Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pencil2d-0.6.5/app/src/aboutdialog.cpp
Examining data/pencil2d-0.6.5/app/src/aboutdialog.h
Examining data/pencil2d-0.6.5/app/src/actioncommands.cpp
Examining data/pencil2d-0.6.5/app/src/actioncommands.h
Examining data/pencil2d-0.6.5/app/src/app-pch.h
Examining data/pencil2d-0.6.5/app/src/app_util.h
Examining data/pencil2d-0.6.5/app/src/checkupdatesdialog.cpp
Examining data/pencil2d-0.6.5/app/src/checkupdatesdialog.h
Examining data/pencil2d-0.6.5/app/src/colorbox.cpp
Examining data/pencil2d-0.6.5/app/src/colorbox.h
Examining data/pencil2d-0.6.5/app/src/colorinspector.cpp
Examining data/pencil2d-0.6.5/app/src/colorinspector.h
Examining data/pencil2d-0.6.5/app/src/colorpalettewidget.cpp
Examining data/pencil2d-0.6.5/app/src/colorpalettewidget.h
Examining data/pencil2d-0.6.5/app/src/colorslider.cpp
Examining data/pencil2d-0.6.5/app/src/colorslider.h
Examining data/pencil2d-0.6.5/app/src/colorwheel.cpp
Examining data/pencil2d-0.6.5/app/src/colorwheel.h
Examining data/pencil2d-0.6.5/app/src/displayoptionwidget.cpp
Examining data/pencil2d-0.6.5/app/src/displayoptionwidget.h
Examining data/pencil2d-0.6.5/app/src/doubleprogressdialog.cpp
Examining data/pencil2d-0.6.5/app/src/doubleprogressdialog.h
Examining data/pencil2d-0.6.5/app/src/errordialog.cpp
Examining data/pencil2d-0.6.5/app/src/errordialog.h
Examining data/pencil2d-0.6.5/app/src/exportimagedialog.cpp
Examining data/pencil2d-0.6.5/app/src/exportimagedialog.h
Examining data/pencil2d-0.6.5/app/src/exportmoviedialog.cpp
Examining data/pencil2d-0.6.5/app/src/exportmoviedialog.h
Examining data/pencil2d-0.6.5/app/src/filedialogex.cpp
Examining data/pencil2d-0.6.5/app/src/filedialogex.h
Examining data/pencil2d-0.6.5/app/src/importexportdialog.cpp
Examining data/pencil2d-0.6.5/app/src/importexportdialog.h
Examining data/pencil2d-0.6.5/app/src/importimageseqdialog.cpp
Examining data/pencil2d-0.6.5/app/src/importimageseqdialog.h
Examining data/pencil2d-0.6.5/app/src/importlayersdialog.cpp
Examining data/pencil2d-0.6.5/app/src/importlayersdialog.h
Examining data/pencil2d-0.6.5/app/src/importpositiondialog.cpp
Examining data/pencil2d-0.6.5/app/src/importpositiondialog.h
Examining data/pencil2d-0.6.5/app/src/main.cpp
Examining data/pencil2d-0.6.5/app/src/mainwindow2.cpp
Examining data/pencil2d-0.6.5/app/src/mainwindow2.h
Examining data/pencil2d-0.6.5/app/src/onionskinwidget.cpp
Examining data/pencil2d-0.6.5/app/src/onionskinwidget.h
Examining data/pencil2d-0.6.5/app/src/pegbaralignmentdialog.cpp
Examining data/pencil2d-0.6.5/app/src/pegbaralignmentdialog.h
Examining data/pencil2d-0.6.5/app/src/pencilapplication.cpp
Examining data/pencil2d-0.6.5/app/src/pencilapplication.h
Examining data/pencil2d-0.6.5/app/src/popupcolorpalettewidget.cpp
Examining data/pencil2d-0.6.5/app/src/popupcolorpalettewidget.h
Examining data/pencil2d-0.6.5/app/src/predefinedsetmodel.cpp
Examining data/pencil2d-0.6.5/app/src/predefinedsetmodel.h
Examining data/pencil2d-0.6.5/app/src/preferencesdialog.cpp
Examining data/pencil2d-0.6.5/app/src/preferencesdialog.h
Examining data/pencil2d-0.6.5/app/src/presetdialog.cpp
Examining data/pencil2d-0.6.5/app/src/presetdialog.h
Examining data/pencil2d-0.6.5/app/src/preview.cpp
Examining data/pencil2d-0.6.5/app/src/preview.h
Examining data/pencil2d-0.6.5/app/src/shortcutfilter.cpp
Examining data/pencil2d-0.6.5/app/src/shortcutfilter.h
Examining data/pencil2d-0.6.5/app/src/shortcutspage.cpp
Examining data/pencil2d-0.6.5/app/src/shortcutspage.h
Examining data/pencil2d-0.6.5/app/src/spinslider.cpp
Examining data/pencil2d-0.6.5/app/src/spinslider.h
Examining data/pencil2d-0.6.5/app/src/timeline2.cpp
Examining data/pencil2d-0.6.5/app/src/timeline2.h
