Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/shelxle-1.0.1179/calculator.h Examining data/shelxle-1.0.1179/window.h Examining data/shelxle-1.0.1179/dsreditwindow.cpp Examining data/shelxle-1.0.1179/dsrgui.h Examining data/shelxle-1.0.1179/psewidget.h Examining data/shelxle-1.0.1179/listfile.h Examining data/shelxle-1.0.1179/fourxle.h Examining data/shelxle-1.0.1179/molecule.h Examining data/shelxle-1.0.1179/chgl.cpp Examining data/shelxle-1.0.1179/fourxle.cpp Examining data/shelxle-1.0.1179/molecule.cpp Examining data/shelxle-1.0.1179/fcvsfo.h Examining data/shelxle-1.0.1179/shx_helper.h Examining data/shelxle-1.0.1179/includeeditor.cpp Examining data/shelxle-1.0.1179/dsrglwindow.h Examining data/shelxle-1.0.1179/eacDlg.cpp Examining data/shelxle-1.0.1179/savehistorywidget.cpp Examining data/shelxle-1.0.1179/highlighter.cpp Examining data/shelxle-1.0.1179/fcvsfo.cpp Examining data/shelxle-1.0.1179/listfile.cpp Examining data/shelxle-1.0.1179/glureplace.h Examining data/shelxle-1.0.1179/ideal_defden.h Examining data/shelxle-1.0.1179/dragdropatomsdlg.cpp Examining data/shelxle-1.0.1179/calculator.cpp Examining data/shelxle-1.0.1179/historywidget.cpp Examining data/shelxle-1.0.1179/WhatsThisAndWhere.cpp Examining data/shelxle-1.0.1179/psewidget.cpp Examining data/shelxle-1.0.1179/highlighter.h Examining data/shelxle-1.0.1179/scatt.h Examining data/shelxle-1.0.1179/qpeakview.h Examining data/shelxle-1.0.1179/ideal_defden.cpp Examining data/shelxle-1.0.1179/plotgraph.cpp Examining data/shelxle-1.0.1179/plotgraph.h Examining data/shelxle-1.0.1179/eacDlg.h Examining data/shelxle-1.0.1179/kissfft/kiss_fft.h Examining data/shelxle-1.0.1179/kissfft/kiss_fftnd.h Examining data/shelxle-1.0.1179/kissfft/kiss_fftnd.c Examining data/shelxle-1.0.1179/kissfft/_kiss_fft_guts.h Examining data/shelxle-1.0.1179/kissfft/kiss_fft.c Examining data/shelxle-1.0.1179/historywidget.h Examining data/shelxle-1.0.1179/codeeditor.h Examining data/shelxle-1.0.1179/dsreditwindow.h Examining data/shelxle-1.0.1179/savehistorywidget.h Examining data/shelxle-1.0.1179/includeeditor.h Examining data/shelxle-1.0.1179/main.cpp Examining data/shelxle-1.0.1179/chgl.h Examining data/shelxle-1.0.1179/dragdropatomsdlg.h Examining data/shelxle-1.0.1179/dsrglwindow.cpp Examining data/shelxle-1.0.1179/qpeakview.cpp Examining data/shelxle-1.0.1179/codeeditor.cpp Examining data/shelxle-1.0.1179/dsrgui.cpp Examining data/shelxle-1.0.1179/itsme.h Examining data/shelxle-1.0.1179/window.cpp FINAL RESULTS: data/shelxle-1.0.1179/chgl.cpp:100:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mconf.open(QIODevice::WriteOnly|QIODevice::Text); data/shelxle-1.0.1179/chgl.cpp:113:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mconf.open(QIODevice::WriteOnly|QIODevice::Text); data/shelxle-1.0.1179/chgl.cpp:126:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). miconf.open(QIODevice::ReadOnly|QIODevice::Text); data/shelxle-1.0.1179/chgl.cpp:174:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). miconf.open(QIODevice::ReadOnly|QIODevice::Text); data/shelxle-1.0.1179/codeeditor.cpp:389:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). kis.open(QIODevice::ReadOnly|QIODevice::Text); data/shelxle-1.0.1179/codeeditor.cpp:933:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cc[10]; data/shelxle-1.0.1179/codeeditor.cpp:999:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cc[10]; data/shelxle-1.0.1179/codeeditor.cpp:1108:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cc[10]; data/shelxle-1.0.1179/codeeditor.cpp:1315:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cc[10]; data/shelxle-1.0.1179/dsreditwindow.cpp:1202:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QFile::ReadOnly | QFile::Text)) { data/shelxle-1.0.1179/dsreditwindow.cpp:1226:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QFile::ReadWrite | QFile::Text)) { data/shelxle-1.0.1179/dsrgui.cpp:599:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). savehist.open(QIODevice::ReadOnly|QIODevice::Text); data/shelxle-1.0.1179/dsrgui.cpp:609:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool success = f.open(QIODevice::WriteOnly|QIODevice::Text); data/shelxle-1.0.1179/dsrgui.cpp:730:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QFile::ReadOnly | QFile::Text)) { data/shelxle-1.0.1179/fcvsfo.cpp:171:5: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f.open(QIODevice::ReadOnly|QIODevice::Text); data/shelxle-1.0.1179/fourxle.cpp:807:5: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f=fopen(filename,"rb"); data/shelxle-1.0.1179/fourxle.cpp:809:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[122]=""; data/shelxle-1.0.1179/fourxle.cpp:1338:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sc[409]; data/shelxle-1.0.1179/fourxle.cpp:1357:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char