Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/qstardict-1.3/config.tests/kde/main.cpp
Examining data/qstardict-1.3/kdeplasma/applet/dict.cpp
Examining data/qstardict-1.3/kdeplasma/applet/dict.h
Examining data/qstardict-1.3/kdeplasma/dataengine/dictengine.h
Examining data/qstardict-1.3/kdeplasma/dataengine/dictengine.cpp
Examining data/qstardict-1.3/plugins/baseplugin.h
Examining data/qstardict-1.3/plugins/kdeintegration/kdeintegration.cpp
Examining data/qstardict-1.3/plugins/kdeintegration/kdeintegration.h
Examining data/qstardict-1.3/plugins/multitran/multitran.cpp
Examining data/qstardict-1.3/plugins/multitran/multitran.h
Examining data/qstardict-1.3/plugins/pluginserver.h
Examining data/qstardict-1.3/plugins/stardict/dictziplib.cpp
Examining data/qstardict-1.3/plugins/stardict/dictziplib.hpp
Examining data/qstardict-1.3/plugins/stardict/distance.h
Examining data/qstardict-1.3/plugins/stardict/file.hpp
Examining data/qstardict-1.3/plugins/stardict/lib.cpp
Examining data/qstardict-1.3/plugins/stardict/lib.h
Examining data/qstardict-1.3/plugins/stardict/mapfile.hpp
Examining data/qstardict-1.3/plugins/stardict/settingsdialog.cpp
Examining data/qstardict-1.3/plugins/stardict/settingsdialog.h
Examining data/qstardict-1.3/plugins/stardict/stardict.h
Examining data/qstardict-1.3/plugins/stardict/distance.cpp
Examining data/qstardict-1.3/plugins/stardict/stardict.cpp
Examining data/qstardict-1.3/plugins/swac/swac.cpp
Examining data/qstardict-1.3/plugins/swac/swac.h
Examining data/qstardict-1.3/plugins/trayplugin.h
Examining data/qstardict-1.3/plugins/web/settingsdialog.cpp
Examining data/qstardict-1.3/plugins/web/settingsdialog.h
Examining data/qstardict-1.3/plugins/web/web.cpp
Examining data/qstardict-1.3/plugins/web/web.h
Examining data/qstardict-1.3/plugins/anki/anki.cpp
Examining data/qstardict-1.3/plugins/anki/anki.h
Examining data/qstardict-1.3/plugins/anki/settingsdialog.cpp
Examining data/qstardict-1.3/plugins/anki/settingsdialog.h
Examining data/qstardict-1.3/plugins/toolbarplugin.h
Examining data/qstardict-1.3/plugins/dictplugin.h
Examining data/qstardict-1.3/plugins/metadata.h
Examining data/qstardict-1.3/qstardict/appinfo.h
Examining data/qstardict-1.3/qstardict/application.h
Examining data/qstardict-1.3/qstardict/cssedit.cpp
Examining data/qstardict-1.3/qstardict/cssedit.h
Examining data/qstardict-1.3/qstardict/dbusadaptor.cpp
Examining data/qstardict-1.3/qstardict/dbusadaptor.h
Examining data/qstardict-1.3/qstardict/dictbrowser.cpp
Examining data/qstardict-1.3/qstardict/dictbrowser.h
Examining data/qstardict-1.3/qstardict/dictbrowsersearch.cpp
Examining data/qstardict-1.3/qstardict/dictbrowsersearch.h
Examining data/qstardict-1.3/qstardict/dictcore.cpp
Examining data/qstardict-1.3/qstardict/dictcore.h
Examining data/qstardict-1.3/qstardict/keyboard.cpp
Examining data/qstardict-1.3/qstardict/keyboard.h
Examining data/qstardict-1.3/qstardict/main.cpp
Examining data/qstardict-1.3/qstardict/mainwindow.cpp
Examining data/qstardict-1.3/qstardict/pluginsmodel.cpp
Examining data/qstardict-1.3/qstardict/pluginsmodel.h
Examining data/qstardict-1.3/qstardict/pluginsview.cpp
Examining data/qstardict-1.3/qstardict/pluginsview.h
Examining data/qstardict-1.3/qstardict/popupwindow.cpp
Examining data/qstardict-1.3/qstardict/resizablepopup.cpp
Examining data/qstardict-1.3/qstardict/resizablepopup.h
Examining data/qstardict-1.3/qstardict/selection.cpp
Examining data/qstardict-1.3/qstardict/selection.h
Examining data/qstardict-1.3/qstardict/settingsdialog.h
Examining data/qstardict-1.3/qstardict/speaker.cpp
Examining data/qstardict-1.3/qstardict/speaker.h
Examining data/qstardict-1.3/qstardict/trayicon.cpp
Examining data/qstardict-1.3/qstardict/trayicon.h
Examining data/qstardict-1.3/qstardict/util.cpp
Examining data/qstardict-1.3/qstardict/util.h
Examining data/qstardict-1.3/qstardict/appinfo.cpp
Examining data/qstardict-1.3/qstardict/application.cpp
Examining data/qstardict-1.3/qstardict/dictwidget.cpp
Examining data/qstardict-1.3/qstardict/dictwidget.h
Examining data/qstardict-1.3/qstardict/mainwindow.h
Examining data/qstardict-1.3/qstardict/pluginmanager.cpp
Examining data/qstardict-1.3/qstardict/pluginmanager.h
Examining data/qstardict-1.3/qstardict/popupwindow.h
Examining data/qstardict-1.3/qstardict/settingsdialog.cpp
Examining data/qstardict-1.3/qxt/qxtglobal.cpp
Examining data/qstardict-1.3/qxt/qxtglobal.h
Examining data/qstardict-1.3/qxt/qxtglobalshortcut.cpp
Examining data/qstardict-1.3/qxt/qxtglobalshortcut.h
Examining data/qstardict-1.3/qxt/qxtglobalshortcut_mac.cpp
Examining data/qstardict-1.3/qxt/qxtglobalshortcut_p.h
Examining data/qstardict-1.3/qxt/qxtglobalshortcut_win.cpp
Examining data/qstardict-1.3/qxt/qxtglobalshortcut_x11.cpp
FINAL RESULTS:
data/qstardict-1.3/plugins/stardict/lib.cpp:1284:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sNewWord, sWord);
data/qstardict-1.3/plugins/stardict/lib.cpp:1307:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sNewWord, sWord);
data/qstardict-1.3/plugins/stardict/lib.cpp:1357:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sNewWord, sWord);
data/qstardict-1.3/plugins/stardict/lib.cpp:1436:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sNewWord, sWord);
data/qstardict-1.3/plugins/stardict/lib.cpp:1459:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sNewWord, sWord);
data/qstardict-1.3/plugins/stardict/lib.cpp:1508:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sNewWord, sWord);
