx-1.4.6/src/database/downloadmanager.cpp Examining data/chessx-1.4.6/src/database/downloadmanager.h Examining data/chessx-1.4.6/src/database/duplicatesearch.cpp Examining data/chessx-1.4.6/src/database/duplicatesearch.h Examining data/chessx-1.4.6/src/database/ecoinfo.cpp Examining data/chessx-1.4.6/src/database/ecoinfo.h Examining data/chessx-1.4.6/src/database/ecopositions.cpp Examining data/chessx-1.4.6/src/database/ecopositions.h Examining data/chessx-1.4.6/src/database/editaction.cpp Examining data/chessx-1.4.6/src/database/editaction.h Examining data/chessx-1.4.6/src/database/elosearch.cpp Examining data/chessx-1.4.6/src/database/elosearch.h Examining data/chessx-1.4.6/src/database/engine.cpp Examining data/chessx-1.4.6/src/database/engine.h Examining data/chessx-1.4.6/src/database/enginedata.cpp Examining data/chessx-1.4.6/src/database/enginedata.h Examining data/chessx-1.4.6/src/database/enginelist.cpp Examining data/chessx-1.4.6/src/database/enginelist.h Examining data/chessx-1.4.6/src/database/engineoptiondata.cpp Examining data/chessx-1.4.6/src/database/engineoptiondata.h Examining data/chessx-1.4.6/src/database/engineparameter.h Examining data/chessx-1.4.6/src/database/eventinfo.cpp Examining data/chessx-1.4.6/src/database/eventinfo.h Examining data/chessx-1.4.6/src/database/ficsclient.cpp Examining data/chessx-1.4.6/src/database/ficsclient.h Examining data/chessx-1.4.6/src/database/ficsdatabase.cpp Examining data/chessx-1.4.6/src/database/ficsdatabase.h Examining data/chessx-1.4.6/src/database/filter.cpp Examining data/chessx-1.4.6/src/database/filter.h Examining data/chessx-1.4.6/src/database/filtermodel.cpp Examining data/chessx-1.4.6/src/database/filtermodel.h Examining data/chessx-1.4.6/src/database/filtersearch.cpp Examining data/chessx-1.4.6/src/database/filtersearch.h Examining data/chessx-1.4.6/src/database/game.cpp Examining data/chessx-1.4.6/src/database/game.h Examining data/chessx-1.4.6/src/database/gameid.h Examining data/chessx-1.4.6/src/database/historylist.cpp Examining data/chessx-1.4.6/src/database/historylist.h Examining data/chessx-1.4.6/src/database/index.cpp Examining data/chessx-1.4.6/src/database/index.h Examining data/chessx-1.4.6/src/database/indexitem.cpp Examining data/chessx-1.4.6/src/database/indexitem.h Examining data/chessx-1.4.6/src/database/memorydatabase.cpp Examining data/chessx-1.4.6/src/database/memorydatabase.h Examining data/chessx-1.4.6/src/database/move.h Examining data/chessx-1.4.6/src/database/movedata.cpp Examining data/chessx-1.4.6/src/database/movedata.h Examining data/chessx-1.4.6/src/database/movelist.h Examining data/chessx-1.4.6/src/database/nag.cpp Examining data/chessx-1.4.6/src/database/nag.h Examining data/chessx-1.4.6/src/database/numbersearch.cpp Examining data/chessx-1.4.6/src/database/numbersearch.h Examining data/chessx-1.4.6/src/database/openingtree.cpp Examining data/chessx-1.4.6/src/database/openingtree.h Examining data/chessx-1.4.6/src/database/openingtreethread.cpp Examining data/chessx-1.4.6/src/database/openingtreethread.h Examining data/chessx-1.4.6/src/database/output.cpp Examining data/chessx-1.4.6/src/database/output.h Examining data/chessx-1.4.6/src/database/outputoptions.cpp Examining data/chessx-1.4.6/src/database/outputoptions.h Examining data/chessx-1.4.6/src/database/partialdate.cpp Examining data/chessx-1.4.6/src/database/partialdate.h Examining data/chessx-1.4.6/src/database/pdbtest.cpp Examining data/chessx-1.4.6/src/database/pdbtest.h Examining data/chessx-1.4.6/src/database/pgndatabase.cpp Examining data/chessx-1.4.6/src/database/pgndatabase.h Examining data/chessx-1.4.6/src/database/piece.cpp Examining data/chessx-1.4.6/src/database/piece.h Examining data/chessx-1.4.6/src/database/playerdata.cpp Examining data/chessx-1.4.6/src/database/playerdata.h Examining data/chessx-1.4.6/src/database/playerdatabase.cpp Examining data/chessx-1.4.6/src/database/playerdatabase.h Examining data/chessx-1.4.6/src/database/playerinfo.cpp Examining data/chessx-1.4.6/src/database/playerinfo.h Examining data/chessx-1.4.6/src/database/polyglotdatabase.cpp Examining data/chessx-1.4.6/src/database/polyglotdatabase.h Examining data/chessx-1.4.6/src/database/polyglotwriter.cpp Examining data/chessx-1.4.6/src/database/polyglotwriter.h Examining data/chessx-1.4.6/src/database/positionsearch.cpp Examining data/chessx-1.4.6/src/database/positionsearch.h Examining data/chessx-1.4.6/src/database/query.cpp Examining data/chessx-1.4.6/src/database/query.h Examining data/chessx-1.4.6/src/database/rand64.h Examining data/chessx-1.4.6/src/database/refcount.cpp Examining data/chessx-1.4.6/src/database/refcount.h Examining data/chessx-1.4.6/src/database/result.cpp Examining data/chessx-1.4.6/src/database/result.h Examining data/chessx-1.4.6/src/database/search.cpp Examining data/chessx-1.4.6/src/database/search.h Examining data/chessx-1.4.6/src/database/settings.cpp Examining data/chessx-1.4.6/src/database/settings.h Examining data/chessx-1.4.6/src/database/spellchecker.cpp Examining data/chessx-1.4.6/src/database/spellchecker.h Examining data/chessx-1.4.6/src/database/square.h Examining data/chessx-1.4.6/src/database/streamdatabase.cpp Examining data/chessx-1.4.6/src/database/streamdatabase.h Examining data/chessx-1.4.6/src/database/tablebase.cpp Examining data/chessx-1.4.6/src/database/tablebase.h Examining data/chessx-1.4.6/src/database/tags.cpp Examining data/chessx-1.4.6/src/database/tags.h