Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/pencil2d-0.6.5/app/src/aboutdialog.cpp Examining data/pencil2d-0.6.5/app/src/aboutdialog.h Examining data/pencil2d-0.6.5/app/src/actioncommands.cpp Examining data/pencil2d-0.6.5/app/src/actioncommands.h Examining data/pencil2d-0.6.5/app/src/app-pch.h Examining data/pencil2d-0.6.5/app/src/app_util.h Examining data/pencil2d-0.6.5/app/src/checkupdatesdialog.cpp Examining data/pencil2d-0.6.5/app/src/checkupdatesdialog.h Examining data/pencil2d-0.6.5/app/src/colorbox.cpp Examining data/pencil2d-0.6.5/app/src/colorbox.h Examining data/pencil2d-0.6.5/app/src/colorinspector.cpp Examining data/pencil2d-0.6.5/app/src/colorinspector.h Examining data/pencil2d-0.6.5/app/src/colorpalettewidget.cpp Examining data/pencil2d-0.6.5/app/src/colorpalettewidget.h Examining data/pencil2d-0.6.5/app/src/colorslider.cpp Examining data/pencil2d-0.6.5/app/src/colorslider.h Examining data/pencil2d-0.6.5/app/src/colorwheel.cpp Examining data/pencil2d-0.6.5/app/src/colorwheel.h Examining data/pencil2d-0.6.5/app/src/displayoptionwidget.cpp Examining data/pencil2d-0.6.5/app/src/displayoptionwidget.h Examining data/pencil2d-0.6.5/app/src/doubleprogressdialog.cpp Examining data/pencil2d-0.6.5/app/src/doubleprogressdialog.h Examining data/pencil2d-0.6.5/app/src/errordialog.cpp Examining data/pencil2d-0.6.5/app/src/errordialog.h Examining data/pencil2d-0.6.5/app/src/exportimagedialog.cpp Examining data/pencil2d-0.6.5/app/src/exportimagedialog.h Examining data/pencil2d-0.6.5/app/src/exportmoviedialog.cpp Examining data/pencil2d-0.6.5/app/src/exportmoviedialog.h Examining data/pencil2d-0.6.5/app/src/filedialogex.cpp Examining data/pencil2d-0.6.5/app/src/filedialogex.h Examining data/pencil2d-0.6.5/app/src/importexportdialog.cpp Examining data/pencil2d-0.6.5/app/src/importexportdialog.h Examining data/pencil2d-0.6.5/app/src/importimageseqdialog.cpp Examining data/pencil2d-0.6.5/app/src/importimageseqdialog.h Examining data/pencil2d-0.6.5/app/src/importlayersdialog.cpp Examining data/pencil2d-0.6.5/app/src/importlayersdialog.h Examining data/pencil2d-0.6.5/app/src/importpositiondialog.cpp Examining data/pencil2d-0.6.5/app/src/importpositiondialog.h Examining data/pencil2d-0.6.5/app/src/main.cpp Examining data/pencil2d-0.6.5/app/src/mainwindow2.cpp Examining data/pencil2d-0.6.5/app/src/mainwindow2.h Examining data/pencil2d-0.6.5/app/src/onionskinwidget.cpp Examining data/pencil2d-0.6.5/app/src/onionskinwidget.h Examining data/pencil2d-0.6.5/app/src/pegbaralignmentdialog.cpp Examining data/pencil2d-0.6.5/app/src/pegbaralignmentdialog.h Examining data/pencil2d-0.6.5/app/src/pencilapplication.cpp Examining data/pencil2d-0.6.5/app/src/pencilapplication.h Examining data/pencil2d-0.6.5/app/src/popupcolorpalettewidget.cpp Examining data/pencil2d-0.6.5/app/src/popupcolorpalettewidget.h Examining data/pencil2d-0.6.5/app/src/predefinedsetmodel.cpp Examining data/pencil2d-0.6.5/app/src/predefinedsetmodel.h Examining data/pencil2d-0.6.5/app/src/preferencesdialog.cpp Examining data/pencil2d-0.6.5/app/src/preferencesdialog.h Examining data/pencil2d-0.6.5/app/src/presetdialog.cpp Examining data/pencil2d-0.6.5/app/src/presetdialog.h Examining data/pencil2d-0.6.5/app/src/preview.cpp Examining data/pencil2d-0.6.5/app/src/preview.h Examining data/pencil2d-0.6.5/app/src/shortcutfilter.cpp Examining data/pencil2d-0.6.5/app/src/shortcutfilter.h Examining data/pencil2d-0.6.5/app/src/shortcutspage.cpp Examining data/pencil2d-0.6.5/app/src/shortcutspage.h Examining data/pencil2d-0.6.5/app/src/spinslider.cpp Examining data/pencil2d-0.6.5/app/src/spinslider.h Examining data/pencil2d-0.6.5/app/src/timeline2.cpp Examining