Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/kimageformats-5.74.0/autotests/writetest.cpp
Examining data/kimageformats-5.74.0/autotests/pictest.cpp
Examining data/kimageformats-5.74.0/autotests/readtest.cpp
Examining data/kimageformats-5.74.0/tests/imagedump.cpp
Examining data/kimageformats-5.74.0/tests/imageconverter.cpp
Examining data/kimageformats-5.74.0/tests/format-enum.h
Examining data/kimageformats-5.74.0/src/imageformats/pcx.cpp
Examining data/kimageformats-5.74.0/src/imageformats/eps.cpp
Examining data/kimageformats-5.74.0/src/imageformats/rle_p.h
Examining data/kimageformats-5.74.0/src/imageformats/hdr.cpp
Examining data/kimageformats-5.74.0/src/imageformats/pic.cpp
Examining data/kimageformats-5.74.0/src/imageformats/kra.cpp
Examining data/kimageformats-5.74.0/src/imageformats/pic_p.h
Examining data/kimageformats-5.74.0/src/imageformats/psd_p.h
Examining data/kimageformats-5.74.0/src/imageformats/psd.cpp
Examining data/kimageformats-5.74.0/src/imageformats/ras_p.h
Examining data/kimageformats-5.74.0/src/imageformats/tga_p.h
Examining data/kimageformats-5.74.0/src/imageformats/ras.cpp
Examining data/kimageformats-5.74.0/src/imageformats/ora.cpp
Examining data/kimageformats-5.74.0/src/imageformats/ora.h
Examining data/kimageformats-5.74.0/src/imageformats/tga.cpp
Examining data/kimageformats-5.74.0/src/imageformats/kra.h
Examining data/kimageformats-5.74.0/src/imageformats/rgb_p.h
Examining data/kimageformats-5.74.0/src/imageformats/pcx_p.h
Examining data/kimageformats-5.74.0/src/imageformats/xcf.cpp
Examining data/kimageformats-5.74.0/src/imageformats/xcf_p.h
Examining data/kimageformats-5.74.0/src/imageformats/rgb.cpp
Examining data/kimageformats-5.74.0/src/imageformats/hdr_p.h
Examining data/kimageformats-5.74.0/src/imageformats/eps_p.h
Examining data/kimageformats-5.74.0/src/imageformats/exr.cpp
Examining data/kimageformats-5.74.0/src/imageformats/exr_p.h
Examining data/kimageformats-5.74.0/src/imageformats/gimp_p.h

FINAL RESULTS:

data/kimageformats-5.74.0/src/imageformats/xcf.cpp:559:5:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    srand(RANDOM_SEED);
data/kimageformats-5.74.0/autotests/pictest.cpp:140:26:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        QVERIFY2(expFile.open(QIODevice::ReadOnly), qPrintable(expFile.errorString()));
data/kimageformats-5.74.0/autotests/pictest.cpp:155:31:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            QVERIFY2(dumpFile.open(QIODevice::WriteOnly), qPrintable(dumpFile.errorString()));
data/kimageformats-5.74.0/autotests/pictest.cpp:196:34:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            QVERIFY2(picDumpFile.open(QIODevice::WriteOnly), qPrintable(picDumpFile.errorString()));
data/kimageformats-5.74.0/autotests/pictest.cpp:200:34:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            QVERIFY2(pngDumpFile.open(QIODevice::WriteOnly), qPrintable(pngDumpFile.errorString()));
data/kimageformats-5.74.0/autotests/readtest.cpp:22:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (file.open(QIODevice::WriteOnly)) {
data/kimageformats-5.74.0/autotests/writetest.cpp:79:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if (!expFile.open(QIODevice::ReadOnly)) {
data/kimageformats-5.74.0/autotests/writetest.cpp:91:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf[1];
data/kimageformats-5.74.0/src/imageformats/eps.cpp:31:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[4]; // We at most need to read 4 bytes at a time
data/kimageformats-5.74.0/src/imageformats/eps.cpp:95:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[BBOX_BUFLEN + 1];
data/kimageformats-5.74.0/src/imageformats/eps.cpp:160:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!tmpFile.open()) {
data/kimageformats-5.74.0/src/imageformats/eps.cpp:259:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!tmpFile.open()) {
data/kimageformats-5.74.0/src/imageformats/kra.cpp:38:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!zip.open(QIODevice::ReadOnly)) return false;
