Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/quassel-0.13.1/3rdparty/miniz/miniz.c Examining data/quassel-0.13.1/3rdparty/sha512/sha512.c Examining data/quassel-0.13.1/3rdparty/sha512/sha512.h Examining data/quassel-0.13.1/dev-notes/blanksettingspage.cpp Examining data/quassel-0.13.1/dev-notes/blanksettingspage.h Examining data/quassel-0.13.1/src/client/abstractmessageprocessor.cpp Examining data/quassel-0.13.1/src/client/abstractmessageprocessor.h Examining data/quassel-0.13.1/src/client/abstractui.h Examining data/quassel-0.13.1/src/client/backlogsettings.h Examining data/quassel-0.13.1/src/client/buffermodel.cpp Examining data/quassel-0.13.1/src/client/buffermodel.h Examining data/quassel-0.13.1/src/client/buffersettings.cpp Examining data/quassel-0.13.1/src/client/buffersettings.h Examining data/quassel-0.13.1/src/client/bufferviewoverlay.h Examining data/quassel-0.13.1/src/client/client.cpp Examining data/quassel-0.13.1/src/client/client.h Examining data/quassel-0.13.1/src/client/clientaliasmanager.cpp Examining data/quassel-0.13.1/src/client/clientaliasmanager.h Examining data/quassel-0.13.1/src/client/clientauthhandler.cpp Examining data/quassel-0.13.1/src/client/clientauthhandler.h Examining data/quassel-0.13.1/src/client/clientbacklogmanager.h Examining data/quassel-0.13.1/src/client/clientbufferviewconfig.cpp Examining data/quassel-0.13.1/src/client/clientbufferviewconfig.h Examining data/quassel-0.13.1/src/client/clientbufferviewmanager.cpp Examining data/quassel-0.13.1/src/client/clientbufferviewmanager.h Examining data/quassel-0.13.1/src/client/clientidentity.cpp Examining data/quassel-0.13.1/src/client/clientidentity.h Examining data/quassel-0.13.1/src/client/clientignorelistmanager.cpp Examining data/quassel-0.13.1/src/client/clientignorelistmanager.h Examining data/quassel-0.13.1/src/client/clientirclisthelper.cpp Examining data/quassel-0.13.1/src/client/clientirclisthelper.h Examining data/quassel-0.13.1/src/client/clientsettings.h Examining data/quassel-0.13.1/src/client/clienttransfer.cpp Examining data/quassel-0.13.1/src/client/clienttransfer.h Examining data/quassel-0.13.1/src/client/clienttransfermanager.cpp Examining data/quassel-0.13.1/src/client/clienttransfermanager.h Examining data/quassel-0.13.1/src/client/clientuserinputhandler.cpp Examining data/quassel-0.13.1/src/client/clientuserinputhandler.h Examining data/quassel-0.13.1/src/client/coreaccount.cpp Examining data/quassel-0.13.1/src/client/coreaccount.h Examining data/quassel-0.13.1/src/client/coreaccountmodel.h Examining data/quassel-0.13.1/src/client/coreconnection.cpp Examining data/quassel-0.13.1/src/client/coreconnection.h Examining data/quassel-0.13.1/src/client/execwrapper.cpp Examining data/quassel-0.13.1/src/client/execwrapper.h Examining data/quassel-0.13.1/src/client/irclistmodel.cpp Examining data/quassel-0.13.1/src/client/irclistmodel.h Examining data/quassel-0.13.1/src/client/messagefilter.h Examining data/quassel-0.13.1/src/client/messagemodel.h Examining data/quassel-0.13.1/src/client/networkmodel.h Examining data/quassel-0.13.1/src/client/selectionmodelsynchronizer.cpp Examining data/quassel-0.13.1/src/client/selectionmodelsynchronizer.h Examining data/quassel-0.13.1/src/client/transfermodel.cpp Examining data/quassel-0.13.1/src/client/transfermodel.h Examining data/quassel-0.13.1/src/client/treemodel.cpp Examining data/quassel-0.13.1/src/client/treemodel.h Examining data/quassel-0.13.1/src/client/coreaccountmodel.cpp Examining data/quassel-0.13.1/src/client/messagemodel.cpp Examining data/quassel-0.13.1/src/client/networkmodel.cpp Examining data/quassel-0.13.1/src/client/clientsettings.cpp Examining data/quassel-0.13.1/src/client/backlogrequester.cpp Examining data/quassel-0.13.1/src/client/backlogrequester.h Examining data/quassel-0.13.1/src/client/bufferviewoverlay.cpp Examining data/quassel-0.13.1/src/client/clientbacklogmanager.cpp Examining data/quassel-0.13.1/src/client/messagefilter.cpp Examining data/quassel-0.13.1/src/common/abstractcliparser.h Examining data/quassel-0.13.1/src/common/abstractsignalwatcher.h Examining data/quassel-0.13.1/src/common/aliasmanager.cpp Examining data/quassel-0.13.1/src/common/aliasmanager.h Examining data/quassel-0.13.1/src/common/authhandler.cpp Examining data/quassel-0.13.1/src/common/authhandler.h Examining data/quassel-0.13.1/src/common/backlogmanager.cpp Examining data/quassel-0.13.1/src/common/backlogmanager.h Examining data/quassel-0.13.1/src/common/basichandler.cpp Examining data/quassel-0.13.1/src/common/basichandler.h Examining data/quassel-0.13.1/src/common/bufferinfo.cpp Examining data/quassel-0.13.1/src/common/bufferinfo.h Examining data/quassel-0.13.1/src/common/buffersyncer.h Examining data/quassel-0.13.1/src/common/bufferviewconfig.h Examining data/quassel-0.13.1/src/common/bufferviewmanager.cpp Examining data/quassel-0.13.1/src/common/bufferviewmanager.h Examining data/quassel-0.13.1/src/common/cliparser.cpp Examining data/quassel-0.13.1/src/common/cliparser.h Examining data/quassel-0.13.1/src/common/compressor.cpp Examining data/quassel-0.13.1/src/common/compressor.h Examining data/quassel-0.13.1/src/common/coreinfo.cpp Examining data/quassel-0.13.1/src/common/coreinfo.h Examining data/quassel-0.13.1/src/common/ctcpevent.cpp Examining data/quassel-0.13.1/src/common/ctcpevent.h Examining data/quassel-0.13.1/src/common/dccconfig.cpp Examining data/quassel-0.13.1/src/common/dccconfig.h Examining data/quassel-0.13.1/src/common/deferredptr.h Examining data/quassel-0.13.1/src/common/event.cpp Examining data/quassel-0.13.1/src/common/event.h Examining data/quassel-0.13.1/src/common/eventmanager.cpp Examining data/quassel-0.13.1/src/common/eventmanager.h Examining data/quassel-0.13.1/src/common/expressionmatch.cpp Examining data/quassel-0.13.1/src/common/expressionmatch.h Examining data/quassel-0.13.1/src/common/expressionmatchtests.cpp Examining data/quassel-0.13.1/src/common/expressionmatchtests.h Examining data/quassel-0.13.1/src/common/highlightrulemanager.cpp Examining data/quassel-0.13.1/src/common/highlightrulemanager.h Examining data/quassel-0.13.1/src/common/identity.cpp Examining data/quassel-0.13.1/src/common/identity.h Examining