Examining data/pencil2d-0.6.5/app/src/toolbox.cpp
Examining data/pencil2d-0.6.5/app/src/toolbox.h
Examining data/pencil2d-0.6.5/app/src/tooloptionwidget.cpp
Examining data/pencil2d-0.6.5/app/src/tooloptionwidget.h
Examining data/pencil2d-0.6.5/core_lib/src/activeframepool.cpp
Examining data/pencil2d-0.6.5/core_lib/src/activeframepool.h
Examining data/pencil2d-0.6.5/core_lib/src/canvaspainter.cpp
Examining data/pencil2d-0.6.5/core_lib/src/canvaspainter.h
Examining data/pencil2d-0.6.5/core_lib/src/corelib-pch.h
Examining data/pencil2d-0.6.5/core_lib/src/external/linux/linux.cpp
Examining data/pencil2d-0.6.5/core_lib/src/external/macosx/macosx.cpp
Examining data/pencil2d-0.6.5/core_lib/src/external/macosx/macosxnative.h
Examining data/pencil2d-0.6.5/core_lib/src/external/platformhandler.h
Examining data/pencil2d-0.6.5/core_lib/src/external/win32/win32.cpp
Examining data/pencil2d-0.6.5/core_lib/src/graphics/bitmap/bitmapimage.cpp
Examining data/pencil2d-0.6.5/core_lib/src/graphics/bitmap/bitmapimage.h
Examining data/pencil2d-0.6.5/core_lib/src/graphics/vector/bezierarea.cpp
Examining data/pencil2d-0.6.5/core_lib/src/graphics/vector/bezierarea.h
Examining data/pencil2d-0.6.5/core_lib/src/graphics/vector/beziercurve.cpp
Examining data/pencil2d-0.6.5/core_lib/src/graphics/vector/beziercurve.h
Examining data/pencil2d-0.6.5/core_lib/src/graphics/vector/colorref.cpp
Examining data/pencil2d-0.6.5/core_lib/src/graphics/vector/colorref.h
Examining data/pencil2d-0.6.5/core_lib/src/graphics/vector/vectorimage.cpp
Examining data/pencil2d-0.6.5/core_lib/src/graphics/vector/vectorimage.h
Examining data/pencil2d-0.6.5/core_lib/src/graphics/vector/vectorselection.cpp
Examining data/pencil2d-0.6.5/core_lib/src/graphics/vector/vectorselection.h
Examining data/pencil2d-0.6.5/core_lib/src/graphics/vector/vertexref.cpp
Examining data/pencil2d-0.6.5/core_lib/src/graphics/vector/vertexref.h
Examining data/pencil2d-0.6.5/core_lib/src/interface/backgroundwidget.cpp
Examining data/pencil2d-0.6.5/core_lib/src/interface/backgroundwidget.h
Examining data/pencil2d-0.6.5/core_lib/src/interface/backupelement.h
Examining data/pencil2d-0.6.5/core_lib/src/interface/basedockwidget.cpp
Examining data/pencil2d-0.6.5/core_lib/src/interface/basedockwidget.h
Examining data/pencil2d-0.6.5/core_lib/src/interface/editor.cpp
Examining data/pencil2d-0.6.5/core_lib/src/interface/editor.h
Examining data/pencil2d-0.6.5/core_lib/src/interface/flowlayout.cpp
Examining data/pencil2d-0.6.5/core_lib/src/interface/flowlayout.h
Examining data/pencil2d-0.6.5/core_lib/src/interface/recentfilemenu.cpp
Examining data/pencil2d-0.6.5/core_lib/src/interface/recentfilemenu.h
Examining data/pencil2d-0.6.5/core_lib/src/interface/scribblearea.cpp
Examining data/pencil2d-0.6.5/core_lib/src/interface/scribblearea.h
Examining data/pencil2d-0.6.5/core_lib/src/interface/timecontrols.cpp
Examining data/pencil2d-0.6.5/core_lib/src/interface/timecontrols.h
Examining data/pencil2d-0.6.5/core_lib/src/interface/timeline.cpp
Examining data/pencil2d-0.6.5/core_lib/src/interface/timeline.h
Examining data/pencil2d-0.6.5/core_lib/src/interface/timelinecells.cpp
Examining data/pencil2d-0.6.5/core_lib/src/interface/timelinecells.h
Examining data/pencil2d-0.6.5/core_lib/src/managers/basemanager.cpp
Examining data/pencil2d-0.6.5/core_lib/src/managers/basemanager.h
Examining data/pencil2d-0.6.5/core_lib/src/managers/colormanager.cpp
Examining data/pencil2d-0.6.5/core_lib/src/managers/colormanager.h
Examining data/pencil2d-0.6.5/core_lib/src/managers/layermanager.cpp
Examining data/pencil2d-0.6.5/core_lib/src/managers/layermanager.h
Examining data/pencil2d-0.6.5/core_lib/src/managers/playbackmanager.cpp