data/pencil2d-0.6.5/app/src/timeline2.h Examining data/pencil2d-0.6.5/app/src/toolbox.cpp Examining data/pencil2d-0.6.5/app/src/toolbox.h Examining data/pencil2d-0.6.5/app/src/tooloptionwidget.cpp Examining data/pencil2d-0.6.5/app/src/tooloptionwidget.h Examining data/pencil2d-0.6.5/core_lib/src/activeframepool.cpp Examining data/pencil2d-0.6.5/core_lib/src/activeframepool.h Examining data/pencil2d-0.6.5/core_lib/src/canvaspainter.cpp Examining data/pencil2d-0.6.5/core_lib/src/canvaspainter.h Examining data/pencil2d-0.6.5/core_lib/src/corelib-pch.h Examining data/pencil2d-0.6.5/core_lib/src/external/linux/linux.cpp Examining data/pencil2d-0.6.5/core_lib/src/external/macosx/macosx.cpp Examining data/pencil2d-0.6.5/core_lib/src/external/macosx/macosxnative.h Examining data/pencil2d-0.6.5/core_lib/src/external/platformhandler.h Examining data/pencil2d-0.6.5/core_lib/src/external/win32/win32.cpp Examining data/pencil2d-0.6.5/core_lib/src/graphics/bitmap/bitmapimage.cpp Examining data/pencil2d-0.6.5/core_lib/src/graphics/bitmap/bitmapimage.h Examining data/pencil2d-0.6.5/core_lib/src/graphics/vector/bezierarea.cpp Examining data/pencil2d-0.6.5/core_lib/src/graphics/vector/bezierarea.h Examining data/pencil2d-0.6.5/core_lib/src/graphics/vector/beziercurve.cpp Examining data/pencil2d-0.6.5/core_lib/src/graphics/vector/beziercurve.h Examining data/pencil2d-0.6.5/core_lib/src/graphics/vector/colorref.cpp Examining data/pencil2d-0.6.5/core_lib/src/graphics/vector/colorref.h Examining data/pencil2d-0.6.5/core_lib/src/graphics/vector/vectorimage.cpp Examining data/pencil2d-0.6.5/core_lib/src/graphics/vector/vectorimage.h Examining data/pencil2d-0.6.5/core_lib/src/graphics/vector/vectorselection.cpp Examining data/pencil2d-0.6.5/core_lib/src/graphics/vector/vectorselection.h Examining data/pencil2d-0.6.5/core_lib/src/graphics/vector/vertexref.cpp Examining data/pencil2d-0.6.5/core_lib/src/graphics/vector/vertexref.h Examining data/pencil2d-0.6.5/core_lib/src/interface/backgroundwidget.cpp Examining data/pencil2d-0.6.5/core_lib/src/interface/backgroundwidget.h Examining data/pencil2d-0.6.5/core_lib/src/interface/backupelement.h Examining data/pencil2d-0.6.5/core_lib/src/interface/basedockwidget.cpp Examining data/pencil2d-0.6.5/core_lib/src/interface/basedockwidget.h Examining data/pencil2d-0.6.5/core_lib/src/interface/editor.cpp Examining data/pencil2d-0.6.5/core_lib/src/interface/editor.h Examining data/pencil2d-0.6.5/core_lib/src/interface/flowlayout.cpp Examining data/pencil2d-0.6.5/core_lib/src/interface/flowlayout.h Examining data/pencil2d-0.6.5/core_lib/src/interface/recentfilemenu.cpp Examining data/pencil2d-0.6.5/core_lib/src/interface/recentfilemenu.h Examining data/pencil2d-0.6.5/core_lib/src/interface/scribblearea.cpp Examining data/pencil2d-0.6.5/core_lib/src/interface/scribblearea.h Examining data/pencil2d-0.6.5/core_lib/src/interface/timecontrols.cpp Examining data/pencil2d-0.6.5/core_lib/src/interface/timecontrols.h Examining data/pencil2d-0.6.5/core_lib/src/interface/timeline.cpp Examining data/pencil2d-0.6.5/core_lib/src/interface/timeline.h Examining data/pencil2d-0.6.5/core_lib/src/interface/timelinecells.cpp Examining data/pencil2d-0.6.5/core_lib/src/interface/timelinecells.h Examining data/pencil2d-0.6.5/core_lib/src/managers/basemanager.cpp Examining data/pencil2d-0.6.5/core_lib/src/managers/basemanager.h Examining data/pencil2d-0.6.5/core_lib/src/managers/colormanager.cpp Examining data/pencil2d-0.6.5/core_lib/src/managers/colormanager.h Examining data/pencil2d-0.6.5/core_lib/src/managers/layermanager.cpp Examining data/pencil2d-0.6.5/core_lib/src/managers/layermanager.h Examining data/pencil2d-0.6.5/core_lib/src/managers/playbackmanager.cpp