Examining data/chessx-1.4.6/src/database/tagsearch.cpp Examining data/chessx-1.4.6/src/database/tagsearch.h Examining data/chessx-1.4.6/src/database/tagvalues.h Examining data/chessx-1.4.6/src/database/telnetclient.cpp Examining data/chessx-1.4.6/src/database/telnetclient.h Examining data/chessx-1.4.6/src/database/threadedguess.cpp Examining data/chessx-1.4.6/src/database/threadedguess.h Examining data/chessx-1.4.6/src/database/tristatetree.cpp Examining data/chessx-1.4.6/src/database/tristatetree.h Examining data/chessx-1.4.6/src/database/uciengine.cpp Examining data/chessx-1.4.6/src/database/uciengine.h Examining data/chessx-1.4.6/src/database/version.h Examining data/chessx-1.4.6/src/database/wbengine.cpp Examining data/chessx-1.4.6/src/database/wbengine.h Examining data/chessx-1.4.6/src/database/databaseinfo.h Examining data/chessx-1.4.6/src/dialogs/aboutdlg.cpp Examining data/chessx-1.4.6/src/dialogs/aboutdlg.h Examining data/chessx-1.4.6/src/dialogs/actiondialog.cpp Examining data/chessx-1.4.6/src/dialogs/actiondialog.h Examining data/chessx-1.4.6/src/dialogs/boardsearchdialog.cpp Examining data/chessx-1.4.6/src/dialogs/boardsearchdialog.h Examining data/chessx-1.4.6/src/dialogs/commentdialog.cpp Examining data/chessx-1.4.6/src/dialogs/commentdialog.h Examining data/chessx-1.4.6/src/dialogs/copydialog.cpp Examining data/chessx-1.4.6/src/dialogs/copydialog.h Examining data/chessx-1.4.6/src/dialogs/dlgsavebook.cpp Examining data/chessx-1.4.6/src/dialogs/dlgsavebook.h Examining data/chessx-1.4.6/src/dialogs/matchparameterdlg.cpp Examining data/chessx-1.4.6/src/dialogs/matchparameterdlg.h Examining data/chessx-1.4.6/src/dialogs/preferences.h Examining data/chessx-1.4.6/src/dialogs/promotiondialog.cpp Examining data/chessx-1.4.6/src/dialogs/promotiondialog.h Examining data/chessx-1.4.6/src/dialogs/quicksearch.cpp Examining data/chessx-1.4.6/src/dialogs/quicksearch.h Examining data/chessx-1.4.6/src/dialogs/recipientaddressdialog.cpp Examining data/chessx-1.4.6/src/dialogs/recipientaddressdialog.h Examining data/chessx-1.4.6/src/dialogs/renametagdialog.cpp Examining data/chessx-1.4.6/src/dialogs/renametagdialog.h Examining data/chessx-1.4.6/src/dialogs/savedialog.h Examining data/chessx-1.4.6/src/dialogs/tagdialog.cpp Examining data/chessx-1.4.6/src/dialogs/tagdialog.h Examining data/chessx-1.4.6/src/dialogs/preferences.cpp Examining data/chessx-1.4.6/src/dialogs/savedialog.cpp Examining data/chessx-1.4.6/src/guess/attacks.h Examining data/chessx-1.4.6/src/guess/common.h Examining data/chessx-1.4.6/src/guess/compileeco.cpp Examining data/chessx-1.4.6/src/guess/compileeco.h Examining data/chessx-1.4.6/src/guess/error.h Examining data/chessx-1.4.6/src/guess/guess.cpp Examining data/chessx-1.4.6/src/guess/guess.h Examining data/chessx-1.4.6/src/guess/guessengine.cpp Examining data/chessx-1.4.6/src/guess/guessengine.h Examining data/chessx-1.4.6/src/guess/hash.h Examining data/chessx-1.4.6/src/guess/misc.cpp Examining data/chessx-1.4.6/src/guess/misc.h Examining data/chessx-1.4.6/src/guess/movelist.cpp Examining data/chessx-1.4.6/src/guess/movelist.h Examining data/chessx-1.4.6/src/guess/position.h Examining data/chessx-1.4.6/src/guess/recog.cpp Examining data/chessx-1.4.6/src/guess/recog.h Examining data/chessx-1.4.6/src/guess/sqlist.h Examining data/chessx-1.4.6/src/guess/sqmove.h Examining data/chessx-1.4.6/src/guess/sqset.h Examining data/chessx-1.4.6/src/guess/position.cpp Examining data/chessx-1.4.6/src/gui/analysiswidget.cpp Examining data/chessx-1.4.6/src/gui/analysiswidget.h Examining data/chessx-1.4.6/src/gui/boardsetup.cpp Examining data/chessx-1.4.6/src/gui/boardsetup.h Examining data/chessx-1.4.6/src/gui/boardsetuptoolbutton.cpp Examining data/chessx-1.4.6/src/gui/boardsetuptoolbutton.h Examining data/chessx-1.4.6/src/gui/boardtheme.cpp Examining data/chessx-1.4.6/src/gui/boardtheme.h Examining data/chessx-1.4.6/src/gui/boardview.cpp Examining data/chessx-1.4.6/src/gui/boardview.h Examining data/chessx-1.4.6/src/gui/boardviewex.cpp Examining data/chessx-1.4.6/src/gui/boardviewex.h Examining data/chessx-1.4.6/src/gui/chartwidget.cpp Examining data/chessx-1.4.6/src/gui/chartwidget.h Examining data/chessx-1.4.6/src/gui/chessbrowser.cpp Examining data/chessx-1.4.6/src/gui/chessbrowser.h Examining data/chessx-1.4.6/src/gui/colorlist.cpp Examining data/chessx-1.4.6/src/gui/colorlist.h Examining data/chessx-1.4.6/src/gui/databaselist.cpp Examining data/chessx-1.4.6/src/gui/databaselist.h Examining data/chessx-1.4.6/src/gui/databaselistmodel.cpp Examining data/chessx-1.4.6/src/gui/databaselistmodel.h Examining data/chessx-1.4.6/src/gui/digitalclock.cpp Examining data/chessx-1.4.6/src/gui/digitalclock.h Examining data/chessx-1.4.6/src/gui/dockwidgetex.cpp Examining data/chessx-1.4.6/src/gui/dockwidgetex.h Examining data/chessx-1.4.6/src/gui/ecolistwidget.cpp Examining data/chessx-1.4.6/src/gui/ecolistwidget.h Examining data/chessx-1.4.6/src/gui/ecothread.h Examining data/chessx-1.4.6/src/gui/engineoptiondialog.cpp Examining data/chessx-1.4.6/src/gui/engineoptiondialog.h Examining data/chessx-1.4.6/src/gui/engineoptionlist.cpp Examining data/chessx-1.4.6/src/gui/engineoptionlist.h Examining data/chessx-1.4.6/src/gui/engineoptionmodel.cpp Examining data/chessx-1.4.6/src/gui/engineoptionmodel.h Examining data/chessx-1.4.6/src/gui/eventlistwidget.cpp Examining data/chessx-1.4.6/src/gui/eventlistwidget.h Examining data/chessx-1.4.6/src/gui/exclusiveactiongroup.cpp