Examining data/pencil2d-0.6.5/core_lib/src/managers/playbackmanager.h
Examining data/pencil2d-0.6.5/core_lib/src/managers/preferencemanager.cpp
Examining data/pencil2d-0.6.5/core_lib/src/managers/preferencemanager.h
Examining data/pencil2d-0.6.5/core_lib/src/managers/selectionmanager.cpp
Examining data/pencil2d-0.6.5/core_lib/src/managers/selectionmanager.h
Examining data/pencil2d-0.6.5/core_lib/src/managers/soundmanager.cpp
Examining data/pencil2d-0.6.5/core_lib/src/managers/soundmanager.h
Examining data/pencil2d-0.6.5/core_lib/src/managers/toolmanager.cpp
Examining data/pencil2d-0.6.5/core_lib/src/managers/toolmanager.h
Examining data/pencil2d-0.6.5/core_lib/src/managers/viewmanager.cpp
Examining data/pencil2d-0.6.5/core_lib/src/managers/viewmanager.h
Examining data/pencil2d-0.6.5/core_lib/src/miniz.cpp
Examining data/pencil2d-0.6.5/core_lib/src/miniz.h
Examining data/pencil2d-0.6.5/core_lib/src/movieexporter.cpp
Examining data/pencil2d-0.6.5/core_lib/src/movieexporter.h
Examining data/pencil2d-0.6.5/core_lib/src/movieimporter.h
Examining data/pencil2d-0.6.5/core_lib/src/qminiz.cpp
Examining data/pencil2d-0.6.5/core_lib/src/qminiz.h
Examining data/pencil2d-0.6.5/core_lib/src/selectionpainter.cpp
Examining data/pencil2d-0.6.5/core_lib/src/selectionpainter.h
Examining data/pencil2d-0.6.5/core_lib/src/soundplayer.cpp
Examining data/pencil2d-0.6.5/core_lib/src/soundplayer.h
Examining data/pencil2d-0.6.5/core_lib/src/structure/camera.cpp
Examining data/pencil2d-0.6.5/core_lib/src/structure/camera.h
Examining data/pencil2d-0.6.5/core_lib/src/structure/filemanager.cpp
Examining data/pencil2d-0.6.5/core_lib/src/structure/filemanager.h
Examining data/pencil2d-0.6.5/core_lib/src/structure/keyframe.cpp
Examining data/pencil2d-0.6.5/core_lib/src/structure/keyframe.h
Examining data/pencil2d-0.6.5/core_lib/src/structure/layer.cpp
Examining data/pencil2d-0.6.5/core_lib/src/structure/layer.h
Examining data/pencil2d-0.6.5/core_lib/src/structure/layerbitmap.cpp
Examining data/pencil2d-0.6.5/core_lib/src/structure/layerbitmap.h
Examining data/pencil2d-0.6.5/core_lib/src/structure/layercamera.cpp
Examining data/pencil2d-0.6.5/core_lib/src/structure/layercamera.h
Examining data/pencil2d-0.6.5/core_lib/src/structure/layersound.cpp
Examining data/pencil2d-0.6.5/core_lib/src/structure/layersound.h
Examining data/pencil2d-0.6.5/core_lib/src/structure/layervector.cpp
Examining data/pencil2d-0.6.5/core_lib/src/structure/layervector.h
Examining data/pencil2d-0.6.5/core_lib/src/structure/object.cpp
Examining data/pencil2d-0.6.5/core_lib/src/structure/object.h
Examining data/pencil2d-0.6.5/core_lib/src/structure/objectdata.cpp
Examining data/pencil2d-0.6.5/core_lib/src/structure/objectdata.h
Examining data/pencil2d-0.6.5/core_lib/src/structure/soundclip.cpp
Examining data/pencil2d-0.6.5/core_lib/src/structure/soundclip.h
Examining data/pencil2d-0.6.5/core_lib/src/tool/basetool.cpp
Examining data/pencil2d-0.6.5/core_lib/src/tool/basetool.h
Examining data/pencil2d-0.6.5/core_lib/src/tool/brushtool.cpp
Examining data/pencil2d-0.6.5/core_lib/src/tool/brushtool.h
Examining data/pencil2d-0.6.5/core_lib/src/tool/buckettool.cpp
Examining data/pencil2d-0.6.5/core_lib/src/tool/buckettool.h
Examining data/pencil2d-0.6.5/core_lib/src/tool/erasertool.cpp
Examining data/pencil2d-0.6.5/core_lib/src/tool/erasertool.h
Examining data/pencil2d-0.6.5/core_lib/src/tool/eyedroppertool.cpp
Examining data/pencil2d-0.6.5/core_lib/src/tool/eyedroppertool.h
Examining data/pencil2d-0.6.5/core_lib/src/tool/handtool.cpp
Examining data/pencil2d-0.6.5/core_lib/src/tool/handtool.h
Examining data/pencil2d-0.6.5/core_lib/src/tool/movetool.cpp
Examining data/pencil2d-0.6.5/core_lib/src/tool/movetool.h