data/qstardict-1.3/plugins/stardict/lib.cpp:1535:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sNewWord, sWord);
data/qstardict-1.3/plugins/stardict/lib.cpp:1562:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sNewWord, sWord);
data/qstardict-1.3/plugins/stardict/lib.cpp:1585:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sNewWord, sWord);
data/qstardict-1.3/qstardict/appinfo.cpp:136:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QDir system(systemAppPluginsDir());
data/qstardict-1.3/qstardict/appinfo.cpp:137:18: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (local == system) {
data/qstardict-1.3/qstardict/application.cpp:57:48: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
m_translator->load("qstardict-" + QLocale::system().name(), binPath + "/../i18n/");
data/qstardict-1.3/qstardict/application.cpp:59:48: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
m_translator->load("qstardict-" + QLocale::system().name(), QSTARDICT_TRANSLATIONS_DIR);
data/qstardict-1.3/qstardict/application.cpp:63:43: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
m_qtTranslator->load("qt_" + QLocale::system().name(), QLibraryInfo::location(QLibraryInfo::TranslationsPath));
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:127:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFERSIZE];
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:137:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(str = fopen(fname.c_str(), "rb")))
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:298:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool dictData::open(const std::string& fname, int computeCRC)
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:324:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = ::open(fname.c_str(), O_RDONLY )) < 0)
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:339:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!mapfile.open(fname.c_str(), size))
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:388:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outBuffer[OUT_BUFFER_SIZE];
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:413:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buffer, this->start + start, size );
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:486:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( outBuffer, this->start + this->offsets[i], this->chunks[i] );
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:512:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pt, inBuffer + firstOffset, lastOffset - firstOffset);
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:523:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pt, inBuffer + firstOffset,
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:530:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pt, inBuffer, lastOffset );
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:536:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pt, inBuffer, this->chunkLength );
data/qstardict-1.3/plugins/stardict/dictziplib.hpp:25:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const std::string& filename, int computeCRC);
data/qstardict-1.3/plugins/stardict/lib.cpp:83:17: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wordcount = atol(tmpstr);
data/qstardict-1.3/plugins/stardict/lib.cpp:97:27: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index_file_size = atol(tmpstr);
data/qstardict-1.3/plugins/stardict/lib.cpp:113:27: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index_file_size = atol(tmpstr);
data/qstardict-1.3/plugins/stardict/lib.cpp:259:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p1, p2, sec_size);
data/qstardict-1.3/plugins/stardict/lib.cpp:267:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p1, p2, sec_size);
data/qstardict-1.3/plugins/stardict/lib.cpp:281:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p1, p2, sec_size);
data/qstardict-1.3/plugins/stardict/lib.cpp:299:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p1, p2, sec_size);
data/qstardict-1.3/plugins/stardict/lib.cpp:307:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p1, p2, sec_size);
data/qstardict-1.3/plugins/stardict/lib.cpp:314:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p1, p2, sec_size);
data/qstardict-1.3/plugins/stardict/lib.cpp:318:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p1, p2, sec_size);
data/qstardict-1.3/plugins/stardict/lib.cpp:608:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!mf.open(it->c_str(), cachestat.st_size))
data/qstardict-1.3/plugins/stardict/lib.cpp:649:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *out = fopen(it->c_str(), "wb");
data/qstardict-1.3/plugins/stardict/lib.cpp:671:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!map_file.open(url.c_str(), fsize))
data/qstardict-1.3/plugins/stardict/lib.cpp:693:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(idxfile = fopen(url.c_str(), "rb")))
data/qstardict-1.3/plugins/stardict/lib.cpp:923:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!dictdzfile->open(fullfilename, 0))
data/qstardict-1.3/plugins/stardict/lib.cpp:932:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dictfile = fopen(fullfilename.c_str(), "rb");
data/qstardict-1.3/plugins/stardict/mapfile.hpp:32:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const char *file_name, unsigned long file_size);
data/qstardict-1.3/plugins/stardict/mapfile.hpp:50:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inline bool MapFile::open(const char *file_name, unsigned long file_size)