data/kimageformats-5.74.0/src/imageformats/kra.cpp:57:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buff[57];
data/kimageformats-5.74.0/src/imageformats/ora.cpp:37:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!zip.open(QIODevice::ReadOnly)) return false;
data/kimageformats-5.74.0/src/imageformats/ora.cpp:56:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buff[54];
data/kimageformats-5.74.0/src/imageformats/pcx.cpp:664:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char head[1];
data/kimageformats-5.74.0/src/imageformats/pic.cpp:44:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char comment[81] = {};
data/kimageformats-5.74.0/src/imageformats/pic.cpp:80:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char comment[80] = {};
data/kimageformats-5.74.0/src/imageformats/pic.cpp:84:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char id[4] = {};
data/kimageformats-5.74.0/src/imageformats/pic.cpp:340:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char data[4];
data/kimageformats-5.74.0/src/imageformats/psd.cpp:275:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char head[4];
data/kimageformats-5.74.0/src/imageformats/rgb.cpp:89:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char _imagename[80];
data/kimageformats-5.74.0/src/imageformats/tga.cpp:211:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char palette[max_palette_size];
data/kimageformats-5.74.0/src/imageformats/tga.cpp:261:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char pixel[8];
data/kimageformats-5.74.0/src/imageformats/tga.cpp:273:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(dst, pixel, pixel_size);
data/kimageformats-5.74.0/src/imageformats/xcf.cpp:3246:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char head[8];
data/kimageformats-5.74.0/tests/imagedump.cpp:89:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!output.open(QIODevice::WriteOnly)) {
data/kimageformats-5.74.0/autotests/pictest.cpp:136:28:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        QVERIFY2(pngReader.read(&pngImage), qPrintable(pngReader.errorString()));
data/kimageformats-5.74.0/autotests/pictest.cpp:179:28:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        QVERIFY2(expReader.read(&expImage), qPrintable(expReader.errorString()));
data/kimageformats-5.74.0/autotests/pictest.cpp:180:30:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        QVERIFY2(inputReader.read(&inputImage), qPrintable(inputReader.errorString()));
data/kimageformats-5.74.0/autotests/readtest.cpp:134:24:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if (!expReader.read(&expImage)) {
data/kimageformats-5.74.0/autotests/readtest.cpp:150:26:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if (!inputReader.read(&inputImage)) {
data/kimageformats-5.74.0/autotests/writetest.cpp:69:24:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if (!pngReader.read(&pngImage)) {
data/kimageformats-5.74.0/autotests/writetest.cpp:92:37:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            qint64 result = expFile.read(buf, 1);
data/kimageformats-5.74.0/autotests/writetest.cpp:126:28:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            if (!imgReader.read(&reReadImage)) {
data/kimageformats-5.74.0/src/imageformats/eps.cpp:27:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define BBOX_LEN strlen(BBOX)
data/kimageformats-5.74.0/src/imageformats/eps.cpp:35:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (io->read(buf, 2) != 2) { // Read first two bytes
data/kimageformats-5.74.0/src/imageformats/eps.cpp:44:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if (io->read(buf + 2, 2) != 2) { // Read further bytes of MS-DOS EPS magic
data/kimageformats-5.74.0/src/imageformats/eps.cpp:49:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            if (io->read(buf, 4) != 4) { // Get offset of PostScript code in the MS-DOS EPS file.
data/kimageformats-5.74.0/src/imageformats/eps.cpp:58:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            if (io->read(buf, 4) != 4) { // Get size of PostScript code in the MS-DOS EPS file.