Examining data/pencil2d-0.6.5/core_lib/src/tool/penciltool.cpp
Examining data/pencil2d-0.6.5/core_lib/src/tool/penciltool.h
Examining data/pencil2d-0.6.5/core_lib/src/tool/pentool.cpp
Examining data/pencil2d-0.6.5/core_lib/src/tool/pentool.h
Examining data/pencil2d-0.6.5/core_lib/src/tool/polylinetool.cpp
Examining data/pencil2d-0.6.5/core_lib/src/tool/polylinetool.h
Examining data/pencil2d-0.6.5/core_lib/src/tool/selecttool.cpp
Examining data/pencil2d-0.6.5/core_lib/src/tool/selecttool.h
Examining data/pencil2d-0.6.5/core_lib/src/tool/smudgetool.cpp
Examining data/pencil2d-0.6.5/core_lib/src/tool/smudgetool.h
Examining data/pencil2d-0.6.5/core_lib/src/tool/strokemanager.cpp
Examining data/pencil2d-0.6.5/core_lib/src/tool/strokemanager.h
Examining data/pencil2d-0.6.5/core_lib/src/tool/stroketool.cpp
Examining data/pencil2d-0.6.5/core_lib/src/tool/stroketool.h
Examining data/pencil2d-0.6.5/core_lib/src/util/blitrect.cpp
Examining data/pencil2d-0.6.5/core_lib/src/util/blitrect.h
Examining data/pencil2d-0.6.5/core_lib/src/util/bspline.cpp
Examining data/pencil2d-0.6.5/core_lib/src/util/colordictionary.h
Examining data/pencil2d-0.6.5/core_lib/src/util/fileformat.cpp
Examining data/pencil2d-0.6.5/core_lib/src/util/fileformat.h
Examining data/pencil2d-0.6.5/core_lib/src/util/filetype.h
Examining data/pencil2d-0.6.5/core_lib/src/util/log.cpp
Examining data/pencil2d-0.6.5/core_lib/src/util/log.h
Examining data/pencil2d-0.6.5/core_lib/src/util/mathutils.h
Examining data/pencil2d-0.6.5/core_lib/src/util/movemode.h
Examining data/pencil2d-0.6.5/core_lib/src/util/pencildef.h
Examining data/pencil2d-0.6.5/core_lib/src/util/pencilerror.cpp
Examining data/pencil2d-0.6.5/core_lib/src/util/pencilerror.h
Examining data/pencil2d-0.6.5/core_lib/src/util/pencilsettings.cpp
Examining data/pencil2d-0.6.5/core_lib/src/util/pencilsettings.h
Examining data/pencil2d-0.6.5/core_lib/src/util/pointerevent.cpp
Examining data/pencil2d-0.6.5/core_lib/src/util/pointerevent.h
Examining data/pencil2d-0.6.5/core_lib/src/util/util.cpp
Examining data/pencil2d-0.6.5/core_lib/src/util/util.h
Examining data/pencil2d-0.6.5/core_lib/src/movieimporter.cpp
Examining data/pencil2d-0.6.5/tests/src/catch.hpp
Examining data/pencil2d-0.6.5/tests/src/main.cpp
Examining data/pencil2d-0.6.5/tests/src/test_bitmapimage.cpp
Examining data/pencil2d-0.6.5/tests/src/test_colormanager.cpp
Examining data/pencil2d-0.6.5/tests/src/test_filemanager.cpp
Examining data/pencil2d-0.6.5/tests/src/test_layer.cpp
Examining data/pencil2d-0.6.5/tests/src/test_layermanager.cpp
Examining data/pencil2d-0.6.5/tests/src/test_object.cpp
Examining data/pencil2d-0.6.5/tests/src/test_viewmanager.cpp
Examining data/pencil2d-0.6.5/translations/dummy.cpp
FINAL RESULTS:
data/pencil2d-0.6.5/app/src/main.cpp:41:34: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
strUserLocale = QLocale::system().name();
data/pencil2d-0.6.5/core_lib/src/structure/filemanager.cpp:45:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(static_cast<uint>(time(nullptr)));
data/pencil2d-0.6.5/tests/src/catch.hpp:3351:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
auto random( T const& first, T const& last ) -> Generator<T> {
data/pencil2d-0.6.5/tests/src/catch.hpp:3358:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
auto random( size_t size ) -> Generator<T> {
data/pencil2d-0.6.5/tests/src/catch.hpp:9361:18: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand( config.rngSeed() );
data/pencil2d-0.6.5/app/src/mainwindow2.cpp:725:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (eLog.open(QIODevice::WriteOnly | QIODevice::Text))
data/pencil2d-0.6.5/app/src/mainwindow2.cpp:1103:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
presetDialog->open();