Examining data/pencil2d-0.6.5/core_lib/src/managers/playbackmanager.h Examining data/pencil2d-0.6.5/core_lib/src/managers/preferencemanager.cpp Examining data/pencil2d-0.6.5/core_lib/src/managers/preferencemanager.h Examining data/pencil2d-0.6.5/core_lib/src/managers/selectionmanager.cpp Examining data/pencil2d-0.6.5/core_lib/src/managers/selectionmanager.h Examining data/pencil2d-0.6.5/core_lib/src/managers/soundmanager.cpp Examining data/pencil2d-0.6.5/core_lib/src/managers/soundmanager.h Examining data/pencil2d-0.6.5/core_lib/src/managers/toolmanager.cpp Examining data/pencil2d-0.6.5/core_lib/src/managers/toolmanager.h Examining data/pencil2d-0.6.5/core_lib/src/managers/viewmanager.cpp Examining data/pencil2d-0.6.5/core_lib/src/managers/viewmanager.h Examining data/pencil2d-0.6.5/core_lib/src/miniz.cpp Examining data/pencil2d-0.6.5/core_lib/src/miniz.h Examining data/pencil2d-0.6.5/core_lib/src/movieexporter.cpp Examining data/pencil2d-0.6.5/core_lib/src/movieexporter.h Examining data/pencil2d-0.6.5/core_lib/src/movieimporter.h Examining data/pencil2d-0.6.5/core_lib/src/qminiz.cpp Examining data/pencil2d-0.6.5/core_lib/src/qminiz.h Examining data/pencil2d-0.6.5/core_lib/src/selectionpainter.cpp Examining data/pencil2d-0.6.5/core_lib/src/selectionpainter.h Examining data/pencil2d-0.6.5/core_lib/src/soundplayer.cpp Examining data/pencil2d-0.6.5/core_lib/src/soundplayer.h Examining data/pencil2d-0.6.5/core_lib/src/structure/camera.cpp Examining data/pencil2d-0.6.5/core_lib/src/structure/camera.h Examining data/pencil2d-0.6.5/core_lib/src/structure/filemanager.cpp Examining data/pencil2d-0.6.5/core_lib/src/structure/filemanager.h Examining data/pencil2d-0.6.5/core_lib/src/structure/keyframe.cpp Examining data/pencil2d-0.6.5/core_lib/src/structure/keyframe.h Examining data/pencil2d-0.6.5/core_lib/src/structure/layer.cpp Examining data/pencil2d-0.6.5/core_lib/src/structure/layer.h Examining data/pencil2d-0.6.5/core_lib/src/structure/layerbitmap.cpp Examining data/pencil2d-0.6.5/core_lib/src/structure/layerbitmap.h Examining data/pencil2d-0.6.5/core_lib/src/structure/layercamera.cpp Examining data/pencil2d-0.6.5/core_lib/src/structure/layercamera.h Examining data/pencil2d-0.6.5/core_lib/src/structure/layersound.cpp Examining data/pencil2d-0.6.5/core_lib/src/structure/layersound.h Examining data/pencil2d-0.6.5/core_lib/src/structure/layervector.cpp Examining data/pencil2d-0.6.5/core_lib/src/structure/layervector.h Examining data/pencil2d-0.6.5/core_lib/src/structure/object.cpp Examining data/pencil2d-0.6.5/core_lib/src/structure/object.h Examining data/pencil2d-0.6.5/core_lib/src/structure/objectdata.cpp Examining data/pencil2d-0.6.5/core_lib/src/structure/objectdata.h Examining data/pencil2d-0.6.5/core_lib/src/structure/soundclip.cpp Examining data/pencil2d-0.6.5/core_lib/src/structure/soundclip.h Examining data/pencil2d-0.6.5/core_lib/src/tool/basetool.cpp Examining data/pencil2d-0.6.5/core_lib/src/tool/basetool.h Examining data/pencil2d-0.6.5/core_lib/src/tool/brushtool.cpp Examining data/pencil2d-0.6.5/core_lib/src/tool/brushtool.h Examining data/pencil2d-0.6.5/core_lib/src/tool/buckettool.cpp Examining data/pencil2d-0.6.5/core_lib/src/tool/buckettool.h Examining data/pencil2d-0.6.5/core_lib/src/tool/erasertool.cpp Examining data/pencil2d-0.6.5/core_lib/src/tool/erasertool.h Examining data/pencil2d-0.6.5/core_lib/src/tool/eyedroppertool.cpp Examining data/pencil2d-0.6.5/core_lib/src/tool/eyedroppertool.h Examining data/pencil2d-0.6.5/core_lib/src/tool/handtool.cpp Examining data/pencil2d-0.6.5/core_lib/src/tool/handtool.h Examining data/pencil2d-0.6.5/core_lib/src/tool/movetool.cpp Examining