Examining data/chessx-1.4.6/src/gui/exclusiveactiongroup.h Examining data/chessx-1.4.6/src/gui/exttool.cpp Examining data/chessx-1.4.6/src/gui/exttool.h Examining data/chessx-1.4.6/src/gui/ficsconsole.cpp Examining data/chessx-1.4.6/src/gui/ficsconsole.h Examining data/chessx-1.4.6/src/gui/gamelist.cpp Examining data/chessx-1.4.6/src/gui/gamelist.h Examining data/chessx-1.4.6/src/gui/GameMimeData.h Examining data/chessx-1.4.6/src/gui/gamewindow.h Examining data/chessx-1.4.6/src/gui/helpbrowser.cpp Examining data/chessx-1.4.6/src/gui/helpbrowser.h Examining data/chessx-1.4.6/src/gui/helpbrowsershell.cpp Examining data/chessx-1.4.6/src/gui/helpbrowsershell.h Examining data/chessx-1.4.6/src/gui/historylabel.cpp Examining data/chessx-1.4.6/src/gui/historylabel.h Examining data/chessx-1.4.6/src/gui/kbaction.cpp Examining data/chessx-1.4.6/src/gui/kbaction.h Examining data/chessx-1.4.6/src/gui/loadquery.cpp Examining data/chessx-1.4.6/src/gui/loadquery.h Examining data/chessx-1.4.6/src/gui/logstream.cpp Examining data/chessx-1.4.6/src/gui/logstream.h Examining data/chessx-1.4.6/src/gui/main.cpp Examining data/chessx-1.4.6/src/gui/mainwindow.cpp Examining data/chessx-1.4.6/src/gui/mainwindow.h Examining data/chessx-1.4.6/src/gui/mainwindowabout.cpp Examining data/chessx-1.4.6/src/gui/mainwindowactions.cpp Examining data/chessx-1.4.6/src/gui/messagedialog.cpp Examining data/chessx-1.4.6/src/gui/messagedialog.h Examining data/chessx-1.4.6/src/gui/ooo/converter.cpp Examining data/chessx-1.4.6/src/gui/ooo/converter.h Examining data/chessx-1.4.6/src/gui/ooo/document.cpp Examining data/chessx-1.4.6/src/gui/ooo/document.h Examining data/chessx-1.4.6/src/gui/ooo/formatproperty.cpp Examining data/chessx-1.4.6/src/gui/ooo/formatproperty.h Examining data/chessx-1.4.6/src/gui/ooo/kzip.cpp Examining data/chessx-1.4.6/src/gui/ooo/kzip.h Examining data/chessx-1.4.6/src/gui/ooo/styleinformation.cpp Examining data/chessx-1.4.6/src/gui/ooo/styleinformation.h Examining data/chessx-1.4.6/src/gui/ooo/styleparser.cpp Examining data/chessx-1.4.6/src/gui/ooo/styleparser.h Examining data/chessx-1.4.6/src/gui/openingtreewidget.cpp Examining data/chessx-1.4.6/src/gui/openingtreewidget.h Examining data/chessx-1.4.6/src/gui/plaintextedit.cpp Examining data/chessx-1.4.6/src/gui/plaintextedit.h Examining data/chessx-1.4.6/src/gui/playerlistwidget.cpp Examining data/chessx-1.4.6/src/gui/playerlistwidget.h Examining data/chessx-1.4.6/src/gui/qled.cpp Examining data/chessx-1.4.6/src/gui/qled.h Examining data/chessx-1.4.6/src/gui/shellhelper.cpp Examining data/chessx-1.4.6/src/gui/shellhelper.h Examining data/chessx-1.4.6/src/gui/simplelabel.cpp Examining data/chessx-1.4.6/src/gui/simplelabel.h Examining data/chessx-1.4.6/src/gui/style.cpp Examining data/chessx-1.4.6/src/gui/style.h Examining data/chessx-1.4.6/src/gui/tableview.cpp Examining data/chessx-1.4.6/src/gui/tableview.h Examining data/chessx-1.4.6/src/gui/textbrowserex.h Examining data/chessx-1.4.6/src/gui/textedit.cpp Examining data/chessx-1.4.6/src/gui/textedit.h Examining data/chessx-1.4.6/src/gui/toolmainwindow.cpp Examining data/chessx-1.4.6/src/gui/toolmainwindow.h Examining data/chessx-1.4.6/src/gui/translatingslider.cpp Examining data/chessx-1.4.6/src/gui/translatingslider.h Examining data/chessx-1.4.6/src/gui/gamewindow.cpp Examining data/chessx-1.4.6/src/quazip/crypt.h Examining data/chessx-1.4.6/src/quazip/ioapi.h Examining data/chessx-1.4.6/src/quazip/JlCompress.cpp Examining data/chessx-1.4.6/src/quazip/JlCompress.h Examining data/chessx-1.4.6/src/quazip/qioapi.cpp Examining data/chessx-1.4.6/src/quazip/quaadler32.cpp Examining data/chessx-1.4.6/src/quazip/quaadler32.h Examining data/chessx-1.4.6/src/quazip/quachecksum32.h Examining data/chessx-1.4.6/src/quazip/quacrc32.cpp Examining data/chessx-1.4.6/src/quazip/quacrc32.h Examining data/chessx-1.4.6/src/quazip/quagzipfile.cpp Examining data/chessx-1.4.6/src/quazip/quagzipfile.h Examining data/chessx-1.4.6/src/quazip/quaziodevice.cpp Examining data/chessx-1.4.6/src/quazip/quaziodevice.h Examining data/chessx-1.4.6/src/quazip/quazip.cpp Examining data/chessx-1.4.6/src/quazip/quazip.h Examining data/chessx-1.4.6/src/quazip/quazip_global.h Examining data/chessx-1.4.6/src/quazip/quazipdir.cpp Examining data/chessx-1.4.6/src/quazip/quazipdir.h Examining data/chessx-1.4.6/src/quazip/quazipfile.cpp Examining data/chessx-1.4.6/src/quazip/quazipfile.h Examining data/chessx-1.4.6/src/quazip/quazipfileinfo.h Examining data/chessx-1.4.6/src/quazip/quazipnewinfo.cpp Examining data/chessx-1.4.6/src/quazip/quazipnewinfo.h Examining data/chessx-1.4.6/src/quazip/unzip.c Examining data/chessx-1.4.6/src/quazip/unzip.h Examining data/chessx-1.4.6/src/quazip/zip.c Examining data/chessx-1.4.6/src/quazip/zip.h FINAL RESULTS: data/chessx-1.4.6/src/guess/guessengine.cpp:2901:5: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(format, ap); data/chessx-1.4.6/src/guess/guessengine.cpp:2904:9: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(LogFile, format, ap); data/chessx-1.4.6/src/gui/main.cpp:137:68: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. QString shortSystemLang = QString("chessx_%1.qm").arg(QLocale::system().name().left(2)); data/chessx-1.4.6/src/gui/main.cpp:138:67: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. QString fullSystemLang = QString("chessx_%1.qm").arg(QLocale::system().name().left(5)); data/chessx-1.4.6/src/guess/common.h:875:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(seed); data/chessx-1.4.6/src/guess/common.h:877:5: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(seed); data/chessx-1.4.6/src/guess/common.h:886:12: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. return random() ^ (random() << 16) ^ (random() >> 16); data/chessx-1.4.6/src/guess/common.h:886:24: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. return random() ^ (random() << 16) ^ (random() >> 16); data/chessx-1.4.6/src/guess/common.h:886:43: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. return random() ^ (random() << 16) ^ (random() >> 16); data/chessx-1.4.6/src/gui/mainwindow.cpp:376:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(0)); data/chessx-1.4.6/src/gui/mainwindowactions.cpp:1360:56: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. gameLoad(databaseInfo()->filter()->indexToGame(random)); data/chessx-1.4.6/src/quazip/crypt.h:119:9: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned)(time(NULL) ^ ZCR_SEED2)); data/chessx-1.4.6/src/database/bitboard.cpp:104:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char Castle[64] = data/chessx-1.4.6/src/database/bitboard.cpp:1362:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char f[9]; data/chessx-1.4.6/src/database/bitboard.h:239:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char m_piece[64]; // type of piece on this square data/chessx-1.4.6/src/database/bitboard.h:247:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char m_pawnCount[2]; // Number of pawns for each side data/chessx-1.4.6/src/database/bitboard.h:248:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char m_pieceCount[2]; // Number of pieces INCLUDING pawns for each side data/chessx-1.4.6/src/database/board.cpp:267:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(file.open(QIODevice::ReadOnly)) data/chessx-1.4.6/src/database/ctgdatabase.cpp:28:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool CtgDatabase::open(const QString &filename, bool) data/chessx-1.4.6/src/database/ctgdatabase.cpp:80:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file->open(readOnly ? QIODevice::ReadOnly : QIODevice::WriteOnly)) data/chessx-1.4.6/src/database/ctgdatabase.h:15:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual bool open(const QString& filename, bool); data/chessx-1.4.6/src/database/database.h:51:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual bool open(const QString& filename, bool utf8) = 0; data/chessx-1.4.6/src/database/databaseconversion.cpp:51:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!(inFile.open(QIODevice::ReadOnly))) data/chessx-1.4.6/src/database/databaseinfo.cpp:79:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!m_database->open(filename, m_utf8)) data/chessx-1.4.6/src/database/databaseinfo.cpp:100:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool DatabaseInfo::open(bool utf8) data/chessx-1.4.6/src/database/databaseinfo.h:45:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(bool utf8); data/chessx-1.4.6/src/database/downloadmanager.cpp:117:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!file.open(QIODevice::WriteOnly)) data/chessx-1.4.6/src/database/ecopositions.cpp:23:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(file.open(QIODevice::ReadOnly)) data/chessx-1.4.6/src/database/engine.cpp:41:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (m_logFile.open(QIODevice::WriteOnly)) data/chessx-1.4.6/src/database/game.cpp:23:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char strSquareNames[64][3] = data/chessx-1.4.6/src/database/output.cpp:91:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(file.open(QIODevice::ReadOnly)) data/chessx-1.4.6/src/database/output.cpp:953:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!f.open(QIODevice::WriteOnly | QIODevice::Text)) data/chessx-1.4.6/src/database/output.cpp:969:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!f.open(QIODevice::WriteOnly | QIODevice::Text)) data/chessx-1.4.6/src/database/output.cpp:985:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!f.open(QIODevice::WriteOnly | QIODevice::Text)) data/chessx-1.4.6/src/database/output.cpp:1001:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!f.open(QIODevice::WriteOnly | QIODevice::Append | QIODevice::Text)) data/chessx-1.4.6/src/database/output.cpp:1027:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!f.open(QIODevice::WriteOnly | QIODevice::Append | QIODevice::Text)) data/chessx-1.4.6/src/database/pdbtest.cpp:31:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(pdb.open(db_name)) data/chessx-1.4.6/src/database/pdbtest.cpp:148:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(pdb.open(db_name)) data/chessx-1.4.6/src/database/pgndatabase.cpp:42:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool PgnDatabase::open(const QString& filename, bool utf8) data/chessx-1.4.6/src/database/pgndatabase.cpp:97:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!file.open(QIODevice::ReadOnly)) data/chessx-1.4.6/src/database/pgndatabase.cpp:191:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!file.open(QIODevice::WriteOnly)) data/chessx-1.4.6/src/database/pgndatabase.cpp:322:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file->open(QIODevice::ReadOnly); data/chessx-1.4.6/src/database/pgndatabase.cpp:335:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer->open(QIODevice::ReadOnly | QIODevice::Text); data/chessx-1.4.6/src/database/pgndatabase.h:39:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual bool open(const QString& filename, bool utf8); data/chessx-1.4.6/src/database/pgndatabase.h:162:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newAllocation, m_gameOffsets64, m_count * sizeof(qint64)); data/chessx-1.4.6/src/database/pgndatabase.h:169:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newAllocation, m_gameOffsets32, m_count * sizeof(qint32)); data/chessx-1.4.6/src/database/playerdatabase.cpp:49:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_mapfile.open(QIODevice::ReadWrite); data/chessx-1.4.6/src/database/playerdatabase.cpp:57:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_datafile.open(QIODevice::ReadWrite); data/chessx-1.4.6/src/database/playerdatabase.cpp:71:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool PlayerDatabase::open(const QString& fname) data/chessx-1.4.6/src/database/playerdatabase.cpp:75:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!m_mapfile.open(QIODevice::ReadWrite)) data/chessx-1.4.6/src/database/playerdatabase.cpp:106:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!m_datafile.open(QIODevice::ReadWrite)) data/chessx-1.4.6/src/database/playerdatabase.h:36:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(const QString& fname); data/chessx-1.4.6/src/database/polyglotdatabase.cpp:55:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool PolyglotDatabase::open(const QString &filename, bool) data/chessx-1.4.6/src/database/polyglotdatabase.cpp:107:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file->open(readOnly ? QIODevice::ReadOnly : QIODevice::WriteOnly)) data/chessx-1.4.6/src/database/polyglotdatabase.h:109:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual bool open(const QString& filename, bool); data/chessx-1.4.6/src/database/spellchecker.cpp:30:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!file.open(QIODevice::ReadOnly)) data/chessx-1.4.6/src/database/spellchecker.cpp:90:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QIODevice::WriteOnly); data/chessx-1.4.6/src/database/spellchecker.cpp:133:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!file.open(QIODevice::ReadOnly)) data/chessx-1.4.6/src/dialogs/preferences.cpp:366:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(dictFile.open(QIODevice::ReadOnly)) data/chessx-1.4.6/src/guess/common.h:126:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char smallBoardT [32]; data/chessx-1.4.6/src/guess/common.h:138:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef char sanStringT [ 10]; // SAN Move Notation data/chessx-1.4.6/src/guess/common.h:142:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef char fileNameT [512]; data/chessx-1.4.6/src/guess/common.h:162:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef char ecoStringT [6]; /* "A00j1" */ data/chessx-1.4.6/src/guess/common.h:183:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char RESULT_CHAR [4] = { '*', '1', '0', '=' }; data/chessx-1.4.6/src/guess/common.h:184:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char RESULT_STR [4][4] = { "*", "1-0", "0-1", "=-=" }; data/chessx-1.4.6/src/guess/common.h:185:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char RESULT_LONGSTR [4][8] = { "*", "1-0", "0-1", "1/2-1/2" }; data/chessx-1.4.6/src/guess/common.h:200:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char COLOR_CHAR [3] = {'W', 'B', '_' }; data/chessx-1.4.6/src/guess/compileeco.cpp:95:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!file.open(QIODevice::ReadOnly)) data/chessx-1.4.6/src/guess/compileeco.cpp:194:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QIODevice::WriteOnly); data/chessx-1.4.6/src/guess/compileeco.cpp:202:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gfile.open(QIODevice::WriteOnly); data/chessx-1.4.6/src/guess/guessengine.cpp:1027:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char fyleHasPassers[2] = {0, 0}; data/chessx-1.4.6/src/guess/guessengine.cpp:2963:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[10]; data/chessx-1.4.6/src/guess/guessengine.h:98:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char fyleHasPassers[2]; // One bit per file, indicating passed pawns. data/chessx-1.4.6/src/guess/position.cpp:242:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mat[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; data/chessx-1.4.6/src/guess/position.cpp:3518:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). HalfMoveClock = (unsigned short) atoi(s); data/chessx-1.4.6/src/guess/position.cpp:3532:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int i = atoi(s); data/chessx-1.4.6/src/guess/position.h:82:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char Material[16]; // count of each type of piece data/chessx-1.4.6/src/guess/position.h:83:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ListPos[64]; // ListPos stores the position in data/chessx-1.4.6/src/guess/position.h:87:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char NumOnRank[16][8]; data/chessx-1.4.6/src/guess/position.h:88:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char NumOnFyle[16][8]; data/chessx-1.4.6/src/guess/position.h:89:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char NumOnLeftDiag[16][16]; // Num Queens/Bishops data/chessx-1.4.6/src/guess/position.h:90:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char