data/pencil2d-0.6.5/core_lib/src/graphics/vector/vectorimage.cpp:74:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::ReadOnly))
data/pencil2d-0.6.5/core_lib/src/graphics/vector/vectorimage.cpp:112:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool result = file.open(QIODevice::WriteOnly);
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:29:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char mz_validate_uint16[sizeof(mz_uint16) == 2 ? 1 : -1];
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:30:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char mz_validate_uint32[sizeof(mz_uint32) == 4 ? 1 : -1];
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:31:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char mz_validate_uint64[sizeof(mz_uint64) == 8 ? 1 : -1];
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:486:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pStream->next_out, pState->m_dict + pState->m_dict_ofs, n);
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:511:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pStream->next_out, pState->m_dict + pState->m_dict_ofs, n);
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:987:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(code_sizes_to_pack, &d->m_huff_code_sizes[0][0], num_lit_codes);
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:988:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(code_sizes_to_pack + num_lit_codes, &d->m_huff_code_sizes[1][0], num_dist_codes);
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:1350:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((mz_uint8 *)d->m_pOut_buf + d->m_out_buf_ofs, d->m_output_buf, bytes_to_copy);
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:1372:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ret, p, sizeof(mz_uint16));
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:1378:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ret, p, sizeof(mz_uint16));
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:1488:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ret, p, sizeof(mz_uint32));
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:1512:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->m_dict + dst_pos, d->m_pSrc, n);
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:1514:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->m_dict + TDEFL_LZ_DICT_SIZE + dst_pos, d->m_pSrc, MZ_MIN(n, (TDEFL_MAX_MATCH_LEN - 1) - dst_pos));
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:1564:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pLZ_code_buf[1], &cur_match_dist, sizeof(cur_match_dist));
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:1866:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((mz_uint8 *)d->m_pOut_buf + d->m_out_buf_ofs, d->m_output_buf + d->m_output_flush_ofs, n);
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:2038:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((mz_uint8 *)p->m_pBuf + p->m_size, pBuf, len);
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:2162:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_buf.m_pBuf, pnghdr, 41);
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:2242:31: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define TINFL_MEMCPY(d, s, l) memcpy(d, s, l)
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:2734:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pOut_buf_cur, pSrc, sizeof(mz_uint32)*2);
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:3034:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define MZ_FOPEN(f, m) fopen(f, m)
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:3049:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define MZ_FOPEN(f, m) fopen(f, m)