data/pencil2d-0.6.5/core_lib/src/tool/movetool.h Examining data/pencil2d-0.6.5/core_lib/src/tool/penciltool.cpp Examining data/pencil2d-0.6.5/core_lib/src/tool/penciltool.h Examining data/pencil2d-0.6.5/core_lib/src/tool/pentool.cpp Examining data/pencil2d-0.6.5/core_lib/src/tool/pentool.h Examining data/pencil2d-0.6.5/core_lib/src/tool/polylinetool.cpp Examining data/pencil2d-0.6.5/core_lib/src/tool/polylinetool.h Examining data/pencil2d-0.6.5/core_lib/src/tool/selecttool.cpp Examining data/pencil2d-0.6.5/core_lib/src/tool/selecttool.h Examining data/pencil2d-0.6.5/core_lib/src/tool/smudgetool.cpp Examining data/pencil2d-0.6.5/core_lib/src/tool/smudgetool.h Examining data/pencil2d-0.6.5/core_lib/src/tool/strokemanager.cpp Examining data/pencil2d-0.6.5/core_lib/src/tool/strokemanager.h Examining data/pencil2d-0.6.5/core_lib/src/tool/stroketool.cpp Examining data/pencil2d-0.6.5/core_lib/src/tool/stroketool.h Examining data/pencil2d-0.6.5/core_lib/src/util/blitrect.cpp Examining data/pencil2d-0.6.5/core_lib/src/util/blitrect.h Examining data/pencil2d-0.6.5/core_lib/src/util/bspline.cpp Examining data/pencil2d-0.6.5/core_lib/src/util/colordictionary.h Examining data/pencil2d-0.6.5/core_lib/src/util/fileformat.cpp Examining data/pencil2d-0.6.5/core_lib/src/util/fileformat.h Examining data/pencil2d-0.6.5/core_lib/src/util/filetype.h Examining data/pencil2d-0.6.5/core_lib/src/util/log.cpp Examining data/pencil2d-0.6.5/core_lib/src/util/log.h Examining data/pencil2d-0.6.5/core_lib/src/util/mathutils.h Examining data/pencil2d-0.6.5/core_lib/src/util/movemode.h Examining data/pencil2d-0.6.5/core_lib/src/util/pencildef.h Examining data/pencil2d-0.6.5/core_lib/src/util/pencilerror.cpp Examining data/pencil2d-0.6.5/core_lib/src/util/pencilerror.h Examining data/pencil2d-0.6.5/core_lib/src/util/pencilsettings.cpp Examining data/pencil2d-0.6.5/core_lib/src/util/pencilsettings.h Examining data/pencil2d-0.6.5/core_lib/src/util/pointerevent.cpp Examining data/pencil2d-0.6.5/core_lib/src/util/pointerevent.h Examining data/pencil2d-0.6.5/core_lib/src/util/util.cpp Examining data/pencil2d-0.6.5/core_lib/src/util/util.h Examining data/pencil2d-0.6.5/core_lib/src/movieimporter.cpp Examining data/pencil2d-0.6.5/tests/src/catch.hpp Examining data/pencil2d-0.6.5/tests/src/main.cpp Examining data/pencil2d-0.6.5/tests/src/test_bitmapimage.cpp Examining data/pencil2d-0.6.5/tests/src/test_colormanager.cpp Examining data/pencil2d-0.6.5/tests/src/test_filemanager.cpp Examining data/pencil2d-0.6.5/tests/src/test_layer.cpp Examining data/pencil2d-0.6.5/tests/src/test_layermanager.cpp Examining data/pencil2d-0.6.5/tests/src/test_object.cpp Examining data/pencil2d-0.6.5/tests/src/test_viewmanager.cpp Examining data/pencil2d-0.6.5/translations/dummy.cpp FINAL RESULTS: data/pencil2d-0.6.5/app/src/main.cpp:41:34: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. strUserLocale = QLocale::system().name(); data/pencil2d-0.6.5/core_lib/src/structure/filemanager.cpp:45:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(static_cast<uint>(time(nullptr))); data/pencil2d-0.6.5/tests/src/catch.hpp:3351:10: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. auto random( T const& first, T const& last ) -> Generator<T> { data/pencil2d-0.6.5/tests/src/catch.hpp:3358:10: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. auto random( size_t size ) -> Generator<T> { data/pencil2d-0.6.5/tests/src/catch.hpp:9361:18: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. std::srand( config.rngSeed() ); data/pencil2d-0.6.5/app/src/mainwindow2.cpp:725:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (eLog.open(QIODevice::WriteOnly | QIODevice::Text)) data/pencil2d-0.6.5/app/src/mainwindow2.cpp:1103:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). presetDialog->open(); data/pencil2d-0.6.5/core_lib/src/graphics/vector/vectorimage.cpp:74:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QFile::ReadOnly)) data/pencil2d-0.6.5/core_lib/src/graphics/vector/vectorimage.cpp:112:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool result = file.open(QIODevice::WriteOnly); data/pencil2d-0.6.5/core_lib/src/miniz.cpp:29:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char mz_validate_uint16[sizeof(mz_uint16) == 2 ? 1 : -1]; data/pencil2d-0.6.5/core_lib/src/miniz.cpp:30:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char mz_validate_uint32[sizeof(mz_uint32) == 4 ? 1 : -1]; data/pencil2d-0.6.5/core_lib/src/miniz.cpp:31:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char mz_validate_uint64[sizeof(mz_uint64) == 8 ? 1 : -1]; data/pencil2d-0.6.5/core_lib/src/miniz.cpp:486:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pStream->next_out, pState->m_dict + pState->m_dict_ofs, n); data/pencil2d-0.6.5/core_lib/src/miniz.cpp:511:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pStream->next_out, pState->m_dict + pState->m_dict_ofs, n); data/pencil2d-0.6.5/core_lib/src/miniz.cpp:987:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(code_sizes_to_pack, &d->m_huff_code_sizes[0][0], num_lit_codes); data/pencil2d-0.6.5/core_lib/src/miniz.cpp:988:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(code_sizes_to_pack + num_lit_codes, &d->m_huff_code_sizes[1][0], num_dist_codes); data/pencil2d-0.6.5/core_lib/src/miniz.cpp:1350:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((mz_uint8 *)d->m_pOut_buf + d->m_out_buf_ofs, d->m_output_buf, bytes_to_copy); data/pencil2d-0.6.5/core_lib/src/miniz.cpp:1372:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ret, p, sizeof(mz_uint16)); data/pencil2d-0.6.5/core_lib/src/miniz.cpp:1378:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ret, p, sizeof(mz_uint16)); data/pencil2d-0.6.5/core_lib/src/miniz.cpp:1488:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ret, p, sizeof(mz_uint32)); data/pencil2d-0.6.5/core_lib/src/miniz.cpp:1512:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d->m_dict + dst_pos, d->m_pSrc, n); data/pencil2d-0.6.5/core_lib/src/miniz.cpp:1514:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d->m_dict + TDEFL_LZ_DICT_SIZE + dst_pos, d->m_pSrc, MZ_MIN(n, (TDEFL_MAX_MATCH_LEN - 1) - dst_pos)); data/pencil2d-0.6.5/core_lib/src/miniz.cpp:1564:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pLZ_code_buf[1], &cur_match_dist, sizeof(cur_match_dist)); data/pencil2d-0.6.5/core_lib/src/miniz.cpp:1866:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((mz_uint8 *)d->m_pOut_buf + d->m_out_buf_ofs, d->m_output_buf + d->m_output_flush_ofs, n); data/pencil2d-0.6.5/core_lib/src/miniz.cpp:2038:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((mz_uint8 *)p->m_pBuf + p->m_size, pBuf, len); data/pencil2d-0.6.5/core_lib/src/miniz.cpp:2162:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out_buf.m_pBuf, pnghdr, 41); data/pencil2d-0.6.5/core_lib/src/miniz.cpp:2242:31: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define TINFL_MEMCPY(d, s, l) memcpy(d, s, l) data/pencil2d-0.6.5/core_lib/src/miniz.cpp:2734:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pOut_buf_cur, pSrc, sizeof(mz_uint32)*2); data/pencil2d-0.6.5/core_lib/src/miniz.cpp:3034:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define MZ_FOPEN(f, m) fopen(f, m) data/pencil2d-0.6.5/core_lib/src/miniz.cpp:3049:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define