data/quassel-0.13.1/src/common/ignorelistmanager.cpp Examining data/quassel-0.13.1/src/common/ignorelistmanager.h Examining data/quassel-0.13.1/src/common/internalpeer.cpp Examining data/quassel-0.13.1/src/common/internalpeer.h Examining data/quassel-0.13.1/src/common/irccap.h Examining data/quassel-0.13.1/src/common/ircchannel.cpp Examining data/quassel-0.13.1/src/common/ircchannel.h Examining data/quassel-0.13.1/src/common/ircevent.cpp Examining data/quassel-0.13.1/src/common/ircevent.h Examining data/quassel-0.13.1/src/common/irclisthelper.cpp Examining data/quassel-0.13.1/src/common/irclisthelper.h Examining data/quassel-0.13.1/src/common/ircuser.h Examining data/quassel-0.13.1/src/common/keyevent.cpp Examining data/quassel-0.13.1/src/common/keyevent.h Examining data/quassel-0.13.1/src/common/logbacktrace_unix.cpp Examining data/quassel-0.13.1/src/common/logbacktrace_win.cpp Examining data/quassel-0.13.1/src/common/logger.cpp Examining data/quassel-0.13.1/src/common/logger.h Examining data/quassel-0.13.1/src/common/logmessage.cpp Examining data/quassel-0.13.1/src/common/logmessage.h Examining data/quassel-0.13.1/src/common/mac_utils.cpp Examining data/quassel-0.13.1/src/common/mac_utils.h Examining data/quassel-0.13.1/src/common/main.cpp Examining data/quassel-0.13.1/src/common/message.cpp Examining data/quassel-0.13.1/src/common/message.h Examining data/quassel-0.13.1/src/common/messageevent.cpp Examining data/quassel-0.13.1/src/common/messageevent.h Examining data/quassel-0.13.1/src/common/network.h Examining data/quassel-0.13.1/src/common/networkconfig.cpp Examining data/quassel-0.13.1/src/common/networkconfig.h Examining data/quassel-0.13.1/src/common/networkevent.cpp Examining data/quassel-0.13.1/src/common/networkevent.h Examining data/quassel-0.13.1/src/common/nickhighlightmatcher.cpp Examining data/quassel-0.13.1/src/common/nickhighlightmatcher.h Examining data/quassel-0.13.1/src/common/peer.cpp Examining data/quassel-0.13.1/src/common/peer.h Examining data/quassel-0.13.1/src/common/peerfactory.cpp Examining data/quassel-0.13.1/src/common/peerfactory.h Examining data/quassel-0.13.1/src/common/posixsignalwatcher.cpp Examining data/quassel-0.13.1/src/common/posixsignalwatcher.h Examining data/quassel-0.13.1/src/common/presetnetworks.cpp Examining data/quassel-0.13.1/src/common/presetnetworks.h Examining data/quassel-0.13.1/src/common/protocol.h Examining data/quassel-0.13.1/src/common/protocols/datastream/datastreampeer.cpp Examining data/quassel-0.13.1/src/common/protocols/datastream/datastreampeer.h Examining data/quassel-0.13.1/src/common/protocols/legacy/legacypeer.cpp Examining data/quassel-0.13.1/src/common/protocols/legacy/legacypeer.h Examining data/quassel-0.13.1/src/common/qt5cliparser.cpp Examining data/quassel-0.13.1/src/common/qt5cliparser.h Examining data/quassel-0.13.1/src/common/quassel.cpp Examining data/quassel-0.13.1/src/common/quassel.h Examining data/quassel-0.13.1/src/common/remotepeer.cpp Examining data/quassel-0.13.1/src/common/remotepeer.h Examining data/quassel-0.13.1/src/common/serializers/serializers.h Examining data/quassel-0.13.1/src/common/serializers/serializers.cpp Examining data/quassel-0.13.1/src/common/settings.cpp Examining data/quassel-0.13.1/src/common/settings.h Examining data/quassel-0.13.1/src/common/signalproxy.cpp Examining data/quassel-0.13.1/src/common/signalproxy.h Examining data/quassel-0.13.1/src/common/singleton.h Examining data/quassel-0.13.1/src/common/syncableobject.cpp Examining data/quassel-0.13.1/src/common/syncableobject.h Examining data/quassel-0.13.1/src/common/transfer.cpp Examining data/quassel-0.13.1/src/common/transfer.h Examining data/quassel-0.13.1/src/common/transfermanager.cpp Examining data/quassel-0.13.1/src/common/transfermanager.h Examining data/quassel-0.13.1/src/common/types.cpp Examining data/quassel-0.13.1/src/common/util.cpp Examining data/quassel-0.13.1/src/common/windowssignalwatcher.cpp Examining data/quassel-0.13.1/src/common/windowssignalwatcher.h Examining data/quassel-0.13.1/src/common/buffersyncer.cpp Examining data/quassel-0.13.1/src/common/network.cpp Examining data/quassel-0.13.1/src/common/types.h Examining data/quassel-0.13.1/src/common/bufferviewconfig.cpp Examining data/quassel-0.13.1/src/common/ircuser.cpp Examining data/quassel-0.13.1/src/common/util.h Examining data/quassel-0.13.1/src/core/abstractsqlstorage.cpp Examining data/quassel-0.13.1/src/core/abstractsqlstorage.h Examining data/quassel-0.13.1/src/core/authenticator.cpp Examining data/quassel-0.13.1/src/core/authenticator.h Examining data/quassel-0.13.1/src/core/cipher.cpp Examining data/quassel-0.13.1/src/core/cipher.h Examining data/quassel-0.13.1/src/core/core.h Examining data/quassel-0.13.1/src/core/corealiasmanager.cpp Examining data/quassel-0.13.1/src/core/corealiasmanager.h Examining data/quassel-0.13.1/src/core/coreapplication.cpp Examining data/quassel-0.13.1/src/core/coreapplication.h Examining data/quassel-0.13.1/src/core/coreauthhandler.cpp Examining data/quassel-0.13.1/src/core/coreauthhandler.h Examining data/quassel-0.13.1/src/core/corebacklogmanager.cpp Examining data/quassel-0.13.1/src/core/corebacklogmanager.h Examining data/quassel-0.13.1/src/core/corebasichandler.cpp Examining data/quassel-0.13.1/src/core/corebasichandler.h Examining data/quassel-0.13.1/src/core/corebuffersyncer.h Examining data/quassel-0.13.1/src/core/corebufferviewconfig.cpp Examining data/quassel-0.13.1/src/core/corebufferviewconfig.h Examining data/quassel-0.13.1/src/core/corebufferviewmanager.cpp Examining data/quassel-0.13.1/src/core/corebufferviewmanager.h Examining data/quassel-0.13.1/src/core/coredccconfig.cpp Examining data/quassel-0.13.1/src/core/coredccconfig.h Examining data/quassel-0.13.1/src/core/coreeventmanager.h Examining data/quassel-0.13.1/src/core/corehighlightrulemanager.cpp Examining data/quassel-0.13.1/src/core/corehighlightrulemanager.h Examining data/quassel-0.13.1/src/core/coreidentity.cpp Examining data/quassel-0.13.1/src/core/coreidentity.h Examining data/quassel-0.13.1/src/core/coreignorelistmanager.cpp Examining data/quassel-0.13.1/src/core/coreignorelistmanager.h Examining data/quassel-0.13.1/src/core/coreircchannel.cpp