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:3079:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define MZ_FOPEN(f, m) fopen(f, m)
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:3096:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define MZ_FOPEN(f, m) fopen(f, m)
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:3315:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((mz_uint8 *)pArray->m_p + orig_size * pArray->m_element_size, pElements, n * pArray->m_element_size);
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:3886:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBuf, (const mz_uint8 *)pZip->m_pState->m_pMem + file_ofs, s);
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:4159:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pStat->m_filename, p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE, n);
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:4165:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pStat->m_comment, p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + MZ_READ_LE16(p + MZ_ZIP_CDH_FILENAME_LEN_OFS) + MZ_READ_LE16(p + MZ_ZIP_CDH_EXTRA_LEN_OFS), n);
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:4969:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pvBuf, pState->pRead_buf, copied_to_caller );
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:5041:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (uint8_t*)pvBuf + copied_to_caller, pWrite_buf_cur, to_copy );
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:5594:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((mz_uint8 *)pState->m_pMem + file_ofs, pBuf, n);
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:5781:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:6080:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:7090:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_central_header, pSrc_central_header, MZ_ZIP_CENTRAL_DIR_HEADER_SIZE);
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:7640:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pFilename, p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE, n);
data/pencil2d-0.6.5/core_lib/src/miniz.h:971:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_filename[MZ_ZIP_MAX_ARCHIVE_FILENAME_SIZE];
data/pencil2d-0.6.5/core_lib/src/miniz.h:975:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_comment[MZ_ZIP_MAX_ARCHIVE_FILE_COMMENT_SIZE];
data/pencil2d-0.6.5/core_lib/src/soundplayer.cpp:40:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::ReadOnly);
data/pencil2d-0.6.5/core_lib/src/soundplayer.cpp:43:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer->open(QBuffer::ReadOnly);
data/pencil2d-0.6.5/core_lib/src/structure/filemanager.cpp:107:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::ReadOnly))
data/pencil2d-0.6.5/core_lib/src/structure/filemanager.cpp:334:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::WriteOnly | QFile::Text))
data/pencil2d-0.6.5/core_lib/src/structure/object.cpp:439:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::WriteOnly | QFile::Text))
data/pencil2d-0.6.5/core_lib/src/structure/object.cpp:585:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::ReadOnly))
data/pencil2d-0.6.5/core_lib/src/util/fileformat.cpp:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[128 + 1];
data/pencil2d-0.6.5/tests/src/catch.hpp:1628:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeStamp[timeStampSize];
data/pencil2d-0.6.5/tests/src/catch.hpp:4237:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
alignas(alignof(T)) char storage[sizeof(T)];