MZ_FOPEN(f, m) fopen(f, m) data/pencil2d-0.6.5/core_lib/src/miniz.cpp:3079:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define MZ_FOPEN(f, m) fopen(f, m) data/pencil2d-0.6.5/core_lib/src/miniz.cpp:3096:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define MZ_FOPEN(f, m) fopen(f, m) data/pencil2d-0.6.5/core_lib/src/miniz.cpp:3315:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((mz_uint8 *)pArray->m_p + orig_size * pArray->m_element_size, pElements, n * pArray->m_element_size); data/pencil2d-0.6.5/core_lib/src/miniz.cpp:3886:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pBuf, (const mz_uint8 *)pZip->m_pState->m_pMem + file_ofs, s); data/pencil2d-0.6.5/core_lib/src/miniz.cpp:4159:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pStat->m_filename, p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE, n); data/pencil2d-0.6.5/core_lib/src/miniz.cpp:4165:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pStat->m_comment, p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + MZ_READ_LE16(p + MZ_ZIP_CDH_FILENAME_LEN_OFS) + MZ_READ_LE16(p + MZ_ZIP_CDH_EXTRA_LEN_OFS), n); data/pencil2d-0.6.5/core_lib/src/miniz.cpp:4969:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( pvBuf, pState->pRead_buf, copied_to_caller ); data/pencil2d-0.6.5/core_lib/src/miniz.cpp:5041:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (uint8_t*)pvBuf + copied_to_caller, pWrite_buf_cur, to_copy ); data/pencil2d-0.6.5/core_lib/src/miniz.cpp:5594:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((mz_uint8 *)pState->m_pMem + file_ofs, pBuf, n); data/pencil2d-0.6.5/core_lib/src/miniz.cpp:5781:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/pencil2d-0.6.5/core_lib/src/miniz.cpp:6080:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/pencil2d-0.6.5/core_lib/src/miniz.cpp:7090:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_central_header, pSrc_central_header, MZ_ZIP_CENTRAL_DIR_HEADER_SIZE); data/pencil2d-0.6.5/core_lib/src/miniz.cpp:7640:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pFilename, p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE, n); data/pencil2d-0.6.5/core_lib/src/miniz.h:971:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_filename[MZ_ZIP_MAX_ARCHIVE_FILENAME_SIZE]; data/pencil2d-0.6.5/core_lib/src/miniz.h:975:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_comment[MZ_ZIP_MAX_ARCHIVE_FILE_COMMENT_SIZE]; data/pencil2d-0.6.5/core_lib/src/soundplayer.cpp:40:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QIODevice::ReadOnly); data/pencil2d-0.6.5/core_lib/src/soundplayer.cpp:43:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer->open(QBuffer::ReadOnly); data/pencil2d-0.6.5/core_lib/src/structure/filemanager.cpp:107:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QFile::ReadOnly)) data/pencil2d-0.6.5/core_lib/src/structure/filemanager.cpp:334:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QFile::WriteOnly | QFile::Text)) data/pencil2d-0.6.5/core_lib/src/structure/object.cpp:439:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QFile::WriteOnly | QFile::Text)) data/pencil2d-0.6.5/core_lib/src/structure/object.cpp:585:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QFile::ReadOnly)) data/pencil2d-0.6.5/core_lib/src/util/fileformat.cpp:48:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[128 + 1]; data/pencil2d-0.6.5/tests/src/catch.hpp:1628:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timeStamp[timeStampSize]; data/pencil2d-0.6.5/tests/src/catch.hpp:4237:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. alignas(alignof(T)) char storage[sizeof(T)]; data/pencil2d-0.6.5/tests/src/catch.hpp:4696:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char