Examining data/quassel-0.13.1/src/core/coreircchannel.h Examining data/quassel-0.13.1/src/core/coreirclisthelper.h Examining data/quassel-0.13.1/src/core/coreircuser.cpp Examining data/quassel-0.13.1/src/core/coreircuser.h Examining data/quassel-0.13.1/src/core/corenetwork.cpp Examining data/quassel-0.13.1/src/core/corenetwork.h Examining data/quassel-0.13.1/src/core/corenetworkconfig.cpp Examining data/quassel-0.13.1/src/core/corenetworkconfig.h Examining data/quassel-0.13.1/src/core/coresession.cpp Examining data/quassel-0.13.1/src/core/coresession.h Examining data/quassel-0.13.1/src/core/coresessioneventprocessor.cpp Examining data/quassel-0.13.1/src/core/coresessioneventprocessor.h Examining data/quassel-0.13.1/src/core/coresettings.cpp Examining data/quassel-0.13.1/src/core/coresettings.h Examining data/quassel-0.13.1/src/core/coretransfer.cpp Examining data/quassel-0.13.1/src/core/coretransfer.h Examining data/quassel-0.13.1/src/core/coretransfermanager.cpp Examining data/quassel-0.13.1/src/core/coretransfermanager.h Examining data/quassel-0.13.1/src/core/coreuserinputhandler.cpp Examining data/quassel-0.13.1/src/core/coreuserinputhandler.h Examining data/quassel-0.13.1/src/core/coreusersettings.h Examining data/quassel-0.13.1/src/core/ctcpparser.cpp Examining data/quassel-0.13.1/src/core/ctcpparser.h Examining data/quassel-0.13.1/src/core/eventstringifier.cpp Examining data/quassel-0.13.1/src/core/eventstringifier.h Examining data/quassel-0.13.1/src/core/identserver.cpp Examining data/quassel-0.13.1/src/core/identserver.h Examining data/quassel-0.13.1/src/core/ircparser.cpp Examining data/quassel-0.13.1/src/core/ircparser.h Examining data/quassel-0.13.1/src/core/ldapauthenticator.cpp Examining data/quassel-0.13.1/src/core/ldapauthenticator.h Examining data/quassel-0.13.1/src/core/netsplit.cpp Examining data/quassel-0.13.1/src/core/netsplit.h Examining data/quassel-0.13.1/src/core/oidentdconfiggenerator.cpp Examining data/quassel-0.13.1/src/core/oidentdconfiggenerator.h Examining data/quassel-0.13.1/src/core/postgresqlstorage.cpp Examining data/quassel-0.13.1/src/core/postgresqlstorage.h Examining data/quassel-0.13.1/src/core/sessionthread.cpp Examining data/quassel-0.13.1/src/core/sessionthread.h Examining data/quassel-0.13.1/src/core/sqlauthenticator.cpp Examining data/quassel-0.13.1/src/core/sqlauthenticator.h Examining data/quassel-0.13.1/src/core/sqlitestorage.cpp Examining data/quassel-0.13.1/src/core/sqlitestorage.h Examining data/quassel-0.13.1/src/core/sslserver.cpp Examining data/quassel-0.13.1/src/core/sslserver.h Examining data/quassel-0.13.1/src/core/storage.cpp Examining data/quassel-0.13.1/src/core/storage.h Examining data/quassel-0.13.1/src/core/core.cpp Examining data/quassel-0.13.1/src/core/coreirclisthelper.cpp Examining data/quassel-0.13.1/src/core/coreusersettings.cpp Examining data/quassel-0.13.1/src/core/corebuffersyncer.cpp Examining data/quassel-0.13.1/src/qtui/aboutdlg.cpp Examining data/quassel-0.13.1/src/qtui/aboutdlg.h Examining data/quassel-0.13.1/src/qtui/awaylogfilter.cpp Examining data/quassel-0.13.1/src/qtui/awaylogfilter.h Examining data/quassel-0.13.1/src/qtui/awaylogview.cpp Examining data/quassel-0.13.1/src/qtui/awaylogview.h Examining data/quassel-0.13.1/src/qtui/bufferwidget.cpp Examining data/quassel-0.13.1/src/qtui/bufferwidget.h Examining data/quassel-0.13.1/src/qtui/channellistdlg.cpp Examining data/quassel-0.13.1/src/qtui/channellistdlg.h Examining data/quassel-0.13.1/src/qtui/chatitem.h Examining data/quassel-0.13.1/src/qtui/chatline.cpp Examining data/quassel-0.13.1/src/qtui/chatline.h Examining data/quassel-0.13.1/src/qtui/chatlinemodel.cpp Examining data/quassel-0.13.1/src/qtui/chatlinemodel.h Examining data/quassel-0.13.1/src/qtui/chatlinemodelitem.h Examining data/quassel-0.13.1/src/qtui/chatmonitorfilter.cpp Examining data/quassel-0.13.1/src/qtui/chatmonitorfilter.h Examining data/quassel-0.13.1/src/qtui/chatmonitorview.cpp Examining data/quassel-0.13.1/src/qtui/chatmonitorview.h Examining data/quassel-0.13.1/src/qtui/chatscene.cpp Examining data/quassel-0.13.1/src/qtui/chatscene.h Examining data/quassel-0.13.1/src/qtui/chatview.h Examining data/quassel-0.13.1/src/qtui/chatviewsearchbar.cpp Examining data/quassel-0.13.1/src/qtui/chatviewsearchbar.h Examining data/quassel-0.13.1/src/qtui/chatviewsearchcontroller.h Examining data/quassel-0.13.1/src/qtui/chatviewsettings.cpp Examining data/quassel-0.13.1/src/qtui/chatviewsettings.h Examining data/quassel-0.13.1/src/qtui/columnhandleitem.cpp Examining data/quassel-0.13.1/src/qtui/columnhandleitem.h Examining data/quassel-0.13.1/src/qtui/coreconfigwizard.cpp Examining data/quassel-0.13.1/src/qtui/coreconfigwizard.h Examining data/quassel-0.13.1/src/qtui/coreconnectdlg.cpp Examining data/quassel-0.13.1/src/qtui/coreconnectdlg.h Examining data/quassel-0.13.1/src/qtui/coreconnectionstatuswidget.cpp Examining data/quassel-0.13.1/src/qtui/coreconnectionstatuswidget.h Examining data/quassel-0.13.1/src/qtui/coreinfodlg.cpp Examining data/quassel-0.13.1/src/qtui/coreinfodlg.h Examining data/quassel-0.13.1/src/qtui/coresessionwidget.cpp Examining data/quassel-0.13.1/src/qtui/coresessionwidget.h Examining data/quassel-0.13.1/src/qtui/debugbufferviewoverlay.cpp Examining data/quassel-0.13.1/src/qtui/debugbufferviewoverlay.h Examining data/quassel-0.13.1/src/qtui/debugconsole.cpp Examining data/quassel-0.13.1/src/qtui/debugconsole.h Examining data/quassel-0.13.1/src/qtui/debuglogdlg.cpp Examining data/quassel-0.13.1/src/qtui/debuglogdlg.h Examining data/quassel-0.13.1/src/qtui/debugmessagemodelfilter.cpp Examining data/quassel-0.13.1/src/qtui/debugmessagemodelfilter.h Examining data/quassel-0.13.1/src/qtui/dockmanagernotificationbackend.cpp Examining data/quassel-0.13.1/src/qtui/dockmanagernotificationbackend.h Examining data/quassel-0.13.1/src/qtui/indicatornotificationbackend.cpp Examining data/quassel-0.13.1/src/qtui/indicatornotificationbackend.h Examining data/quassel-0.13.1/src/qtui/inputwidget.cpp Examining data/quassel-0.13.1/src/qtui/inputwidget.h Examining data/quassel-0.13.1/src/qtui/ircconnectionwizard.cpp Examining data/quassel-0.13.1/src/qtui/ircconnectionwizard.h Examining