data/pencil2d-0.6.5/tests/src/catch.hpp:4696:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[CATCH_CONFIG_CONSOLE_WIDTH] = {0};
data/pencil2d-0.6.5/tests/src/catch.hpp:5259:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open();
data/pencil2d-0.6.5/tests/src/catch.hpp:8768:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&i, &f, sizeof(f));
data/pencil2d-0.6.5/tests/src/catch.hpp:8777:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&i, &d, sizeof(d));
data/pencil2d-0.6.5/tests/src/catch.hpp:9170:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_buffer[L_tmpnam] = { 0 };
data/pencil2d-0.6.5/tests/src/catch.hpp:9247:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100];
data/pencil2d-0.6.5/tests/src/catch.hpp:9256:23: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
m_file = std::tmpfile();
data/pencil2d-0.6.5/tests/src/catch.hpp:9280:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100] = {};
data/pencil2d-0.6.5/tests/src/catch.hpp:9699:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tracker->open();
data/pencil2d-0.6.5/tests/src/catch.hpp:10445:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **utf8Argv = new char *[ argc ];
data/pencil2d-0.6.5/tests/src/catch.hpp:10599:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[bufferSize];
data/pencil2d-0.6.5/tests/src/catch.hpp:10648:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ofs.open( filename.c_str() );
data/pencil2d-0.6.5/tests/src/catch.hpp:10879:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( m_data, m_start, m_size );
data/pencil2d-0.6.5/tests/src/catch.hpp:11392:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void TrackerBase::open() {
data/pencil2d-0.6.5/tests/src/catch.hpp:11481:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open();
data/pencil2d-0.6.5/tests/src/catch.hpp:11520:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tracker->open();
data/pencil2d-0.6.5/tests/src/catch.hpp:11810:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char asChar[sizeof (int)];
data/pencil2d-0.6.5/tests/src/catch.hpp:12465:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[maxDoubleSize];
data/pencil2d-0.6.5/tests/src/catch.hpp:12472:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%.3f", duration);
data/pencil2d-0.6.5/tests/src/catch.hpp:13040:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() {
data/pencil2d-0.6.5/tests/src/catch.hpp:13069:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tp.open();
data/pencil2d-0.6.5/tests/src/catch.hpp:13415:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeStamp[timeStampSize];
data/pencil2d-0.6.5/tests/src/test_filemanager.cpp:58:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
badXMLFile.open(QIODevice::WriteOnly);
data/pencil2d-0.6.5/tests/src/test_filemanager.cpp:76:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
badXMLFile.open(QIODevice::WriteOnly);
data/pencil2d-0.6.5/tests/src/test_filemanager.cpp:95:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (minimalDoc.open())
data/pencil2d-0.6.5/tests/src/test_filemanager.cpp:98:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
minXML.open(QIODevice::WriteOnly);
data/pencil2d-0.6.5/tests/src/test_filemanager.cpp:120:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tmpFile.open())
data/pencil2d-0.6.5/tests/src/test_filemanager.cpp:125:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
theXML.open(QIODevice::WriteOnly);
data/pencil2d-0.6.5/tests/src/test_filemanager.cpp:149:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tmpFile.open())
data/pencil2d-0.6.5/tests/src/test_filemanager.cpp:154:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
theXML.open(QIODevice::WriteOnly);