NumOnRightDiag[16][16]; data/chessx-1.4.6/src/guess/position.h:91:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char NumOnSquareColor[16][2]; data/chessx-1.4.6/src/gui/helpbrowser.cpp:37:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( f.open( QIODevice::ReadOnly ) ) data/chessx-1.4.6/src/gui/logstream.cpp:63:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). logfile.open(currentPath.toLatin1().data(), ios::app); data/chessx-1.4.6/src/gui/mainwindow.cpp:969:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(zip.open(QuaZip::mdUnzip)) data/chessx-1.4.6/src/gui/mainwindow.cpp:977:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QIODevice::ReadOnly); data/chessx-1.4.6/src/gui/mainwindow.cpp:986:32: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(out.open(QIODevice::WriteOnly)) data/chessx-1.4.6/src/gui/mainwindow.cpp:1054:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f.open(QFile::ReadWrite); data/chessx-1.4.6/src/gui/mainwindow.cpp:1083:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!db->open(utf8)) data/chessx-1.4.6/src/gui/mainwindowactions.cpp:97:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!pgnfile.open(QIODevice::WriteOnly)) data/chessx-1.4.6/src/gui/mainwindowactions.cpp:2498:29: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). && fSrc.open(QIODevice::ReadOnly) && data/chessx-1.4.6/src/gui/mainwindowactions.cpp:2499:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fDest.open(QIODevice::WriteOnly | QIODevice::Append | QIODevice::Text)) data/chessx-1.4.6/src/gui/mainwindowactions.cpp:2538:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (streamDb.open(src, false)) data/chessx-1.4.6/src/gui/ooo/converter.cpp:74:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!oooDocument.open()) data/chessx-1.4.6/src/gui/ooo/document.cpp:28:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool Document::open() { data/chessx-1.4.6/src/gui/ooo/document.h:21:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(); data/chessx-1.4.6/src/gui/ooo/kzip.cpp:147:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (d->open(QIODevice::ReadWrite)) { data/chessx-1.4.6/src/gui/ooo/kzip.cpp:404:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (f.open(QFile::ReadOnly)) { data/chessx-1.4.6/src/gui/ooo/kzip.h:127:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer1[UNZIP_READ_BUFFER]; data/chessx-1.4.6/src/gui/ooo/kzip.h:128:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer2[UNZIP_READ_BUFFER]; data/chessx-1.4.6/src/gui/style.cpp:24:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (style.open(QIODevice::ReadOnly | QIODevice::Text)) data/chessx-1.4.6/src/gui/textedit.cpp:410:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QFile::ReadOnly)) data/chessx-1.4.6/src/gui/textedit.cpp:903:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::ReadOnly | QIODevice::Text)) data/chessx-1.4.6/src/quazip/JlCompress.cpp:13:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/chessx-1.4.6/src/quazip/JlCompress.cpp:59:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!inFile.open(QIODevice::ReadOnly)) data/chessx-1.4.6/src/quazip/JlCompress.cpp:66:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!outFile.open(QIODevice::WriteOnly, QuaZipNewInfo(fileDest, inFile.fileName()))) data/chessx-1.4.6/src/quazip/JlCompress.cpp:206:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!inFile.open(QIODevice::ReadOnly) || inFile.getZipError() != UNZ_OK) data/chessx-1.4.6/src/quazip/JlCompress.cpp:226:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!outFile.open(QIODevice::WriteOnly)) data/chessx-1.4.6/src/quazip/JlCompress.cpp:286:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!zip.open(QuaZip::mdCreate)) data/chessx-1.4.6/src/quazip/JlCompress.cpp:325:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!zip.open(QuaZip::mdCreate)) data/chessx-1.4.6/src/quazip/JlCompress.cpp:370:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!zip.open(QuaZip::mdCreate)) data/chessx-1.4.6/src/quazip/JlCompress.cpp:412:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!zip.open(QuaZip::mdUnzip)) data/chessx-1.4.6/src/quazip/JlCompress.cpp:453:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!zip.open(QuaZip::mdUnzip)) data/chessx-1.4.6/src/quazip/JlCompress.cpp:497:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!zip.open(QuaZip::mdUnzip)) data/chessx-1.4.6/src/quazip/JlCompress.cpp:545:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!zip->open(QuaZip::mdUnzip)) data/chessx-1.4.6/src/quazip/crypt.h:105:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char header[RAND_HEAD_LEN - 2]; /* random header */ data/chessx-1.4.6/src/quazip/qioapi.cpp:46:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). iodevice->open(QIODevice::ReadOnly); data/chessx-1.4.6/src/quazip/qioapi.cpp:50:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). iodevice->open(QIODevice::ReadWrite); data/chessx-1.4.6/src/quazip/qioapi.cpp:54:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). iodevice->open(QIODevice::WriteOnly); data/chessx-1.4.6/src/quazip/quagzipfile.cpp:18:36: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). template<typename FileId> bool open(FileId id, data/chessx-1.4.6/src/quazip/quagzipfile.cpp:20:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gzFile open(int fd, const char *modeString); data/chessx-1.4.6/src/quazip/quagzipfile.cpp:21:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gzFile open(const QString &name, const char *modeString); data/chessx-1.4.6/src/quazip/quagzipfile.cpp:24:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gzFile QuaGzipFilePrivate::open(const QString &name, const char *modeString) data/chessx-1.4.6/src/quazip/quagzipfile.cpp:29:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gzFile QuaGzipFilePrivate::open(int fd, const char *modeString) data/chessx-1.4.6/src/quazip/quagzipfile.cpp:35:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool QuaGzipFilePrivate::open(FileId id, QIODevice::OpenMode mode, data/chessx-1.4.6/src/quazip/quagzipfile.cpp:38:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char modeString[2]; data/chessx-1.4.6/src/quazip/quagzipfile.cpp:59:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gzd = open(id, modeString); data/chessx-1.4.6/src/quazip/quagzipfile.cpp:109:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool QuaGzipFile::open(QIODevice::OpenMode mode) data/chessx-1.4.6/src/quazip/quagzipfile.cpp:112:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!d->open(d->fileName, mode, error)) data/chessx-1.4.6/src/quazip/quagzipfile.cpp:117:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return QIODevice::open(mode); data/chessx-1.4.6/src/quazip/quagzipfile.cpp:120:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool QuaGzipFile::open(int fd, QIODevice::OpenMode mode) data/chessx-1.4.6/src/quazip/quagzipfile.cpp:123:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!d->open(fd, mode, error)) data/chessx-1.4.6/src/quazip/quagzipfile.cpp:128:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return QIODevice::open(mode); data/chessx-1.4.6/src/quazip/quagzipfile.h:22:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual bool open(QIODevice::OpenMode mode); data/chessx-1.4.6/src/quazip/quagzipfile.h:23:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual bool open(int fd, QIODevice::OpenMode mode); data/chessx-1.4.6/src/quazip/quaziodevice.cpp:49:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). debug.open(QIODevice::WriteOnly); data/chessx-1.4.6/src/quazip/quaziodevice.cpp:53:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). indebug.open(QIODevice::WriteOnly); data/chessx-1.4.6/src/quazip/quaziodevice.cpp:132:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool QuaZIODevice::open(QIODevice::OpenMode mode) data/chessx-1.4.6/src/quazip/quaziodevice.cpp:150:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return QIODevice::open(mode); data/chessx-1.4.6/src/quazip/quaziodevice.h:18:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual bool open(QIODevice::OpenMode); data/chessx-1.4.6/src/quazip/quazip.cpp:133:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool QuaZip::open(Mode mode, zlib_filefunc_def* ioApi) data/chessx-1.4.6/src/quazip/quazip.h:178:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(Mode mode, zlib_filefunc_def *ioApi = NULL); data/chessx-1.4.6/src/quazip/quazipfile.cpp:254:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool QuaZipFile::open(OpenMode mode) data/chessx-1.4.6/src/quazip/quazipfile.cpp:256:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return open(mode, NULL); data/chessx-1.4.6/src/quazip/quazipfile.cpp:259:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool QuaZipFile::open(OpenMode mode, int *method, int *level, bool raw, const char *password) data/chessx-1.4.6/src/quazip/quazipfile.cpp:276:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!p->zip->open(QuaZip::mdUnzip)) data/chessx-1.4.6/src/quazip/quazipfile.cpp:323:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool QuaZipFile::open(OpenMode mode, const QuaZipNewInfo& info, data/chessx-1.4.6/src/quazip/quazipfile.h:292:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual bool open(OpenMode mode); data/chessx-1.4.6/src/quazip/quazipfile.h:298:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inline bool open(OpenMode mode, const char *password) data/chessx-1.4.6/src/quazip/quazipfile.h:300:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return open(mode, NULL, NULL, false, password); data/chessx-1.4.6/src/quazip/quazipfile.h:314:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(OpenMode mode, int *method, int *level, bool raw, const char *password = NULL); data/chessx-1.4.6/src/quazip/quazipfile.h:343:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(OpenMode mode, const QuaZipNewInfo& info, data/chessx-1.4.6/src/quazip/unzip.c:869:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szCurrentFileName[UNZ_MAXFILENAMEINZIP+1]; data/chessx-1.4.6/src/quazip/unzip.c:1070:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source[12]; data/chessx-1.4.6/src/quazip/zip.c:111:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[SIZEDATA_INDATABLOCK]; data/chessx-1.4.6/src/quazip/zip.c:282:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4]; data/chessx-1.4.6/src/quazip/zip.c:907:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bufHead[RAND_HEAD_LEN]; data/chessx-1.4.6/src/database/bitboard.cpp:1787:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(san)>=5) data/chessx-1.4.6/src/database/bitboard.cpp:1796:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen(san)>=3) data/chessx-1.4.6/src/database/index.cpp:188:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool Index::read(QDataStream &in, volatile bool *breakFlag, short