data/quassel-0.13.1/src/qtui/knotificationbackend.cpp Examining data/quassel-0.13.1/src/qtui/knotificationbackend.h Examining data/quassel-0.13.1/src/qtui/legacysystemtray.cpp Examining data/quassel-0.13.1/src/qtui/legacysystemtray.h Examining data/quassel-0.13.1/src/qtui/mainpage.cpp Examining data/quassel-0.13.1/src/qtui/mainpage.h Examining data/quassel-0.13.1/src/qtui/mainwin.h Examining data/quassel-0.13.1/src/qtui/markerlineitem.cpp Examining data/quassel-0.13.1/src/qtui/markerlineitem.h Examining data/quassel-0.13.1/src/qtui/monoapplication.cpp Examining data/quassel-0.13.1/src/qtui/monoapplication.h Examining data/quassel-0.13.1/src/qtui/msgprocessorstatuswidget.cpp Examining data/quassel-0.13.1/src/qtui/msgprocessorstatuswidget.h Examining data/quassel-0.13.1/src/qtui/nicklistwidget.cpp Examining data/quassel-0.13.1/src/qtui/nicklistwidget.h Examining data/quassel-0.13.1/src/qtui/osxnotificationbackend.h Examining data/quassel-0.13.1/src/qtui/passwordchangedlg.cpp Examining data/quassel-0.13.1/src/qtui/passwordchangedlg.h Examining data/quassel-0.13.1/src/qtui/phononnotificationbackend.cpp Examining data/quassel-0.13.1/src/qtui/phononnotificationbackend.h Examining data/quassel-0.13.1/src/qtui/qtmultimedianotificationbackend.cpp Examining data/quassel-0.13.1/src/qtui/qtmultimedianotificationbackend.h Examining data/quassel-0.13.1/src/qtui/qtui.cpp Examining data/quassel-0.13.1/src/qtui/qtui.h Examining data/quassel-0.13.1/src/qtui/qtuiapplication.cpp Examining data/quassel-0.13.1/src/qtui/qtuiapplication.h Examining data/quassel-0.13.1/src/qtui/qtuimessageprocessor.cpp Examining data/quassel-0.13.1/src/qtui/qtuimessageprocessor.h Examining data/quassel-0.13.1/src/qtui/qtuisettings.cpp Examining data/quassel-0.13.1/src/qtui/qtuisettings.h Examining data/quassel-0.13.1/src/qtui/qtuistyle.cpp Examining data/quassel-0.13.1/src/qtui/qtuistyle.h Examining data/quassel-0.13.1/src/qtui/receivefiledlg.cpp Examining data/quassel-0.13.1/src/qtui/receivefiledlg.h Examining data/quassel-0.13.1/src/qtui/settingsdlg.h Examining data/quassel-0.13.1/src/qtui/settingspagedlg.cpp Examining data/quassel-0.13.1/src/qtui/settingspagedlg.h Examining data/quassel-0.13.1/src/qtui/settingspages/aliasesmodel.cpp Examining data/quassel-0.13.1/src/qtui/settingspages/aliasesmodel.h Examining data/quassel-0.13.1/src/qtui/settingspages/aliasessettingspage.cpp Examining data/quassel-0.13.1/src/qtui/settingspages/aliasessettingspage.h Examining data/quassel-0.13.1/src/qtui/settingspages/appearancesettingspage.cpp Examining data/quassel-0.13.1/src/qtui/settingspages/appearancesettingspage.h Examining data/quassel-0.13.1/src/qtui/settingspages/backlogsettingspage.cpp Examining data/quassel-0.13.1/src/qtui/settingspages/backlogsettingspage.h Examining data/quassel-0.13.1/src/qtui/settingspages/bufferviewsettingspage.h Examining data/quassel-0.13.1/src/qtui/settingspages/chatmonitorsettingspage.h Examining data/quassel-0.13.1/src/qtui/settingspages/chatviewcolorsettingspage.cpp Examining data/quassel-0.13.1/src/qtui/settingspages/chatviewcolorsettingspage.h Examining data/quassel-0.13.1/src/qtui/settingspages/chatviewsettingspage.cpp Examining data/quassel-0.13.1/src/qtui/settingspages/chatviewsettingspage.h Examining data/quassel-0.13.1/src/qtui/settingspages/connectionsettingspage.cpp Examining data/quassel-0.13.1/src/qtui/settingspages/connectionsettingspage.h Examining data/quassel-0.13.1/src/qtui/settingspages/coreaccountsettingspage.cpp Examining data/quassel-0.13.1/src/qtui/settingspages/coreaccountsettingspage.h Examining data/quassel-0.13.1/src/qtui/settingspages/coreconnectionsettingspage.cpp Examining data/quassel-0.13.1/src/qtui/settingspages/coreconnectionsettingspage.h Examining data/quassel-0.13.1/src/qtui/settingspages/corehighlightsettingspage.cpp Examining data/quassel-0.13.1/src/qtui/settingspages/corehighlightsettingspage.h Examining data/quassel-0.13.1/src/qtui/settingspages/dccsettingspage.cpp Examining data/quassel-0.13.1/src/qtui/settingspages/dccsettingspage.h Examining data/quassel-0.13.1/src/qtui/settingspages/highlightsettingspage.cpp Examining data/quassel-0.13.1/src/qtui/settingspages/highlightsettingspage.h Examining data/quassel-0.13.1/src/qtui/settingspages/identitiessettingspage.cpp Examining data/quassel-0.13.1/src/qtui/settingspages/identitiessettingspage.h Examining data/quassel-0.13.1/src/qtui/settingspages/identityeditwidget.cpp Examining data/quassel-0.13.1/src/qtui/settingspages/identityeditwidget.h Examining data/quassel-0.13.1/src/qtui/settingspages/ignorelistmodel.cpp Examining data/quassel-0.13.1/src/qtui/settingspages/ignorelistmodel.h Examining data/quassel-0.13.1/src/qtui/settingspages/ignorelistsettingspage.cpp Examining data/quassel-0.13.1/src/qtui/settingspages/ignorelistsettingspage.h Examining data/quassel-0.13.1/src/qtui/settingspages/inputwidgetsettingspage.cpp Examining data/quassel-0.13.1/src/qtui/settingspages/inputwidgetsettingspage.h Examining data/quassel-0.13.1/src/qtui/settingspages/itemviewsettingspage.cpp Examining data/quassel-0.13.1/src/qtui/settingspages/itemviewsettingspage.h Examining data/quassel-0.13.1/src/qtui/settingspages/keysequencewidget.cpp Examining data/quassel-0.13.1/src/qtui/settingspages/keysequencewidget.h Examining data/quassel-0.13.1/src/qtui/settingspages/networkssettingspage.h Examining data/quassel-0.13.1/src/qtui/settingspages/notificationssettingspage.cpp Examining data/quassel-0.13.1/src/qtui/settingspages/notificationssettingspage.h Examining data/quassel-0.13.1/src/qtui/settingspages/previewbufferview.h Examining data/quassel-0.13.1/src/qtui/settingspages/shortcutsmodel.h Examining data/quassel-0.13.1/src/qtui/settingspages/shortcutssettingspage.cpp Examining data/quassel-0.13.1/src/qtui/settingspages/shortcutssettingspage.h Examining data/quassel-0.13.1/src/qtui/settingspages/sonnetsettingspage.cpp Examining data/quassel-0.13.1/src/qtui/settingspages/sonnetsettingspage.h Examining data/quassel-0.13.1/src/qtui/settingspages/topicwidgetsettingspage.cpp Examining data/quassel-0.13.1/src/qtui/settingspages/topicwidgetsettingspage.h Examining data/quassel-0.13.1/src/qtui/settingspages/networkssettingspage.cpp Examining data/quassel-0.13.1/src/qtui/settingspages/shortcutsmodel.cpp