Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/seafile-client-7.0.10/extensions/applet-connection.cpp Examining data/seafile-client-7.0.10/extensions/applet-connection.h Examining data/seafile-client-7.0.10/extensions/class-factory.cpp Examining data/seafile-client-7.0.10/extensions/class-factory.h Examining data/seafile-client-7.0.10/extensions/commands.cpp Examining data/seafile-client-7.0.10/extensions/commands.h Examining data/seafile-client-7.0.10/extensions/context-menu.cpp Examining data/seafile-client-7.0.10/extensions/dll.cpp Examining data/seafile-client-7.0.10/extensions/ext-common.h Examining data/seafile-client-7.0.10/extensions/ext-utils.cpp Examining data/seafile-client-7.0.10/extensions/ext-utils.h Examining data/seafile-client-7.0.10/extensions/guids.h Examining data/seafile-client-7.0.10/extensions/i18n.cpp Examining data/seafile-client-7.0.10/extensions/i18n.h Examining data/seafile-client-7.0.10/extensions/icon-overlay.cpp Examining data/seafile-client-7.0.10/extensions/log.cpp Examining data/seafile-client-7.0.10/extensions/log.h Examining data/seafile-client-7.0.10/extensions/shell-ext.cpp Examining data/seafile-client-7.0.10/extensions/shell-ext.h Examining data/seafile-client-7.0.10/fsplugin/FinderSync.h Examining data/seafile-client-7.0.10/fsplugin/FinderSyncClient.h Examining data/seafile-client-7.0.10/src/account-info-service.cpp Examining data/seafile-client-7.0.10/src/account-info-service.h Examining data/seafile-client-7.0.10/src/account-mgr.cpp Examining data/seafile-client-7.0.10/src/account-mgr.h Examining data/seafile-client-7.0.10/src/account.cpp Examining data/seafile-client-7.0.10/src/account.h Examining data/seafile-client-7.0.10/src/api/api-client.cpp Examining data/seafile-client-7.0.10/src/api/api-client.h Examining data/seafile-client-7.0.10/src/api/api-error.cpp Examining data/seafile-client-7.0.10/src/api/api-error.h Examining data/seafile-client-7.0.10/src/api/api-request.cpp Examining data/seafile-client-7.0.10/src/api/api-request.h Examining data/seafile-client-7.0.10/src/api/commit-details.cpp Examining data/seafile-client-7.0.10/src/api/commit-details.h Examining data/seafile-client-7.0.10/src/api/contact-share-info.cpp Examining data/seafile-client-7.0.10/src/api/contact-share-info.h Examining data/seafile-client-7.0.10/src/api/event.cpp Examining data/seafile-client-7.0.10/src/api/event.h Examining data/seafile-client-7.0.10/src/api/requests.cpp Examining data/seafile-client-7.0.10/src/api/requests.h Examining data/seafile-client-7.0.10/src/api/server-info.h Examining data/seafile-client-7.0.10/src/api/server-repo.cpp Examining data/seafile-client-7.0.10/src/api/server-repo.h Examining data/seafile-client-7.0.10/src/api/starred-file.cpp Examining data/seafile-client-7.0.10/src/api/starred-file.h Examining data/seafile-client-7.0.10/src/application.cpp Examining data/seafile-client-7.0.10/src/application.h Examining data/seafile-client-7.0.10/src/auto-login-service.cpp Examining data/seafile-client-7.0.10/src/auto-login-service.h Examining data/seafile-client-7.0.10/src/auto-update-service.cpp Examining data/seafile-client-7.0.10/src/auto-update-service.h Examining data/seafile-client-7.0.10/src/avatar-service.cpp Examining data/seafile-client-7.0.10/src/avatar-service.h Examining data/seafile-client-7.0.10/src/certs-mgr.cpp Examining data/seafile-client-7.0.10/src/certs-mgr.h Examining data/seafile-client-7.0.10/src/configurator.cpp Examining data/seafile-client-7.0.10/src/configurator.h Examining data/seafile-client-7.0.10/src/crash-handler.cpp Examining data/seafile-client-7.0.10/src/crash-handler.h Examining data/seafile-client-7.0.10/src/customization-service.cpp Examining data/seafile-client-7.0.10/src/customization-service.h Examining data/seafile-client-7.0.10/src/daemon-mgr.cpp Examining