data/kimageformats-5.74.0/src/imageformats/eps.cpp:72:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            if (io->read(buf, 2) != 2) { // Read first two bytes of what should be the Postscript code
data/kimageformats-5.74.0/src/imageformats/eps.cpp:133:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
bool EPSHandler::read(QImage *image)
data/kimageformats-5.74.0/src/imageformats/eps.cpp:223:24:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    qint64 count = io->read(buffer.data(), buffer.size());
data/kimageformats-5.74.0/src/imageformats/eps.cpp:233:25:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            count = io->read(buffer.data(), buffer.size());
data/kimageformats-5.74.0/src/imageformats/eps.cpp:241:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (ppmReader.read(image)) {
data/kimageformats-5.74.0/src/imageformats/eps_p.h:19:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    bool read(QImage *image) override;
data/kimageformats-5.74.0/src/imageformats/exr.cpp:44:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    bool  read(char c[], int n) override;
data/kimageformats-5.74.0/src/imageformats/exr.cpp:53:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
bool K_IStream::read(char c[], int n)
data/kimageformats-5.74.0/src/imageformats/exr.cpp:55:28:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    qint64 result = m_dev->read(c, n);
data/kimageformats-5.74.0/src/imageformats/exr.cpp:163:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
bool EXRHandler::read(QImage *outImage)
data/kimageformats-5.74.0/src/imageformats/exr_p.h:21:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    bool read(QImage *outImage) override;
data/kimageformats-5.74.0/src/imageformats/hdr.cpp:187:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
bool HDRHandler::read(QImage *outImage)
data/kimageformats-5.74.0/src/imageformats/hdr_p.h:19:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    bool read(QImage *outImage) override;
data/kimageformats-5.74.0/src/imageformats/kra.cpp:35:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
bool KraHandler::read(QImage *image)
data/kimageformats-5.74.0/src/imageformats/kra.h:19:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    bool read(QImage *image)  override;
data/kimageformats-5.74.0/src/imageformats/ora.cpp:34:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
bool OraHandler::read(QImage *image)
data/kimageformats-5.74.0/src/imageformats/ora.h:19:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    bool read(QImage *image)  override;
data/kimageformats-5.74.0/src/imageformats/pcx.cpp:557:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
bool PCXHandler::read(QImage *outImage)
data/kimageformats-5.74.0/src/imageformats/pcx.cpp:665:32:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    qint64 readBytes = device->read(head, sizeof(head));
data/kimageformats-5.74.0/src/imageformats/pcx_p.h:19:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    bool read(QImage *image) override;
data/kimageformats-5.74.0/src/imageformats/pic.cpp:81:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(comment, header.comment.constData(), sizeof(comment));
data/kimageformats-5.74.0/src/imageformats/pic.cpp:85:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(id, header.id.constData(), sizeof(id));
data/kimageformats-5.74.0/src/imageformats/pic.cpp:223:27:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
bool SoftimagePICHandler::read(QImage *image)
data/kimageformats-5.74.0/src/imageformats/pic_p.h:145:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    bool read(QImage *image) override;
data/kimageformats-5.74.0/src/imageformats/psd.cpp:236:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
bool PSDHandler::read(QImage *image)
data/kimageformats-5.74.0/src/imageformats/psd.cpp:276:32:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    qint64 readBytes = device->read(head, sizeof(head));
data/kimageformats-5.74.0/src/imageformats/psd_p.h:19:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    bool read(QImage *image) override;
data/kimageformats-5.74.0/src/imageformats/ras.cpp:252:31:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    QByteArray head = device->read(RasHeader::SIZE); // header is exactly 32 bytes, always FIXME
data/kimageformats-5.74.0/src/imageformats/ras.cpp:268:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
bool RASHandler::read(QImage *outImage)
data/kimageformats-5.74.0/src/imageformats/ras_p.h:20:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    bool read(QImage *image) override;
data/kimageformats-5.74.0/src/imageformats/rgb.cpp:710:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
bool RGBHandler::read(QImage *outImage)
data/kimageformats-5.74.0/src/imageformats/rgb_p.h:19:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    bool read(QImage *image) override;
data/kimageformats-5.74.0/src/imageformats/tga.cpp:390:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
bool TGAHandler::read(QImage *outImage)
data/kimageformats-5.74.0/src/imageformats/tga.cpp:465:31:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    QByteArray head = device->read(TgaHeader::SIZE);
data/kimageformats-5.74.0/src/imageformats/tga_p.h:19:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    bool read(QImage *image) override;
data/kimageformats-5.74.0/src/imageformats/xcf.cpp:726:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (tag && strncmp(tag, "gimp-comment", strlen("gimp-comment")) == 0) {
data/kimageformats-5.74.0/src/imageformats/xcf.cpp:3226:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
bool XCFHandler::read(QImage *image)
data/kimageformats-5.74.0/src/imageformats/xcf.cpp:3247:32:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    qint64 readBytes = device->read(head, sizeof(head));
data/kimageformats-5.74.0/src/imageformats/xcf_p.h:20:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    bool read(QImage *image) override;
data/kimageformats-5.74.0/tests/imageconverter.cpp:69:25:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    QImage img = reader.read();
data/kimageformats-5.74.0/tests/imagedump.cpp:81:25:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    QImage img = reader.read();

ANALYSIS SUMMARY:

Hits = 82
Lines analyzed = 9548 in approximately 0.28 seconds (34678 lines/second)
Physical Source Lines of Code (SLOC) = 6903
Hits@level = [0]   1 [1]  54 [2]  27 [3]   1 [4]   0 [5]   0
Hits@level+ = [0+]  83 [1+]  82 [2+]  28 [3+]   1 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 12.0238 [1+] 11.8789 [2+] 4.05621 [3+] 0.144865 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.