line[CATCH_CONFIG_CONSOLE_WIDTH] = {0}; data/pencil2d-0.6.5/tests/src/catch.hpp:5259:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(); data/pencil2d-0.6.5/tests/src/catch.hpp:8768:14: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(&i, &f, sizeof(f)); data/pencil2d-0.6.5/tests/src/catch.hpp:8777:14: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(&i, &d, sizeof(d)); data/pencil2d-0.6.5/tests/src/catch.hpp:9170:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_buffer[L_tmpnam] = { 0 }; data/pencil2d-0.6.5/tests/src/catch.hpp:9247:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[100]; data/pencil2d-0.6.5/tests/src/catch.hpp:9256:23: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). m_file = std::tmpfile(); data/pencil2d-0.6.5/tests/src/catch.hpp:9280:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[100] = {}; data/pencil2d-0.6.5/tests/src/catch.hpp:9699:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tracker->open(); data/pencil2d-0.6.5/tests/src/catch.hpp:10445:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char **utf8Argv = new char *[ argc ]; data/pencil2d-0.6.5/tests/src/catch.hpp:10599:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[bufferSize]; data/pencil2d-0.6.5/tests/src/catch.hpp:10648:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ofs.open( filename.c_str() ); data/pencil2d-0.6.5/tests/src/catch.hpp:10879:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( m_data, m_start, m_size ); data/pencil2d-0.6.5/tests/src/catch.hpp:11392:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void TrackerBase::open() { data/pencil2d-0.6.5/tests/src/catch.hpp:11481:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(); data/pencil2d-0.6.5/tests/src/catch.hpp:11520:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tracker->open(); data/pencil2d-0.6.5/tests/src/catch.hpp:11810:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char asChar[sizeof (int)]; data/pencil2d-0.6.5/tests/src/catch.hpp:12465:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[maxDoubleSize]; data/pencil2d-0.6.5/tests/src/catch.hpp:12472:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%.3f", duration); data/pencil2d-0.6.5/tests/src/catch.hpp:13040:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open() { data/pencil2d-0.6.5/tests/src/catch.hpp:13069:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tp.open(); data/pencil2d-0.6.5/tests/src/catch.hpp:13415:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timeStamp[timeStampSize]; data/pencil2d-0.6.5/tests/src/test_filemanager.cpp:58:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). badXMLFile.open(QIODevice::WriteOnly); data/pencil2d-0.6.5/tests/src/test_filemanager.cpp:76:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). badXMLFile.open(QIODevice::WriteOnly); data/pencil2d-0.6.5/tests/src/test_filemanager.cpp:95:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (minimalDoc.open()) data/pencil2d-0.6.5/tests/src/test_filemanager.cpp:98:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). minXML.open(QIODevice::WriteOnly); data/pencil2d-0.6.5/tests/src/test_filemanager.cpp:120:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!tmpFile.open()) data/pencil2d-0.6.5/tests/src/test_filemanager.cpp:125:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). theXML.open(QIODevice::WriteOnly); data/pencil2d-0.6.5/tests/src/test_filemanager.cpp:149:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!tmpFile.open()) data/pencil2d-0.6.5/tests/src/test_filemanager.cpp:154:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). theXML.open(QIODevice::WriteOnly); data/pencil2d-0.6.5/tests/src/test_filemanager.cpp:184:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!tmpFile.open()) data/pencil2d-0.6.5/tests/src/test_filemanager.cpp:189:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). theXML.open(QIODevice::WriteOnly); data/pencil2d-0.6.5/tests/src/test_filemanager.cpp:220:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fin.open(QFile::ReadOnly)) data/pencil2d-0.6.5/tests/src/test_filemanager.cpp:232:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fout.open(QFile::WriteOnly)) data/pencil2d-0.6.5/tests/src/test_filemanager.cpp:408:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (soundFrameDoc.open()) data/pencil2d-0.6.5/tests/src/test_filemanager.cpp:411:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). newXML.open(QIODevice::WriteOnly); data/pencil2d-0.6.5/core_lib/src/graphics/vector/vectorimage.cpp:65:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool VectorImage::read(QString filePath) data/pencil2d-0.6.5/core_lib/src/graphics/vector/vectorimage.h:44:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(QString filePath); data/pencil2d-0.6.5/core_lib/src/interface/editor.cpp:841:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (reader.read(&img)) data/pencil2d-0.6.5/core_lib/src/interface/editor.cpp:883:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool ok = importedVectorImage.read(filePath); data/pencil2d-0.6.5/core_lib/src/miniz.cpp:4283:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const mz_uint filename_len = (mz_uint)strlen(pFilename); data/pencil2d-0.6.5/core_lib/src/miniz.cpp:4345:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_len = strlen(pName); data/pencil2d-0.6.5/core_lib/src/miniz.cpp:4349:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). comment_len = pComment ? strlen(pComment) : 0; data/pencil2d-0.6.5/core_lib/src/miniz.cpp:5255:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (local_header_filename_len != strlen(file_stat.m_filename)) data/pencil2d-0.6.5/core_lib/src/miniz.cpp:6183:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). archive_name_size = strlen(pArchive_name); data/pencil2d-0.6.5/core_lib/src/miniz.cpp:6442:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). archive_name_size = strlen(pArchive_name); data/pencil2d-0.6.5/core_lib/src/structure/layervector.cpp:74:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). vecImg->read(path); data/pencil2d-0.6.5/tests/src/catch.hpp:10474:36: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). static_cast<void>(std::getchar()); data/pencil2d-0.6.5/tests/src/catch.hpp:10479:36: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). static_cast<void>(std::getchar()); data/pencil2d-0.6.5/tests/src/catch.hpp:10770:50: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return s.size() >= prefix.size() && std::equal(prefix.begin(), prefix.end(), s.begin()); data/pencil2d-0.6.5/tests/src/catch.hpp:10776:50: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return s.size() >= suffix.size() && std::equal(suffix.rbegin(), suffix.rend(), s.rbegin()); data/pencil2d-0.6.5/tests/src/catch.hpp:10847:67: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). : StringRef( rawChars, static_cast<StringRef::size_type>(std::strlen(rawChars) ) ) ANALYSIS SUMMARY: Hits = 106 Lines analyzed = 66218 in approximately 1.47 seconds (45066 lines/second) Physical Source Lines of Code (SLOC) = 48853 Hits@level = [0] 6 [1] 16 [2] 85 [3] 4 [4] 1 [5] 0 Hits@level+ = [0+] 112 [1+] 106 [2+] 90 [3+] 5 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 2.29259 [1+] 2.16977 [2+] 1.84226 [3+] 0.102348 [4+] 0.0204696 [5+] 0 Dot directories skipped = 3 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.