data/seafile-client-7.0.10/src/daemon-mgr.h Examining data/seafile-client-7.0.10/src/events-service.cpp Examining data/seafile-client-7.0.10/src/events-service.h Examining data/seafile-client-7.0.10/src/ext-handler.cpp Examining data/seafile-client-7.0.10/src/ext-handler.h Examining data/seafile-client-7.0.10/src/filebrowser/auto-update-mgr.cpp Examining data/seafile-client-7.0.10/src/filebrowser/auto-update-mgr.h Examining data/seafile-client-7.0.10/src/filebrowser/data-cache.cpp Examining data/seafile-client-7.0.10/src/filebrowser/data-cache.h Examining data/seafile-client-7.0.10/src/filebrowser/data-mgr.cpp Examining data/seafile-client-7.0.10/src/filebrowser/data-mgr.h Examining data/seafile-client-7.0.10/src/filebrowser/file-browser-dialog.cpp Examining data/seafile-client-7.0.10/src/filebrowser/file-browser-dialog.h Examining data/seafile-client-7.0.10/src/filebrowser/file-browser-manager.cpp Examining data/seafile-client-7.0.10/src/filebrowser/file-browser-manager.h Examining data/seafile-client-7.0.10/src/filebrowser/file-browser-requests.cpp Examining data/seafile-client-7.0.10/src/filebrowser/file-browser-requests.h Examining data/seafile-client-7.0.10/src/filebrowser/file-browser-search-tab.cpp Examining data/seafile-client-7.0.10/src/filebrowser/file-browser-search-tab.h Examining data/seafile-client-7.0.10/src/filebrowser/file-table.cpp Examining data/seafile-client-7.0.10/src/filebrowser/file-table.h Examining data/seafile-client-7.0.10/src/filebrowser/progress-dialog.cpp Examining data/seafile-client-7.0.10/src/filebrowser/progress-dialog.h Examining data/seafile-client-7.0.10/src/filebrowser/reliable-upload.cpp Examining data/seafile-client-7.0.10/src/filebrowser/reliable-upload.h Examining data/seafile-client-7.0.10/src/filebrowser/seaf-dirent.cpp Examining data/seafile-client-7.0.10/src/filebrowser/seaf-dirent.h Examining data/seafile-client-7.0.10/src/filebrowser/seafilelink-dialog.cpp Examining data/seafile-client-7.0.10/src/filebrowser/seafilelink-dialog.h Examining data/seafile-client-7.0.10/src/filebrowser/sharedlink-dialog.cpp Examining data/seafile-client-7.0.10/src/filebrowser/sharedlink-dialog.h Examining data/seafile-client-7.0.10/src/filebrowser/tasks.cpp Examining data/seafile-client-7.0.10/src/filebrowser/tasks.h Examining data/seafile-client-7.0.10/src/filebrowser/thumbnail-service.cpp Examining data/seafile-client-7.0.10/src/filebrowser/thumbnail-service.h Examining data/seafile-client-7.0.10/src/filebrowser/transfer-mgr.cpp Examining data/seafile-client-7.0.10/src/filebrowser/transfer-mgr.h Examining data/seafile-client-7.0.10/src/finder-sync/finder-sync-host.cpp Examining data/seafile-client-7.0.10/src/finder-sync/finder-sync-host.h Examining data/seafile-client-7.0.10/src/finder-sync/finder-sync-listener.h Examining data/seafile-client-7.0.10/src/finder-sync/finder-sync.cpp Examining data/seafile-client-7.0.10/src/finder-sync/finder-sync.h Examining data/seafile-client-7.0.10/src/i18n.cpp Examining data/seafile-client-7.0.10/src/i18n.h Examining data/seafile-client-7.0.10/src/log-uploader.cpp Examining data/seafile-client-7.0.10/src/log-uploader.h Examining data/seafile-client-7.0.10/src/mac-sparkle-support.h Examining data/seafile-client-7.0.10/src/message-poller.cpp Examining data/seafile-client-7.0.10/src/message-poller.h Examining data/seafile-client-7.0.10/src/network-mgr.cpp Examining data/seafile-client-7.0.10/src/network-mgr.h Examining data/seafile-client-7.0.10/src/open-local-helper.cpp Examining data/seafile-client-7.0.10/src/open-local-helper.h Examining data/seafile-client-7.0.10/src/repo-service-helper.cpp Examining data/seafile-client-7.0.10/src/repo-service-helper.h Examining data/seafile-client-7.0.10/src/repo-service.cpp Examining data/seafile-client-7.0.10/src/repo-service.h Examining