version) data/chessx-1.4.6/src/database/index.cpp:208:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_indexItems[i]->read(in); data/chessx-1.4.6/src/database/index.h:114:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(QDataStream& in, volatile bool *breakFlag, short version); data/chessx-1.4.6/src/database/indexitem.cpp:59:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void IndexItem::read(QDataStream& in) data/chessx-1.4.6/src/database/indexitem.h:59:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void read(QDataStream& in); data/chessx-1.4.6/src/database/outputoptions.cpp:210:47: [1] (obsolete) ulimit: This C routine is considered obsolete (as opposed to the shell command by the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2), setrlimit(2), and sysconf(3) instead. if((val >= llimit) && (val <= ulimit)) data/chessx-1.4.6/src/database/pgndatabase.cpp:64:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return (index()->read(in, breakFlag, version)); data/chessx-1.4.6/src/database/polyglotdatabase.cpp:352:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(m_file->read((char*)&c,1)<=0) data/chessx-1.4.6/src/database/tagvalues.h:76:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual void read(QDataStream&) {} data/chessx-1.4.6/src/gui/ooo/kzip.cpp:213:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). device()->read((char *) &lh, sizeof (LocalFileHeader)); data/chessx-1.4.6/src/gui/ooo/kzip.cpp:217:39: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QByteArray compressed = device()->read(compressed_size); data/chessx-1.4.6/src/gui/ooo/kzip.cpp:271:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). device()->read((char *) tmp, 4); data/chessx-1.4.6/src/gui/ooo/kzip.cpp:289:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). device()->read((char *) &eod, sizeof (EndOfDirectory)); data/chessx-1.4.6/src/gui/ooo/kzip.cpp:305:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). commentario = device()->read(qMin(comment_length, i)); data/chessx-1.4.6/src/gui/ooo/kzip.cpp:310:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int read = device()->read((char *) &header.h, sizeof (GentralFileHeader)); data/chessx-1.4.6/src/gui/ooo/kzip.cpp:311:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read < (int) sizeof (GentralFileHeader)) { data/chessx-1.4.6/src/gui/ooo/kzip.cpp:321:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). header.file_name = device()->read(l); data/chessx-1.4.6/src/gui/ooo/kzip.cpp:327:40: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). header.extra_field = device()->read(l); data/chessx-1.4.6/src/gui/ooo/kzip.cpp:333:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). header.file_comment = device()->read(l); data/chessx-1.4.6/src/gui/ooo/kzip.cpp:356:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (device()->read(buffer1, UNZIP_EOCD_SIZE) != UNZIP_EOCD_SIZE) { data/chessx-1.4.6/src/quazip/JlCompress.cpp:14:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). qint64 readLen = inFile.read(buf, 4096); data/chessx-1.4.6/src/quazip/qioapi.cpp:83:40: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = (uLong)((QIODevice*)stream)->read((char*)buf, size); data/chessx-1.4.6/src/quazip/quaziodevice.cpp:176:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while(read < maxSize) data/chessx-1.4.6/src/quazip/quaziodevice.cpp:181:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). d->inBufSize = d->io->read(d->inBuf, QUAZIO_INBUFSIZE); data/chessx-1.4.6/src/quazip/quaziodevice.cpp:193:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while(read < maxSize && d->inBufPos < d->inBufSize) data/chessx-1.4.6/src/quazip/quaziodevice.cpp:197:49: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). d->zins.next_out = (Bytef *)(data + read); data/chessx-1.4.6/src/quazip/quaziodevice.cpp:198:50: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). d->zins.avail_out = (uInt)(maxSize - read); // hope it's less than 2GB data/chessx-1.4.6/src/quazip/quaziodevice.cpp:209:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read; data/chessx-1.4.6/src/quazip/quaziodevice.cpp:220:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). more = d->io->read(d->inBuf + d->inBufSize, QUAZIO_INBUFSIZE - d->inBufSize); data/chessx-1.4.6/src/quazip/quaziodevice.cpp:228:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read; data/chessx-1.4.6/src/quazip/quaziodevice.cpp:239:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). indebug.write(data, read); data/chessx-1.4.6/src/quazip/quaziodevice.cpp:241:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read; data/chessx-1.4.6/src/quazip/unzip.c:852:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(szFileName)>=UNZ_MAXFILENAMEINZIP) data/chessx-1.4.6/src/quazip/zip.c:768:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_comment = (uInt)strlen(comment); data/chessx-1.4.6/src/quazip/zip.c:770:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_filename = (uInt)strlen(filename); data/chessx-1.4.6/src/quazip/zip.c:1204:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_global_comment = (uInt)strlen(global_comment); ANALYSIS SUMMARY: Hits = 196 Lines analyzed = 75572 in approximately 1.75 seconds (43157 lines/second) Physical Source Lines of Code (SLOC) = 59035 Hits@level = [0] 3 [1] 38 [2] 146 [3] 8 [4] 4 [5] 0 Hits@level+ = [0+] 199 [1+] 196 [2+] 158 [3+] 12 [4+] 4 [5+] 0 Hits/KSLOC@level+ = [0+] 3.37088 [1+] 3.32006 [2+] 2.67638 [3+] 0.203269 [4+] 0.0677564 [5+] 0 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.