data/pencil2d-0.6.5/tests/src/test_filemanager.cpp:184:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tmpFile.open())
data/pencil2d-0.6.5/tests/src/test_filemanager.cpp:189:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
theXML.open(QIODevice::WriteOnly);
data/pencil2d-0.6.5/tests/src/test_filemanager.cpp:220:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!fin.open(QFile::ReadOnly))
data/pencil2d-0.6.5/tests/src/test_filemanager.cpp:232:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!fout.open(QFile::WriteOnly))
data/pencil2d-0.6.5/tests/src/test_filemanager.cpp:408:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (soundFrameDoc.open())
data/pencil2d-0.6.5/tests/src/test_filemanager.cpp:411:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
newXML.open(QIODevice::WriteOnly);
data/pencil2d-0.6.5/core_lib/src/graphics/vector/vectorimage.cpp:65:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool VectorImage::read(QString filePath)
data/pencil2d-0.6.5/core_lib/src/graphics/vector/vectorimage.h:44:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(QString filePath);
data/pencil2d-0.6.5/core_lib/src/interface/editor.cpp:841:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (reader.read(&img))
data/pencil2d-0.6.5/core_lib/src/interface/editor.cpp:883:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool ok = importedVectorImage.read(filePath);
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:4283:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const mz_uint filename_len = (mz_uint)strlen(pFilename);
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:4345:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(pName);
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:4349:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
comment_len = pComment ? strlen(pComment) : 0;
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:5255:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (local_header_filename_len != strlen(file_stat.m_filename))
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:6183:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
archive_name_size = strlen(pArchive_name);
data/pencil2d-0.6.5/core_lib/src/miniz.cpp:6442:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
archive_name_size = strlen(pArchive_name);
data/pencil2d-0.6.5/core_lib/src/structure/layervector.cpp:74:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
vecImg->read(path);
data/pencil2d-0.6.5/tests/src/catch.hpp:10474:36: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static_cast<void>(std::getchar());
data/pencil2d-0.6.5/tests/src/catch.hpp:10479:36: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static_cast<void>(std::getchar());
data/pencil2d-0.6.5/tests/src/catch.hpp:10770:50: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return s.size() >= prefix.size() && std::equal(prefix.begin(), prefix.end(), s.begin());
data/pencil2d-0.6.5/tests/src/catch.hpp:10776:50: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return s.size() >= suffix.size() && std::equal(suffix.rbegin(), suffix.rend(), s.rbegin());
data/pencil2d-0.6.5/tests/src/catch.hpp:10847:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
: StringRef( rawChars, static_cast<StringRef::size_type>(std::strlen(rawChars) ) )
ANALYSIS SUMMARY:
Hits = 106
Lines analyzed = 66218 in approximately 1.47 seconds (45066 lines/second)
Physical Source Lines of Code (SLOC) = 48853
Hits@level = [0] 6 [1] 16 [2] 85 [3] 4 [4] 1 [5] 0
Hits@level+ = [0+] 112 [1+] 106 [2+] 90 [3+] 5 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 2.29259 [1+] 2.16977 [2+] 1.84226 [3+] 0.102348 [4+] 0.0204696 [5+] 0
Dot directories skipped = 3 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.