data/seafile-client-7.0.10/src/rpc/clone-task.cpp Examining data/seafile-client-7.0.10/src/rpc/clone-task.h Examining data/seafile-client-7.0.10/src/rpc/local-repo.cpp Examining data/seafile-client-7.0.10/src/rpc/local-repo.h Examining data/seafile-client-7.0.10/src/rpc/rpc-client.cpp Examining data/seafile-client-7.0.10/src/rpc/rpc-client.h Examining data/seafile-client-7.0.10/src/rpc/rpc-server.cpp Examining data/seafile-client-7.0.10/src/rpc/rpc-server.h Examining data/seafile-client-7.0.10/src/rpc/searpc-marshal.h Examining data/seafile-client-7.0.10/src/rpc/searpc-signature.h Examining data/seafile-client-7.0.10/src/rpc/sync-error.cpp Examining data/seafile-client-7.0.10/src/rpc/sync-error.h Examining data/seafile-client-7.0.10/src/seafile-applet.cpp Examining data/seafile-client-7.0.10/src/seafile-applet.h Examining data/seafile-client-7.0.10/src/seahub-notifications-monitor.cpp Examining data/seafile-client-7.0.10/src/seahub-notifications-monitor.h Examining data/seafile-client-7.0.10/src/server-status-service.cpp Examining data/seafile-client-7.0.10/src/server-status-service.h Examining data/seafile-client-7.0.10/src/settings-mgr.cpp Examining data/seafile-client-7.0.10/src/settings-mgr.h Examining data/seafile-client-7.0.10/src/shib/shib-helper.h Examining data/seafile-client-7.0.10/src/shib/shib-login-dialog.cpp Examining data/seafile-client-7.0.10/src/shib/shib-login-dialog.h Examining data/seafile-client-7.0.10/src/sync-error-service.cpp Examining data/seafile-client-7.0.10/src/sync-error-service.h Examining data/seafile-client-7.0.10/src/traynotificationmanager.cpp Examining data/seafile-client-7.0.10/src/traynotificationmanager.h Examining data/seafile-client-7.0.10/src/traynotificationwidget.cpp Examining data/seafile-client-7.0.10/src/traynotificationwidget.h Examining data/seafile-client-7.0.10/src/ui/about-dialog.cpp Examining data/seafile-client-7.0.10/src/ui/about-dialog.h Examining data/seafile-client-7.0.10/src/ui/account-settings-dialog.cpp Examining data/seafile-client-7.0.10/src/ui/account-settings-dialog.h Examining data/seafile-client-7.0.10/src/ui/account-view.cpp Examining data/seafile-client-7.0.10/src/ui/account-view.h Examining data/seafile-client-7.0.10/src/ui/activities-tab.cpp Examining data/seafile-client-7.0.10/src/ui/activities-tab.h Examining data/seafile-client-7.0.10/src/ui/check-repo-root-perm-dialog.cpp Examining data/seafile-client-7.0.10/src/ui/check-repo-root-perm-dialog.h Examining data/seafile-client-7.0.10/src/ui/clone-tasks-dialog.cpp Examining data/seafile-client-7.0.10/src/ui/clone-tasks-dialog.h Examining data/seafile-client-7.0.10/src/ui/clone-tasks-table-model.cpp Examining data/seafile-client-7.0.10/src/ui/clone-tasks-table-model.h Examining data/seafile-client-7.0.10/src/ui/clone-tasks-table-view.cpp Examining data/seafile-client-7.0.10/src/ui/clone-tasks-table-view.h Examining data/seafile-client-7.0.10/src/ui/cloud-view.cpp Examining data/seafile-client-7.0.10/src/ui/cloud-view.h Examining data/seafile-client-7.0.10/src/ui/create-repo-dialog.cpp Examining data/seafile-client-7.0.10/src/ui/create-repo-dialog.h Examining data/seafile-client-7.0.10/src/ui/download-repo-dialog.cpp Examining data/seafile-client-7.0.10/src/ui/download-repo-dialog.h Examining data/seafile-client-7.0.10/src/ui/event-details-dialog.cpp Examining data/seafile-client-7.0.10/src/ui/event-details-dialog.h Examining data/seafile-client-7.0.10/src/ui/event-details-tree.cpp Examining data/seafile-client-7.0.10/src/ui/event-details-tree.h Examining data/seafile-client-7.0.10/src/ui/events-list-view.h Examining data/seafile-client-7.0.10/src/ui/init-seafile-dialog.cpp Examining data/seafile-client-7.0.10/src/ui/init-seafile-dialog.h Examining data/seafile-client-7.0.10/src/ui/init-vdrive-dialog.cpp Examining data/seafile-client-7.0.10/src/ui/init-vdrive-dialog.h