data/qstardict-1.3/plugins/stardict/mapfile.hpp:55:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((mmap_fd = ::open(file_name, O_RDONLY)) < 0)
data/qstardict-1.3/plugins/swac/swac.cpp:38:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
db->open();
data/qstardict-1.3/qstardict/appinfo.cpp:21:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t path[MAX_PATH];
data/qstardict-1.3/qstardict/dictwidget.cpp:177:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (! outputFile.open(QIODevice::WriteOnly | QIODevice::Text))
data/qstardict-1.3/qstardict/selection.cpp:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szWindowText[256];
data/qstardict-1.3/qstardict/settingsdialog.cpp:91:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (desktop.open(QIODevice::ReadOnly) && QString(desktop.readAll())
data/qstardict-1.3/qstardict/settingsdialog.cpp:184:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (desktopFile.open(QIODevice::ReadOnly)) {
data/qstardict-1.3/qstardict/settingsdialog.cpp:189:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f.open(QIODevice::WriteOnly | QIODevice::Text)) {
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:146:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
id1 = getc( str );
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:147:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
id2 = getc( str );
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:173:20: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
this->method = getc( str );
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:174:19: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
this->flags = getc( str );
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:175:19: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
this->mtime = getc( str ) << 0;
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:176:20: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
this->mtime |= getc( str ) << 8;
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:177:20: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
this->mtime |= getc( str ) << 16;
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:178:20: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
this->mtime |= getc( str ) << 24;
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:179:24: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
this->extraFlags = getc( str );
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:180:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
this->os = getc( str );
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:184:23: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
extraLength = getc( str ) << 0;
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:185:24: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
extraLength |= getc( str ) << 8;
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:187:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
si1 = getc( str );
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:188:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
si2 = getc( str );
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:192:25: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
subLength = getc( str ) << 0;
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:193:26: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
subLength |= getc( str ) << 8;
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:194:29: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
this->version = getc( str ) << 0;
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:195:30: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
this->version |= getc( str ) << 8;
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:204:33: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
this->chunkLength = getc( str ) << 0;
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:205:34: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
this->chunkLength |= getc( str ) << 8;
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:206:32: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
this->chunkCount = getc( str ) << 0;
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:207:33: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
this->chunkCount |= getc( str ) << 8;
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:218:35: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
this->chunks[i] = getc( str ) << 0;
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:219:36: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
this->chunks[i] |= getc( str ) << 8;
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:232:21: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc( str )) && c != EOF)
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:247:21: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc( str )) && c != EOF)
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:260:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc( str );
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:261:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc( str );
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:273:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
this->crc = getc( str ) << 0;
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:274:18: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
this->crc |= getc( str ) << 8;
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:275:18: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