foname[4096]; data/shelxle-1.0.1179/fourxle.cpp:1358:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fof1name[4096]; data/shelxle-1.0.1179/fourxle.cpp:1376:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(foname,"_fo_densitymap.cube"); data/shelxle-1.0.1179/fourxle.cpp:1377:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fo=fopen(foname,"w"); data/shelxle-1.0.1179/fourxle.cpp:1414:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(fof1name,"_fo-fc_densitymap.cube"); data/shelxle-1.0.1179/fourxle.cpp:1415:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fof1=fopen(fof1name,"w"); data/shelxle-1.0.1179/fourxle.cpp:1458:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[122],*dum=NULL; data/shelxle-1.0.1179/fourxle.cpp:1462:5: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f=fopen(filename,"r"); data/shelxle-1.0.1179/fourxle.cpp:1767:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fxfi.open(QIODevice::ReadOnly|QIODevice::Text); data/shelxle-1.0.1179/fourxle.cpp:1776:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fxfi.open(QIODevice::WriteOnly|QIODevice::Text); data/shelxle-1.0.1179/fourxle.cpp:2946:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f=fopen(contEPSFile->text().toLocal8Bit(),"wt"); data/shelxle-1.0.1179/fourxle.h:237:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char titl[80];/*fcmax=0,f000=0,resmax=99999.0,*/ data/shelxle-1.0.1179/historywidget.cpp:48:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f.open(QIODevice::ReadOnly); data/shelxle-1.0.1179/historywidget.cpp:71:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f.open(QIODevice::ReadOnly); data/shelxle-1.0.1179/historywidget.cpp:273:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). alt.open(QIODevice::ReadOnly|QIODevice::Text); data/shelxle-1.0.1179/historywidget.cpp:301:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (alt.open(QIODevice::ReadOnly)){ data/shelxle-1.0.1179/historywidget.cpp:329:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (alt.open(QIODevice::ReadOnly)){ data/shelxle-1.0.1179/includeeditor.cpp:22:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). p.open(QIODevice::ReadOnly|QIODevice::Text); data/shelxle-1.0.1179/includeeditor.cpp:42:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool success = f.open(QIODevice::WriteOnly|QIODevice::Text); data/shelxle-1.0.1179/kissfft/kiss_fft.c:378:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fout,tmpbuf,sizeof(kiss_fft_cpx)*st->nfft); data/shelxle-1.0.1179/kissfft/kiss_fftnd.c:171:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( st->tmpbuf, fin, sizeof(kiss_fft_cpx) * st->dimprod ); data/shelxle-1.0.1179/listfile.cpp:40:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QFile::ReadOnly | QFile::Text)) { data/shelxle-1.0.1179/main.cpp:26:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *er=fopen(pth.toStdString().c_str(),"at"); data/shelxle-1.0.1179/main.cpp:81:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *er=fopen(pth.toStdString().c_str(),"wt"); data/shelxle-1.0.1179/main.cpp:137:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char x[9]="@ShelXle"; data/shelxle-1.0.1179/molecule.cpp:7238:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *extf=fopen(pth.toStdString().c_str(),"wt"); data/shelxle-1.0.1179/molecule.cpp:7252:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). logshad.open(QFile::Append|QFile::Text); data/shelxle-1.0.1179/savehistorywidget.cpp:25:5: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). p.open(QIODevice::ReadOnly|QIODevice::Text); data/shelxle-1.0.1179/savehistorywidget.cpp:79:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). p.open(QIODevice::ReadOnly|QIODevice::Text); data/shelxle-1.0.1179/savehistorywidget.cpp:97:5: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f.open(QIODevice::ReadOnly|QIODevice::Text); data/shelxle-1.0.1179/savehistorywidget.cpp:102:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool success = f.open(QIODevice::WriteOnly|QIODevice::Text); data/shelxle-1.0.1179/savehistorywidget.cpp:112:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sahi.open(QIODevice::Append|QIODevice::Text); data/shelxle-1.0.1179/savehistorywidget.cpp:182:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sahi.open(QIODevice::ReadOnly|QIODevice::Text); data/shelxle-1.0.1179/scatt.h:10:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char symb[3]; data/shelxle-1.0.1179/scatt.h:365:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *hkl=fopen(hklf.toStdString().c_str(),"rt"); data/shelxle-1.0.1179/scatt.h:368:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[128]; data/shelxle-1.0.1179/scatt.h:384:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fc6=fopen(mfcf.toStdString().c_str(),"wt"); data/shelxle-1.0.1179/scatt.h:435:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chkl[13],cisig[17]; data/shelxle-1.0.1179/window.cpp:1936:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool success = f.open(QIODevice::WriteOnly|QIODevice::Text); data/shelxle-1.0.1179/window.cpp:4217:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (lstf.open(QIODevice::ReadOnly|QIODevice::Text)){ data/shelxle-1.0.1179/window.cpp:4284:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). test.open(QIODevice::ReadOnly|QIODevice::Text); data/shelxle-1.0.1179/window.cpp:4294:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). test.open(QIODevice::ReadOnly|QIODevice::Text); data/shelxle-1.0.1179/window.cpp:4303:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). test.open(QIODevice::ReadOnly|QIODevice::Text); data/shelxle-1.0.1179/window.cpp:4344:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (include.open(QIODevice::ReadOnly|QIODevice::Text)) inst=include.readAll(); data/shelxle-1.0.1179/window.cpp:8722:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (myFile.open(QIODevice::ReadOnly)){ data/shelxle-1.0.1179/window.cpp:8859:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[255] ; data/shelxle-1.0.1179/window.cpp:8861:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname, "molisoclip%04d.png", i); data/shelxle-1.0.1179/window.cpp:9029:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (shxf.open(QIODevice::ReadOnly|QIODevice::Text)){ data/shelxle-1.0.1179/window.cpp:9105:5: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f.open(QIODevice::ReadOnly|QIODevice::Text); data/shelxle-1.0.1179/window.cpp:9116:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool success = f.open(QIODevice::WriteOnly|QIODevice::Text); data/shelxle-1.0.1179/window.cpp:9126:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sahi.open(QIODevice::Append|QIODevice::Text); data/shelxle-1.0.1179/window.cpp:9148:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool success = f.open(QIODevice::WriteOnly|QIODevice::Text); data/shelxle-1.0.1179/window.cpp:11558:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (lstf.open(QIODevice::ReadOnly|QIODevice::Text)){ data/shelxle-1.0.1179/window.cpp:12223:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fin.open(QIODevice::WriteOnly|QIODevice::Text); data/shelxle-1.0.1179/window.cpp:12260:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). test.open(QIODevice::ReadOnly|QIODevice::Text); data/shelxle-1.0.1179/window.cpp:12273:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). test.open(QIODevice::WriteOnly|QIODevice::Text); data/shelxle-1.0.1179/codeeditor.cpp:934:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cc,s1.section(QRegExp("\\d+"),1,-1).toStdString().c_str(),4); data/shelxle-1.0.1179/codeeditor.cpp:935:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (size_t k=0; k<strlen(cc);k++) {r1*=256;r1+=(size_t)cc[k];} data/shelxle-1.0.1179/codeeditor.cpp:1000:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cc,s1.section(QRegExp("\\d+"),1,-1).toStdString().c_str(),4); data/shelxle-1.0.1179/codeeditor.cpp:1001:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (size_t k=0; k<strlen(cc);k++) {r1*=256;r1+=(size_t)cc[k];} data/shelxle-1.0.1179/codeeditor.cpp:1109:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cc,s1.section(QRegExp("\\d+"),1,-1).toStdString().c_str(),4); data/shelxle-1.0.1179/codeeditor.cpp:1110:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (size_t k=0; k<strlen(cc);k++) {r1*=256;r1+=(size_t)cc[k];} data/shelxle-1.0.1179/codeeditor.cpp:1316:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cc,s1.section(QRegExp("\\d+"),1,-1).toStdString().c_str(),4); data/shelxle-1.0.1179/codeeditor.cpp:1317:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (size_t k=0; k<strlen(cc);k++) {r1*=256;r1+=(size_t)cc[k];} data/shelxle-1.0.1179/fourxle.cpp:1340:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len=strlen(s); data/shelxle-1.0.1179/fourxle.cpp:1341:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sc,s,400); data/shelxle-1.0.1179/fourxle.cpp:1349:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((s==NULL)||(count <1)||((size_t)count>strlen(s))) return; data/shelxle-1.0.1179/fourxle.cpp:1360:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len=strlen(filename); data/shelxle-1.0.1179/fourxle.cpp:1374:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(foname,filename,len-4); data/shelxle-1.0.1179/fourxle.cpp:1412:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fof1name,filename,len-4); data/shelxle-1.0.1179/fourxle.cpp:1584:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(line,""); data/shelxle-1.0.1179/molecule.cpp:7239:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fwrite(extensionString,sizeof(char),strlen(extensionString)+1,extf); data/shelxle-1.0.1179/scatt.h:434:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(line)<28) continue; ANALYSIS SUMMARY: Hits = 91 Lines analyzed = 46625 in approximately 1.62 seconds (28803 lines/second) Physical Source Lines of Code (SLOC) = 39682 Hits@level = [0] 243 [1] 17 [2] 74 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 334 [1+] 91 [2+] 74 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 8.41691 [1+] 2.29323 [2+] 1.86483 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.