Examining data/seafile-client-7.0.10/src/ui/loading-view.cpp Examining data/seafile-client-7.0.10/src/ui/loading-view.h Examining data/seafile-client-7.0.10/src/ui/login-dialog.cpp Examining data/seafile-client-7.0.10/src/ui/login-dialog.h Examining data/seafile-client-7.0.10/src/ui/logout-view.cpp Examining data/seafile-client-7.0.10/src/ui/logout-view.h Examining data/seafile-client-7.0.10/src/ui/main-window.cpp Examining data/seafile-client-7.0.10/src/ui/main-window.h Examining data/seafile-client-7.0.10/src/ui/private-share-dialog.h Examining data/seafile-client-7.0.10/src/ui/proxy-style.cpp Examining data/seafile-client-7.0.10/src/ui/proxy-style.h Examining data/seafile-client-7.0.10/src/ui/repo-detail-dialog.cpp Examining data/seafile-client-7.0.10/src/ui/repo-detail-dialog.h Examining data/seafile-client-7.0.10/src/ui/repo-item-delegate.cpp Examining data/seafile-client-7.0.10/src/ui/repo-item-delegate.h Examining data/seafile-client-7.0.10/src/ui/repo-item.cpp Examining data/seafile-client-7.0.10/src/ui/repo-item.h Examining data/seafile-client-7.0.10/src/ui/repo-tree-model.cpp Examining data/seafile-client-7.0.10/src/ui/repo-tree-model.h Examining data/seafile-client-7.0.10/src/ui/repo-tree-view.cpp Examining data/seafile-client-7.0.10/src/ui/repo-tree-view.h Examining data/seafile-client-7.0.10/src/ui/repos-tab.cpp Examining data/seafile-client-7.0.10/src/ui/repos-tab.h Examining data/seafile-client-7.0.10/src/ui/seafile-tab-widget.cpp Examining data/seafile-client-7.0.10/src/ui/seafile-tab-widget.h Examining data/seafile-client-7.0.10/src/ui/search-bar.cpp Examining data/seafile-client-7.0.10/src/ui/search-bar.h Examining data/seafile-client-7.0.10/src/ui/search-tab-items.cpp Examining data/seafile-client-7.0.10/src/ui/search-tab-items.h Examining data/seafile-client-7.0.10/src/ui/search-tab.cpp Examining data/seafile-client-7.0.10/src/ui/search-tab.h Examining data/seafile-client-7.0.10/src/ui/server-status-dialog.cpp Examining data/seafile-client-7.0.10/src/ui/server-status-dialog.h Examining data/seafile-client-7.0.10/src/ui/set-repo-password-dialog.cpp Examining data/seafile-client-7.0.10/src/ui/set-repo-password-dialog.h Examining data/seafile-client-7.0.10/src/ui/settings-dialog.cpp Examining data/seafile-client-7.0.10/src/ui/settings-dialog.h Examining data/seafile-client-7.0.10/src/ui/ssl-confirm-dialog.cpp Examining data/seafile-client-7.0.10/src/ui/ssl-confirm-dialog.h Examining data/seafile-client-7.0.10/src/ui/starred-file-item-delegate.cpp Examining data/seafile-client-7.0.10/src/ui/starred-file-item-delegate.h Examining data/seafile-client-7.0.10/src/ui/starred-file-item.cpp Examining data/seafile-client-7.0.10/src/ui/starred-file-item.h Examining data/seafile-client-7.0.10/src/ui/starred-files-list-model.cpp Examining data/seafile-client-7.0.10/src/ui/starred-files-list-model.h Examining data/seafile-client-7.0.10/src/ui/starred-files-list-view.cpp Examining data/seafile-client-7.0.10/src/ui/starred-files-list-view.h Examining data/seafile-client-7.0.10/src/ui/starred-files-tab.cpp Examining data/seafile-client-7.0.10/src/ui/starred-files-tab.h Examining data/seafile-client-7.0.10/src/ui/sync-errors-dialog.cpp Examining data/seafile-client-7.0.10/src/ui/sync-errors-dialog.h Examining data/seafile-client-7.0.10/src/ui/tab-view.cpp Examining data/seafile-client-7.0.10/src/ui/tab-view.h Examining data/seafile-client-7.0.10/src/ui/tray-icon.cpp Examining data/seafile-client-7.0.10/src/ui/tray-icon.h Examining data/seafile-client-7.0.10/src/ui/two-factor-dialog.cpp Examining data/seafile-client-7.0.10/src/ui/two-factor-dialog.h Examining data/seafile-client-7.0.10/src/ui/uninstall-helper-dialog.cpp Examining data/seafile-client-7.0.10/src/ui/uninstall-helper-dialog.h Examining data/seafile-client-7.0.10/src/ui/user-name-completer.cpp