Examining data/quassel-0.13.1/src/qtui/settingspages/bufferviewsettingspage.cpp Examining data/quassel-0.13.1/src/qtui/settingspages/chatmonitorsettingspage.cpp Examining data/quassel-0.13.1/src/qtui/simplenetworkeditor.cpp Examining data/quassel-0.13.1/src/qtui/simplenetworkeditor.h Examining data/quassel-0.13.1/src/qtui/snorenotificationbackend.cpp Examining data/quassel-0.13.1/src/qtui/snorenotificationbackend.h Examining data/quassel-0.13.1/src/qtui/sslinfodlg.cpp Examining data/quassel-0.13.1/src/qtui/sslinfodlg.h Examining data/quassel-0.13.1/src/qtui/statusnotifieritem.cpp Examining data/quassel-0.13.1/src/qtui/statusnotifieritem.h Examining data/quassel-0.13.1/src/qtui/statusnotifieritemdbus.cpp Examining data/quassel-0.13.1/src/qtui/statusnotifieritemdbus.h Examining data/quassel-0.13.1/src/qtui/systemtray.cpp Examining data/quassel-0.13.1/src/qtui/systemtray.h Examining data/quassel-0.13.1/src/qtui/systrayanimationnotificationbackend.cpp Examining data/quassel-0.13.1/src/qtui/systrayanimationnotificationbackend.h Examining data/quassel-0.13.1/src/qtui/systraynotificationbackend.cpp Examining data/quassel-0.13.1/src/qtui/systraynotificationbackend.h Examining data/quassel-0.13.1/src/qtui/taskbarnotificationbackend.cpp Examining data/quassel-0.13.1/src/qtui/taskbarnotificationbackend.h Examining data/quassel-0.13.1/src/qtui/titlesetter.cpp Examining data/quassel-0.13.1/src/qtui/titlesetter.h Examining data/quassel-0.13.1/src/qtui/topicwidget.cpp Examining data/quassel-0.13.1/src/qtui/topicwidget.h Examining data/quassel-0.13.1/src/qtui/verticaldock.cpp Examining data/quassel-0.13.1/src/qtui/verticaldock.h Examining data/quassel-0.13.1/src/qtui/webpreviewitem.cpp Examining data/quassel-0.13.1/src/qtui/webpreviewitem.h Examining data/quassel-0.13.1/src/qtui/chatitem.cpp Examining data/quassel-0.13.1/src/qtui/chatlinemodelitem.cpp Examining data/quassel-0.13.1/src/qtui/mainwin.cpp Examining data/quassel-0.13.1/src/qtui/settingsdlg.cpp Examining data/quassel-0.13.1/src/qtui/chatview.cpp Examining data/quassel-0.13.1/src/qtui/chatviewsearchcontroller.cpp Examining data/quassel-0.13.1/src/uisupport/aboutdata.cpp Examining data/quassel-0.13.1/src/uisupport/aboutdata.h Examining data/quassel-0.13.1/src/uisupport/abstractbuffercontainer.cpp Examining data/quassel-0.13.1/src/uisupport/abstractbuffercontainer.h Examining data/quassel-0.13.1/src/uisupport/abstractitemview.cpp Examining data/quassel-0.13.1/src/uisupport/abstractitemview.h Examining data/quassel-0.13.1/src/uisupport/abstractnotificationbackend.h Examining data/quassel-0.13.1/src/uisupport/action.cpp Examining data/quassel-0.13.1/src/uisupport/action.h Examining data/quassel-0.13.1/src/uisupport/actioncollection.h Examining data/quassel-0.13.1/src/uisupport/bufferhotlistfilter.cpp Examining data/quassel-0.13.1/src/uisupport/bufferhotlistfilter.h Examining data/quassel-0.13.1/src/uisupport/bufferview.cpp Examining data/quassel-0.13.1/src/uisupport/bufferview.h Examining data/quassel-0.13.1/src/uisupport/bufferviewfilter.h Examining data/quassel-0.13.1/src/uisupport/bufferviewoverlayfilter.cpp Examining data/quassel-0.13.1/src/uisupport/bufferviewoverlayfilter.h Examining data/quassel-0.13.1/src/uisupport/clearablelineedit.cpp Examining data/quassel-0.13.1/src/uisupport/clearablelineedit.h Examining data/quassel-0.13.1/src/uisupport/clickable.cpp Examining data/quassel-0.13.1/src/uisupport/clickable.h Examining data/quassel-0.13.1/src/uisupport/clickablelabel.cpp Examining data/quassel-0.13.1/src/uisupport/clickablelabel.h Examining data/quassel-0.13.1/src/uisupport/colorbutton.cpp Examining data/quassel-0.13.1/src/uisupport/colorbutton.h Examining data/quassel-0.13.1/src/uisupport/contextmenuactionprovider.cpp Examining data/quassel-0.13.1/src/uisupport/contextmenuactionprovider.h Examining data/quassel-0.13.1/src/uisupport/flatproxymodel.cpp Examining data/quassel-0.13.1/src/uisupport/flatproxymodel.h Examining data/quassel-0.13.1/src/uisupport/fontselector.cpp Examining data/quassel-0.13.1/src/uisupport/fontselector.h Examining data/quassel-0.13.1/src/uisupport/graphicalui.cpp Examining data/quassel-0.13.1/src/uisupport/graphicalui.h Examining data/quassel-0.13.1/src/uisupport/icon.cpp Examining data/quassel-0.13.1/src/uisupport/icon.h Examining data/quassel-0.13.1/src/uisupport/kcmdlinewrapper.cpp Examining data/quassel-0.13.1/src/uisupport/kcmdlinewrapper.h Examining data/quassel-0.13.1/src/uisupport/multilineedit.cpp Examining data/quassel-0.13.1/src/uisupport/multilineedit.h Examining data/quassel-0.13.1/src/uisupport/networkmodelcontroller.h Examining data/quassel-0.13.1/src/uisupport/nickview.cpp Examining data/quassel-0.13.1/src/uisupport/nickview.h Examining data/quassel-0.13.1/src/uisupport/nickviewfilter.cpp Examining data/quassel-0.13.1/src/uisupport/nickviewfilter.h Examining data/quassel-0.13.1/src/uisupport/qssparser.cpp Examining data/quassel-0.13.1/src/uisupport/qssparser.h Examining data/quassel-0.13.1/src/uisupport/resizingstackedwidget.cpp Examining data/quassel-0.13.1/src/uisupport/resizingstackedwidget.h Examining data/quassel-0.13.1/src/uisupport/settingspage.cpp Examining data/quassel-0.13.1/src/uisupport/settingspage.h Examining data/quassel-0.13.1/src/uisupport/styledlabel.cpp Examining data/quassel-0.13.1/src/uisupport/styledlabel.h Examining data/quassel-0.13.1/src/uisupport/tabcompleter.cpp Examining data/quassel-0.13.1/src/uisupport/tabcompleter.h Examining data/quassel-0.13.1/src/uisupport/toolbaractionprovider.h Examining data/quassel-0.13.1/src/uisupport/treeviewtouch.cpp Examining data/quassel-0.13.1/src/uisupport/treeviewtouch.h Examining data/quassel-0.13.1/src/uisupport/uisettings.cpp Examining data/quassel-0.13.1/src/uisupport/uisettings.h Examining data/quassel-0.13.1/src/uisupport/uistyle.cpp Examining data/quassel-0.13.1/src/uisupport/uistyle.h Examining data/quassel-0.13.1/src/uisupport/networkmodelcontroller.cpp Examining data/quassel-0.13.1/src/uisupport/toolbaractionprovider.cpp Examining data/quassel-0.13.1/src/uisupport/bufferviewfilter.cpp Examining data/quassel-0.13.1/src/uisupport/actioncollection.cpp FINAL RESULTS: data/quassel-0.13.1/3rdparty/sha512/sha512.c:49:25: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define polarssl_printf printf data/quassel-0.13.1/src/core/core.cpp:95:43: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. Quassel::loadTranslation(QLocale::system()); data/quassel-0.13.1/src/qtui/qtui.cpp:58:66: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. Quassel::loadTranslation(uiSettings.value("Locale", QLocale::system()).value<QLocale>()); data/quassel-0.13.1/src/qtui/settingspages/appearancesettingspage.cpp:147:58: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. QLocale locale = uiSettings.value("Locale", QLocale::system()).value<QLocale>(); data/quassel-0.13.1/src/qtui/settingspages/appearancesettingspage.cpp:148:28: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (locale == QLocale::system()) data/quassel-0.13.1/src/qtui/settingspages/appearancesettingspage.cpp:270:27: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. locale = QLocale::system(); data/quassel-0.13.1/3rdparty/miniz/miniz.c:517:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_filename[MZ_ZIP_MAX_ARCHIVE_FILENAME_SIZE]; data/quassel-0.13.1/3rdparty/miniz/miniz.c:518:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_comment[MZ_ZIP_MAX_ARCHIVE_FILE_COMMENT_SIZE]; data/quassel-0.13.1/3rdparty/miniz/miniz.c:932:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char mz_validate_uint16[sizeof(mz_uint16)==2 ? 1 : -1]; data/quassel-0.13.1/3rdparty/miniz/miniz.c:933:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char mz_validate_uint32[sizeof(mz_uint32)==4 ? 1 : -1]; data/quassel-0.13.1/3rdparty/miniz/miniz.c:934:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char mz_validate_uint64[sizeof(mz_uint64)==8 ? 1 : -1]; data/quassel-0.13.1/3rdparty/miniz/miniz.c:1260:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pStream->next_out, pState->m_dict + pState->m_dict_ofs, n); data/quassel-0.13.1/3rdparty/miniz/miniz.c:1280:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pStream->next_out, pState->m_dict + pState->m_dict_ofs, n); data/quassel-0.13.1/3rdparty/miniz/miniz.c:1360:31: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define TINFL_MEMCPY(d, s, l) memcpy(d, s, l) data/quassel-0.13.1/3rdparty/miniz/miniz.c:1949:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(code_sizes_to_pack, &d->m_huff_code_sizes[0][0], num_lit_codes); data/quassel-0.13.1/3rdparty/miniz/miniz.c:1950:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(code_sizes_to_pack + num_lit_codes, &d->m_huff_code_sizes[1][0], num_dist_codes); data/quassel-0.13.1/3rdparty/miniz/miniz.c:2246:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((mz_uint8 *)d->m_pOut_buf + d->m_out_buf_ofs, d->m_output_buf, bytes_to_copy); data/quassel-0.13.1/3rdparty/miniz/miniz.c:2347:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d->m_dict + dst_pos, d->m_pSrc, n); data/quassel-0.13.1/3rdparty/miniz/miniz.c:2349:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d->m_dict + TDEFL_LZ_DICT_SIZE + dst_pos, d->m_pSrc, MZ_MIN(n, (TDEFL_MAX_MATCH_LEN - 1) - dst_pos)); data/quassel-0.13.1/3rdparty/miniz/miniz.c:2625:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((mz_uint8 *)d->m_pOut_buf + d->m_out_buf_ofs, d->m_output_buf + d->m_output_flush_ofs, n); data/quassel-0.13.1/3rdparty/miniz/miniz.c:2753:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((mz_uint8*)p->m_pBuf + p->m_size, pBuf, len); p->m_size = new_size; data/quassel-0.13.1/3rdparty/miniz/miniz.c:2823:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out_buf.m_pBuf, pnghdr, 41); data/quassel-0.13.1/3rdparty/miniz/miniz.c:2885:28: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define MZ_FOPEN(f, m) fopen(f, m) data/quassel-0.13.1/3rdparty/miniz/miniz.c:2901:28: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define MZ_FOPEN(f, m) fopen(f, m) data/quassel-0.13.1/3rdparty/miniz/miniz.c:2933:28: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define MZ_FOPEN(f, m) fopen(f, m) data/quassel-0.13.1/3rdparty/miniz/miniz.c:3026:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((mz_uint8*)pArray->m_p + orig_size * pArray->m_element_size, pElements, n * pArray->m_element_size); data/quassel-0.13.1/3rdparty/miniz/miniz.c:3287:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pBuf, (const mz_uint8 *)pZip->m_pState->m_pMem + file_ofs, s); data/quassel-0.13.1/3rdparty/miniz/miniz.c:3425:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pStat->m_filename, p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE, n); pStat->m_filename[n] = '\0'; data/quassel-0.13.1/3rdparty/miniz/miniz.c:3429:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pStat->m_comment, p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + MZ_READ_LE16(p + MZ_ZIP_CDH_FILENAME_LEN_OFS) + MZ_READ_LE16(p + MZ_ZIP_CDH_EXTRA_LEN_OFS), n); pStat->m_comment[n] = '\0'; data/quassel-0.13.1/3rdparty/miniz/miniz.c:3443:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pFilename, p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE, n); data/quassel-0.13.1/3rdparty/miniz/miniz.c:4021:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((mz_uint8 *)pState->m_pMem + file_ofs, pBuf, n); data/quassel-0.13.1/3rdparty/miniz/miniz.c:4069:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. mz_uint64 cur_ofs = 0; char buf[4096]; MZ_CLEAR_OBJ(buf); data/quassel-0.13.1/3rdparty/miniz/miniz.c:4249:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/quassel-0.13.1/3rdparty/miniz/miniz.c:4686:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(central_header, pSrc_central_header, MZ_ZIP_CENTRAL_DIR_HEADER_SIZE); data/quassel-0.13.1/3rdparty/sha512/sha512.c:186:58: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sha512_process( sha512_context *ctx, const unsigned char data[128] ) data/quassel-0.13.1/3rdparty/sha512/sha512.c:277:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void *) (ctx->buffer + left), input, fill ); data/quassel-0.13.1/3rdparty/sha512/sha512.c:292:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void *) (ctx->buffer + left), input, ilen ); data/quassel-0.13.1/3rdparty/sha512/sha512.c:295:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char