this->crc |= getc( str ) << 16;
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:276:18: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
this->crc |= getc( str ) << 24;
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:277:20: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
this->length = getc( str ) << 0;
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:278:21: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
this->length |= getc( str ) << 8;
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:279:21: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
this->length |= getc( str ) << 16;
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:280:21: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
this->length |= getc( str ) << 24;
data/qstardict-1.3/plugins/stardict/dictziplib.cpp:382:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void dictData::read(char *buffer, unsigned long start, unsigned long size)
data/qstardict-1.3/plugins/stardict/dictziplib.hpp:27:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(char *buffer, unsigned long start, unsigned long size);
data/qstardict-1.3/plugins/stardict/distance.cpp:174:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(s);
data/qstardict-1.3/plugins/stardict/distance.cpp:175:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m = strlen(t);
data/qstardict-1.3/plugins/stardict/lib.cpp:71:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p1 = buffer + strlen(magic_data) - 1;
data/qstardict-1.3/plugins/stardict/lib.cpp:211:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dictdzfile->read(origin_data, idxitem_offset, idxitem_size);
data/qstardict-1.3/plugins/stardict/lib.cpp:258:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sec_size = strlen(p2) + 1;
data/qstardict-1.3/plugins/stardict/lib.cpp:279:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sec_size = strlen(p2) + 1;
data/qstardict-1.3/plugins/stardict/lib.cpp:333:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dictdzfile->read(data + sizeof(guint32), idxitem_offset, idxitem_size);
data/qstardict-1.3/plugins/stardict/lib.cpp:365:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dictdzfile->read(origin_data, idxitem_offset, idxitem_size);
data/qstardict-1.3/plugins/stardict/lib.cpp:392:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sec_size = strlen(p) + 1;
data/qstardict-1.3/plugins/stardict/lib.cpp:403:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sec_size = strlen(p) + 1;
data/qstardict-1.3/plugins/stardict/lib.cpp:452:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sec_size = strlen(p) + 1;
data/qstardict-1.3/plugins/stardict/lib.cpp:463:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sec_size = strlen(p) + 1;
data/qstardict-1.3/plugins/stardict/lib.cpp:554:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p);
data/qstardict-1.3/plugins/stardict/lib.cpp:610:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(mf.begin(), CACHE_MAGIC, strlen(CACHE_MAGIC)) != 0)
data/qstardict-1.3/plugins/stardict/lib.cpp:612:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(&wordoffset[0], mf.begin() + strlen(CACHE_MAGIC), wordoffset.size()*sizeof(wordoffset[0]));
data/qstardict-1.3/plugins/stardict/lib.cpp:652:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fwrite(CACHE_MAGIC, 1, strlen(CACHE_MAGIC), out) != strlen(CACHE_MAGIC))
data/qstardict-1.3/plugins/stardict/lib.cpp:652:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fwrite(CACHE_MAGIC, 1, strlen(CACHE_MAGIC), out) != strlen(CACHE_MAGIC))
data/qstardict-1.3/plugins/stardict/lib.cpp:680:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
index_size = strlen(p1) + 1 + 2 * sizeof(guint32);
data/qstardict-1.3/plugins/stardict/lib.cpp:844:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p1 += strlen(p1) + 1 + 2 * sizeof(guint32);
data/qstardict-1.3/plugins/stardict/lib.cpp:858:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gchar *p1 = wordlist[idx] + strlen(wordlist[idx]) + sizeof(gchar);
data/qstardict-1.3/plugins/stardict/lib.cpp:1273:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iWordLen = strlen(sWord);
data/qstardict-1.3/plugins/stardict/lib.cpp:1400:25: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(sNewWord, "E"); // add a char "E"
data/qstardict-1.3/plugins/stardict/lib.cpp:1402:25: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(sNewWord, "e"); // add a char "e"
data/qstardict-1.3/plugins/stardict/lib.cpp:1511:21: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(sNewWord, "Y"); // add a char "Y"
data/qstardict-1.3/plugins/stardict/lib.cpp:1513:21: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(sNewWord, "y"); // add a char "y"
data/qstardict-1.3/plugins/stardict/lib.cpp:1538:21: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(sNewWord, "Y"); // add a char "Y"
data/qstardict-1.3/plugins/stardict/lib.cpp:1540:21: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(sNewWord, "y"); // add a char "y"
data/qstardict-1.3/plugins/stardict/stardict.cpp:288:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen(ptr) + 1;
ANALYSIS SUMMARY:
Hits = 119
Lines analyzed = 13962 in approximately 0.36 seconds (38724 lines/second)
Physical Source Lines of Code (SLOC) = 9592
Hits@level = [0] 8 [1] 66 [2] 39 [3] 0 [4] 14 [5] 0
Hits@level+ = [0+] 127 [1+] 119 [2+] 53 [3+] 14 [4+] 14 [5+] 0
Hits/KSLOC@level+ = [0+] 13.2402 [1+] 12.4062 [2+] 5.52544 [3+] 1.45955 [4+] 1.45955 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.