Examining data/seafile-client-7.0.10/src/ui/user-name-completer.h Examining data/seafile-client-7.0.10/src/ui/events-list-view.cpp Examining data/seafile-client-7.0.10/src/ui/private-share-dialog.cpp Examining data/seafile-client-7.0.10/src/utils/api-utils.cpp Examining data/seafile-client-7.0.10/src/utils/api-utils.h Examining data/seafile-client-7.0.10/src/utils/file-utils.cpp Examining data/seafile-client-7.0.10/src/utils/file-utils.h Examining data/seafile-client-7.0.10/src/utils/json-utils.cpp Examining data/seafile-client-7.0.10/src/utils/json-utils.h Examining data/seafile-client-7.0.10/src/utils/log.c Examining data/seafile-client-7.0.10/src/utils/log.h Examining data/seafile-client-7.0.10/src/utils/paint-utils.cpp Examining data/seafile-client-7.0.10/src/utils/paint-utils.h Examining data/seafile-client-7.0.10/src/utils/process-linux.cpp Examining data/seafile-client-7.0.10/src/utils/process-mac.cpp Examining data/seafile-client-7.0.10/src/utils/process-win.cpp Examining data/seafile-client-7.0.10/src/utils/process.h Examining data/seafile-client-7.0.10/src/utils/registry.cpp Examining data/seafile-client-7.0.10/src/utils/registry.h Examining data/seafile-client-7.0.10/src/utils/rsa.cpp Examining data/seafile-client-7.0.10/src/utils/rsa.h Examining data/seafile-client-7.0.10/src/utils/seafile-error.cpp Examining data/seafile-client-7.0.10/src/utils/seafile-error.h Examining data/seafile-client-7.0.10/src/utils/singleton.h Examining data/seafile-client-7.0.10/src/utils/stl.cpp Examining data/seafile-client-7.0.10/src/utils/stl.h Examining data/seafile-client-7.0.10/src/utils/translate-commit-desc.cpp Examining data/seafile-client-7.0.10/src/utils/translate-commit-desc.h Examining data/seafile-client-7.0.10/src/utils/uninstall-helpers.cpp Examining data/seafile-client-7.0.10/src/utils/uninstall-helpers.h Examining data/seafile-client-7.0.10/src/utils/utils-mac.h Examining data/seafile-client-7.0.10/src/utils/utils-win.cpp Examining data/seafile-client-7.0.10/src/utils/utils-win.h Examining data/seafile-client-7.0.10/src/utils/utils.cpp Examining data/seafile-client-7.0.10/src/utils/utils.h Examining data/seafile-client-7.0.10/src/main.cpp Examining data/seafile-client-7.0.10/tests/test_file-utils.cpp Examining data/seafile-client-7.0.10/tests/test_file-utils.h Examining data/seafile-client-7.0.10/tests/test_server-info.cpp Examining data/seafile-client-7.0.10/tests/test_server-info.h Examining data/seafile-client-7.0.10/tests/test_stl.cpp Examining data/seafile-client-7.0.10/tests/test_stl.h Examining data/seafile-client-7.0.10/tests/test_utils.cpp Examining data/seafile-client-7.0.10/tests/test_utils.h Examining data/seafile-client-7.0.10/third_party/QtAwesome/QtAwesome.cpp Examining data/seafile-client-7.0.10/third_party/QtAwesome/QtAwesome.h FINAL RESULTS: data/seafile-client-7.0.10/src/ui/init-seafile-dialog.cpp:187:29: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. int chmod_return_code = chmod( data/seafile-client-7.0.10/src/utils/process-linux.cpp:28:17: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. ssize_t l = readlink(path, buf, kBUFFSIZE - 1); data/seafile-client-7.0.10/extensions/context-menu.cpp:238:5: [4] (buffer) lstrcpynW: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). lstrcpynW((LPWSTR)pszName, L"This is Seafile help string.", cchMax); data/seafile-client-7.0.10/extensions/log.cpp:65:18: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. length = vsnprintf(buffer, sizeof(buffer), format, params); data/seafile-client-7.0.10/src/i18n.cpp:139:36: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. locales.push_back(QLocale::system()); data/seafile-client-7.0.10/src/i18n.cpp:155:39: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. QLocale sys_locale = QLocale::system(); data/seafile-client-7.0.10/src/rpc/clone-task.cpp:57:22: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. return QString().sprintf(" %lld%%", percentage); data/seafile-client-7.0.10/src/ui/tray-icon.cpp:541:18: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (QLocale::system().name() == "zh_CN") { data/seafile-client-7.0.10/src/utils/uninstall-helpers.cpp:125:5: [4] (buffer) wcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. wcscpy(wpath, path.toStdWString().c_str()); data/seafile-client-7.0.10/src/main.cpp:138:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long (argc, argv, short_options, data/seafile-client-7.0.10/src/seafile-applet.cpp:752:13: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); data/seafile-client-7.0.10/src/utils/utils-win.cpp:32:12: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. hMod = LoadLibrary(TEXT("ntdll.dll")); data/seafile-client-7.0.10/extensions/commands.cpp:67:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/seafile-client-7.0.10/extensions/commands.cpp:135:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/seafile-client-7.0.10/extensions/context-menu.cpp:51:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t path_dir_w[4096]; data/seafile-client-7.0.10/extensions/ext-utils.cpp:124:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_PATH] = {'\0'}; data/seafile-client-7.0.10/extensions/ext-utils.cpp:267:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256] = {0}; data/seafile-client-7.0.10/extensions/ext-utils.cpp:369:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char module_filename[MAX_PATH] = { 0 }; data/seafile-client-7.0.10/extensions/ext-utils.cpp:393:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t dst[4096]; data/seafile-client-7.0.10/extensions/ext-utils.cpp:396:11: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). len = MultiByteToWideChar data/seafile-client-7.0.10/extensions/ext-utils.cpp:414:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst[4096]; data/seafile-client-7.0.10/extensions/ext-utils.cpp:436:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst[4096]; data/seafile-client-7.0.10/extensions/ext-utils.cpp:458:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t dst[4096]; data/seafile-client-7.0.10/extensions/ext-utils.cpp:461:11: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). len = MultiByteToWideChar data/seafile-client-7.0.10/extensions/ext-utils.cpp:494:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_PATH] = {0}; data/seafile-client-7.0.10/extensions/i18n.cpp:15:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char iso639[10]; data/seafile-client-7.0.10/extensions/log.cpp:32:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). log_fp = fopen (log_path.c_str(), "a"); data/seafile-client-7.0.10/extensions/log.cpp:61:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/seafile-client-7.0.10/extensions/log.cpp:71:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/seafile-client-7.0.10/src/api/api-client.cpp:104:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/seafile-client-7.0.10/src/configurator.cpp:122:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!seafile_ini.open(QIODevice::WriteOnly)) { data/seafile-client-7.0.10/src/configurator.cpp:152:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!desktop_ini.open(QIODevice::WriteOnly | QIODevice::Text)) { data/seafile-client-7.0.10/src/configurator.cpp:210:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!seafile_ini.open(QIODevice::ReadOnly | QIODevice::Text)) { data/seafile-client-7.0.10/src/ext-handler.cpp:113:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256] = {0}; data/seafile-client-7.0.10/src/filebrowser/reliable-upload.cpp:123:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file_->open(QIODevice::ReadOnly)) { data/seafile-client-7.0.10/src/filebrowser/reliable-upload.cpp:431:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer->open(QIODevice::ReadOnly); data/seafile-client-7.0.10/src/filebrowser/tasks.cpp:633:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!tmp_file_->open()) { data/seafile-client-7.0.10/src/finder-sync/finder-sync-host.cpp:141:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pos, watch_set_[i].id.toUtf8().data(), 36); data/seafile-client-7.0.10/src/finder-sync/finder-sync-host.cpp:144:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pos, array[i].data(), array[i].size() + 1); data/seafile-client-7.0.10/src/log-uploader.cpp:107:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file->open(QIODevice::ReadOnly)) { data/seafile-client-7.0.10/src/seafile-applet.cpp:154:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bundle.open(QIODevice::WriteOnly); data/seafile-client-7.0.10/src/seafile-applet.cpp:505:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) { data/seafile-client-7.0.10/src/seafile-applet.cpp:761:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!id_file.open(QIODevice::WriteOnly)) { data/seafile-client-7.0.10/src/seafile-applet.cpp:770:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!id_file.open(QIODevice::ReadOnly | QIODevice::Text)) { data/seafile-client-7.0.10/src/settings-mgr.cpp:698:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!system_proxy_txt.open(QIODevice::WriteOnly)) { data/seafile-client-7.0.10/src/ui/init-seafile-dialog.cpp:29:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t drives[MAX_PATH]; data/seafile-client-7.0.10/src/ui/uninstall-helper-dialog.cpp:67:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) { data/seafile-client-7.0.10/src/utils/log.c:40:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/seafile-client-7.0.10/src/utils/log.c:80:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[4096] = {0}; data/seafile-client-7.0.10/src/utils/log.c:81:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(file_name, backup_file->str, backup_file->len); data/seafile-client-7.0.10/src/utils/process-linux.cpp:20:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX]; data/seafile-client-7.0.10/src/utils/process-linux.cpp:26:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[kBUFFSIZE]; data/seafile-client-7.0.10/src/utils/process-linux.cpp:40:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(dir->d_name); data/seafile-client-7.0.10/src/utils/process-win.cpp:25:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/seafile-client-7.0.10/src/utils/process-win.cpp:55:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char process_name[4096] = {0}; data/seafile-client-7.0.10/src/utils/process-win.cpp:119:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAX_PATH]; data/seafile-client-7.0.10/src/utils/process-win.cpp:148:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char process_name[4096] = {0}; data/seafile-client-7.0.10/src/utils/registry.cpp:200:17: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t expanded_buf[MAX_PATH]; data/seafile-client-7.0.10/src/utils/registry.cpp:216:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*)&dword_value_, buf.data(), sizeof(int)); data/seafile-client-7.0.10/src/utils/registry.cpp:222:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*)&value, buf.data(), sizeof(int)); data/seafile-client-7.0.10/src/utils/rsa.cpp:166:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sha1[20]; data/seafile-client-7.0.10/src/utils/stl.h:65:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data_, buffer, size_ * sizeof(char_type)); data/seafile-client-7.0.10/src/utils/stl.h:71:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data_, buffer, size * sizeof(char_type)); data/seafile-client-7.0.10/src/utils/stl.h:82:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data_, string.data(), size_ * sizeof(char_type)); data/seafile-client-7.0.10/src/utils/stl.h:98:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_data, data_, size_ * sizeof(char_type)); data/seafile-client-7.0.10/src/utils/stl.h:110:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_data, data_, size_ * sizeof(char_type)); data/seafile-client-7.0.10/src/utils/uninstall-helpers.cpp:174:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!seafile_ini.open(QIODevice::ReadOnly | QIODevice::Text)) { data/seafile-client-7.0.10/src/utils/utils-win.cpp:284:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32767] = {0}; data/seafile-client-7.0.10/src/utils/utils-win.cpp:293:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char user_name_buf[buf_char_count]; data/seafile-client-7.0.10/src/utils/utils.cpp:340:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_PATH] = {0}; data/seafile-client-7.0.10/src/utils/utils.cpp:364:9: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t applet_path[MAX_PATH]; data/seafile-client-7.0.10/third_party/QtAwesome/QtAwesome.cpp:170:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!res.open(QIODevice::ReadOnly)) { data/seafile-client-7.0.10/extensions/context-menu.cpp:278:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). menuiteminfo.cch = strlen(kMainMenuName); data/seafile-client-7.0.10/extensions/icon-overlay.cpp:23:16: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int wlen = wcslen(ico.get()); data/seafile-client-7.0.10/src/ui/init-seafile-dialog.cpp:38:40: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (p = drives; *p != L'\0'; p += wcslen(p) + 1) { data/seafile-client-7.0.10/src/utils/log.c:17:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *p = (char *)path + strlen(path) - 1; data/seafile-client-7.0.10/src/utils/log.c:50:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(message) > 0 && message[strlen(message) - 1] != '\n') { data/seafile-client-7.0.10/src/utils/log.c:50:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(message) > 0 && message[strlen(message) - 1] != '\n') { data/seafile-client-7.0.10/src/utils/registry.cpp:153:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void RegElement::read() data/seafile-client-7.0.10/src/utils/registry.cpp:276:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). reg.read(); data/seafile-client-7.0.10/src/utils/registry.cpp:313:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). reg.read(); data/seafile-client-7.0.10/src/utils/registry.cpp:344:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). reg.read(); data/seafile-client-7.0.10/src/utils/registry.h:36:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void read(); data/seafile-client-7.0.10/src/utils/rsa.cpp:60:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SHA1_Update(&c, msg, strlen(msg)); data/seafile-client-7.0.10/src/utils/utils-win.cpp:286:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). CryptBinaryToString((BYTE*) input, strlen(input), CRYPT_STRING_BASE64 | CRYPT_STRING_NOCRLF, buf, &retlen); data/seafile-client-7.0.10/src/utils/utils.cpp:259:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *p = (char *)path + strlen(path) - 1; data/seafile-client-7.0.10/src/utils/utils.cpp:298:34: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). DWORD n = sizeof(wchar_t) * (wcslen(path_w) + 1); ANALYSIS SUMMARY: Hits = 87 Lines analyzed = 50985 in approximately 1.05 seconds (48762 lines/second) Physical Source Lines of Code (SLOC) = 40091 Hits@level = [0] 43 [1] 15 [2] 60 [3] 3 [4] 7 [5] 2 Hits@level+ = [0+] 130 [1+] 87 [2+] 72 [3+] 12 [4+] 9 [5+] 2 Hits/KSLOC@level+ = [0+] 3.24262 [1+] 2.17006 [2+] 1.79591 [3+] 0.299319 [4+] 0.224489 [5+] 0.0498865 Dot directories skipped = 3 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.