sha512_padding[128] = data/quassel-0.13.1/3rdparty/sha512/sha512.c:310:51: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sha512_finish( sha512_context *ctx, unsigned char output[64] ) data/quassel-0.13.1/3rdparty/sha512/sha512.c:314:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char msglen[16]; data/quassel-0.13.1/3rdparty/sha512/sha512.c:348:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sha512( const unsigned char *input, size_t ilen, data/quassel-0.13.1/3rdparty/sha512/sha512.c:349:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char output[64], int is384 ) data/quassel-0.13.1/3rdparty/sha512/sha512.c:364:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int sha512_file( const char *path, unsigned char output[64], int is384 ) data/quassel-0.13.1/3rdparty/sha512/sha512.c:364:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int sha512_file( const char *path, unsigned char output[64], int is384 ) data/quassel-0.13.1/3rdparty/sha512/sha512.c:369:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[1024]; data/quassel-0.13.1/3rdparty/sha512/sha512.c:371:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( ( f = fopen( path, "rb" ) ) == NULL ) data/quassel-0.13.1/3rdparty/sha512/sha512.c:401:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sum[64]; data/quassel-0.13.1/3rdparty/sha512/sha512.c:437:56: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sha512_hmac_finish( sha512_context *ctx, unsigned char output[64] ) data/quassel-0.13.1/3rdparty/sha512/sha512.c:440:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tmpbuf[64]; data/quassel-0.13.1/3rdparty/sha512/sha512.c:466:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sha512_hmac( const unsigned char *key, size_t keylen, data/quassel-0.13.1/3rdparty/sha512/sha512.c:467:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char *input, size_t ilen, data/quassel-0.13.1/3rdparty/sha512/sha512.c:468:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char output[64], int is384 ) data/quassel-0.13.1/3rdparty/sha512/sha512.c:484:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char sha512_test_buf[3][113] = data/quassel-0.13.1/3rdparty/sha512/sha512.c:497:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char sha512_test_sum[6][64] = data/quassel-0.13.1/3rdparty/sha512/sha512.c:553:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char sha512_hmac_test_key[7][26] = data/quassel-0.13.1/3rdparty/sha512/sha512.c:573:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char sha512_hmac_test_buf[7][153] = data/quassel-0.13.1/3rdparty/sha512/sha512.c:599:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char sha512_hmac_test_sum[14][64] = data/quassel-0.13.1/3rdparty/sha512/sha512.c:704:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[1024]; data/quassel-0.13.1/3rdparty/sha512/sha512.c:705:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sha512sum[64]; data/quassel-0.13.1/3rdparty/sha512/sha512.h:63:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[128]; /*!< data block being processed */ data/quassel-0.13.1/3rdparty/sha512/sha512.h:65:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ipad[128]; /*!< HMAC: inner padding */ data/quassel-0.13.1/3rdparty/sha512/sha512.h:66:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char opad[128]; /*!< HMAC: outer padding */ data/quassel-0.13.1/3rdparty/sha512/sha512.h:109:51: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sha512_finish( sha512_context *ctx, unsigned char output[64] ); data/quassel-0.13.1/3rdparty/sha512/sha512.h:131:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sha512( const unsigned char *input, size_t ilen, data/quassel-0.13.1/3rdparty/sha512/sha512.h:132:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char output[64], int is384 ); data/quassel-0.13.1/3rdparty/sha512/sha512.h:143:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int sha512_file( const char *path, unsigned char output[64], int is384 ); data/quassel-0.13.1/3rdparty/sha512/sha512.h:143:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int sha512_file( const char *path, unsigned char output[64], int is384 ); data/quassel-0.13.1/3rdparty/sha512/sha512.h:172:56: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sha512_hmac_finish( sha512_context *ctx, unsigned char output[64] ); data/quassel-0.13.1/3rdparty/sha512/sha512.h:191:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sha512_hmac( const unsigned char *key, size_t keylen, data/quassel-0.13.1/3rdparty/sha512/sha512.h:192:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char *input, size_t ilen, data/quassel-0.13.1/3rdparty/sha512/sha512.h:193:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char output[64], int is384 ); data/quassel-0.13.1/3rdparty/sha512/sha512.h:203:58: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sha512_process( sha512_context *ctx, const unsigned char data[128] ); data/quassel-0.13.1/src/client/clientauthhandler.cpp:556:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char output[64]; data/quassel-0.13.1/src/client/clienttransfer.cpp:81:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!_file->open(QFile::WriteOnly|QFile::Truncate)) { data/quassel-0.13.1/src/common/compressor.cpp:126:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, _readBuffer.constData(), n); data/quassel-0.13.1/src/common/compressor.cpp:149:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_writeBuffer.data() + pos, data, count); data/quassel-0.13.1/src/common/identity.cpp:124:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR infoBuf[128]; data/quassel-0.13.1/src/common/identity.cpp:163:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR infoBuf[128]; data/quassel-0.13.1/src/common/logbacktrace_unix.cpp:42:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dumpFile.open(QIODevice::Append); data/quassel-0.13.1/src/common/logbacktrace_win.cpp:154:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). logFile.open(QIODevice::Append); data/quassel-0.13.1/src/common/logger.cpp:105:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!_logFile.open(QFile::Append|QFile::Unbuffered|QFile::Text)) { data/quassel-0.13.1/src/common/logger.cpp:110:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!_logFile.open(stderr, QFile::WriteOnly|QFile::Unbuffered|QFile::Text)) { data/quassel-0.13.1/src/common/logger.cpp:241:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (dumpFile.open(QIODevice::Append)) { data/quassel-0.13.1/src/common/quassel.cpp:368:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dumpFile.open(QIODevice::Append); data/quassel-0.13.1/src/core/abstractsqlstorage.cpp:106:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!db.open()) { data/quassel-0.13.1/src/core/abstractsqlstorage.cpp:184:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!queryFile.open(QIODevice::ReadOnly | QIODevice::Text)) data/quassel-0.13.1/src/core/abstractsqlstorage.cpp:657:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(stdout, QIODevice::WriteOnly); data/quassel-0.13.1/src/core/oidentdconfiggenerator.cpp:121:49: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!_configFile->isOpen() && !_configFile->open(QIODevice::ReadOnly)) data/quassel-0.13.1/src/core/oidentdconfiggenerator.cpp:147:62: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool not_open = (!_configFile->isOpen() && !_configFile->open(QIODevice::ReadWrite | QIODevice::Text)); data/quassel-0.13.1/src/core/sslserver.cpp:144:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!certFile.open(QIODevice::ReadOnly)) { data/quassel-0.13.1/src/core/sslserver.cpp:177:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!keyFile.open(QIODevice::ReadOnly)) { data/quassel-0.13.1/src/core/storage.cpp:111:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char output[64]; data/quassel-0.13.1/src/qtui/qtui.cpp:377:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!indexFile.open(QFile::WriteOnly|QFile::Truncate)) { data/quassel-0.13.1/src/qtui/qtuistyle.cpp:88:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!settingsQss.open(QFile::WriteOnly|QFile::Truncate)) { data/quassel-0.13.1/src/qtui/settingspages/identityeditwidget.cpp:390:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). keyFile.open(QIODevice::ReadOnly); data/quassel-0.13.1/src/qtui/settingspages/identityeditwidget.cpp:471:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). certFile.open(QIODevice::ReadOnly); data/quassel-0.13.1/src/uisupport/uistyle.cpp:187:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QFile::ReadOnly)) { data/quassel-0.13.1/3rdparty/miniz/miniz.c:3483:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const mz_uint filename_len = (mz_uint)strlen(pFilename); data/quassel-0.13.1/3rdparty/miniz/miniz.c:3505:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_len = strlen(pName); if (name_len > 0xFFFF) return -1; data/quassel-0.13.1/3rdparty/miniz/miniz.c:3506:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). comment_len = pComment ? strlen(pComment) : 0; if (comment_len > 0xFFFF) return -1; data/quassel-0.13.1/3rdparty/miniz/miniz.c:4297:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). archive_name_size = strlen(pArchive_name); data/quassel-0.13.1/3rdparty/miniz/miniz.c:4432:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). archive_name_size = strlen(pArchive_name); data/quassel-0.13.1/src/client/clientauthhandler.cpp:243:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). socket()->read((char *)&reply, 4); data/quassel-0.13.1/src/common/compressor.cpp:120:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). qint64 Compressor::read(char *data, qint64 maxSize) data/quassel-0.13.1/src/common/compressor.cpp:168:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). _readBuffer.append(_socket->read(maxBufferSize - _readBuffer.size())); data/quassel-0.13.1/src/common/compressor.cpp:181:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). _inputBuffer.append(_socket->read(ioBufferSize - _inputBuffer.size())); data/quassel-0.13.1/src/common/compressor.h:64:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). qint64 read(char *data, qint64 maxSize); data/quassel-0.13.1/src/common/main.cpp:79:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(S_IRWXG | S_IRWXO); data/quassel-0.13.1/src/common/posixsignalwatcher.cpp:89:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). auto bytes = ::read(sockfd, &signal, sizeof(signal)); data/quassel-0.13.1/src/common/remotepeer.cpp:228:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). _compressor->read((char*)&_msgSize, 4); data/quassel-0.13.1/src/common/remotepeer.cpp:250:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). qint64 bytesRead = _compressor->read(msg.data(), _msgSize); data/quassel-0.13.1/src/common/syncableobject.cpp:105:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). properties[propName] = prop.read(this); data/quassel-0.13.1/src/core/coreauthhandler.cpp:80:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). socket()->read((char*)&magic, 4); // read the 4 bytes we've just peeked at data/quassel-0.13.1/src/core/coreauthhandler.cpp:86:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). socket()->read((char*)&data, 4); data/quassel-0.13.1/src/core/coretransfer.cpp:149:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QByteArray data = _socket->read(chunkSize); data/quassel-0.13.1/src/core/oidentdconfiggenerator.cpp:145:25: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). mode_t prev_umask = umask(S_IXUSR | S_IWGRP | S_IXGRP | S_IWOTH | S_IXOTH); // == 0133, rw-r--r-- data/quassel-0.13.1/src/core/oidentdconfiggenerator.cpp:149:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(prev_umask); data/quassel-0.13.1/src/qtui/settingspages/identityeditwidget.cpp:391:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QByteArray keyRaw = keyFile.read(2 << 20); data/quassel-0.13.1/src/qtui/settingspages/identityeditwidget.cpp:472:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QByteArray certRaw = certFile.read(2 << 20); ANALYSIS SUMMARY: Hits = 119 Lines analyzed = 110110 in approximately 2.73 seconds (40265 lines/second) Physical Source Lines of Code (SLOC) = 71392 Hits@level = [0] 12 [1] 22 [2] 91 [3] 0 [4] 6 [5] 0 Hits@level+ = [0+] 131 [1+] 119 [2+] 97 [3+] 6 [4+] 6 [5+] 0 Hits/KSLOC@level+ = [0+] 1.83494 [1+] 1.66685 [2+] 1.3587 [3+] 0.084043 [4+] 0.084043 [5+] 0 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.