Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tea-50.0.4/calendar.cpp
Examining data/tea-50.0.4/calendar.h
Examining data/tea-50.0.4/document.cpp
Examining data/tea-50.0.4/document.h
Examining data/tea-50.0.4/exif_reader.cpp
Examining data/tea-50.0.4/exif_reader.h
Examining data/tea-50.0.4/fman.cpp
Examining data/tea-50.0.4/fman.h
Examining data/tea-50.0.4/fontbox.cpp
Examining data/tea-50.0.4/fontbox.h
Examining data/tea-50.0.4/gui_utils.cpp
Examining data/tea-50.0.4/gui_utils.h
Examining data/tea-50.0.4/img_viewer.cpp
Examining data/tea-50.0.4/img_viewer.h
Examining data/tea-50.0.4/ioapi.h
Examining data/tea-50.0.4/libretta_calc.cpp
Examining data/tea-50.0.4/libretta_calc.h
Examining data/tea-50.0.4/logmemo.cpp
Examining data/tea-50.0.4/logmemo.h
Examining data/tea-50.0.4/main.cpp
Examining data/tea-50.0.4/minizip_crypt.h
Examining data/tea-50.0.4/myjoystick.cpp
Examining data/tea-50.0.4/myjoystick.h
Examining data/tea-50.0.4/qioapi.cpp
Examining data/tea-50.0.4/quaadler32.cpp
Examining data/tea-50.0.4/quaadler32.h
Examining data/tea-50.0.4/quachecksum32.h
Examining data/tea-50.0.4/quacrc32.cpp
Examining data/tea-50.0.4/quacrc32.h
Examining data/tea-50.0.4/quagzipfile.cpp
Examining data/tea-50.0.4/quagzipfile.h
Examining data/tea-50.0.4/quaziodevice.cpp
Examining data/tea-50.0.4/quaziodevice.h
Examining data/tea-50.0.4/quazip.cpp
Examining data/tea-50.0.4/quazip.h
Examining data/tea-50.0.4/quazip_global.h
Examining data/tea-50.0.4/quazipdir.cpp
Examining data/tea-50.0.4/quazipdir.h
Examining data/tea-50.0.4/quazipfile.cpp
Examining data/tea-50.0.4/quazipfile.h
Examining data/tea-50.0.4/quazipfileinfo.cpp
Examining data/tea-50.0.4/quazipfileinfo.h
Examining data/tea-50.0.4/quazipnewinfo.cpp
Examining data/tea-50.0.4/quazipnewinfo.h
Examining data/tea-50.0.4/rvln.cpp
Examining data/tea-50.0.4/rvln.h
Examining data/tea-50.0.4/shortcuts.cpp
Examining data/tea-50.0.4/shortcuts.h
Examining data/tea-50.0.4/single_application_shared.cpp
Examining data/tea-50.0.4/single_application_shared.h
Examining data/tea-50.0.4/spellchecker.cpp
Examining data/tea-50.0.4/spellchecker.h
Examining data/tea-50.0.4/text-data/tpl_c.c
Examining data/tea-50.0.4/text-data/tpl_cpp.cpp
Examining data/tea-50.0.4/textproc.cpp
Examining data/tea-50.0.4/textproc.h
Examining data/tea-50.0.4/tio.cpp
Examining data/tea-50.0.4/tio.h
Examining data/tea-50.0.4/todo.cpp
Examining data/tea-50.0.4/todo.h
Examining data/tea-50.0.4/tzipper.cpp
Examining data/tea-50.0.4/tzipper.h
Examining data/tea-50.0.4/unzip.c
Examining data/tea-50.0.4/unzip.h
Examining data/tea-50.0.4/utils.cpp
Examining data/tea-50.0.4/utils.h
Examining data/tea-50.0.4/wavinfo.cpp
Examining data/tea-50.0.4/wavinfo.h
Examining data/tea-50.0.4/zip.c
Examining data/tea-50.0.4/zip.h
FINAL RESULTS:
data/tea-50.0.4/rvln.cpp:560:62: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QString lang = settings->value ("spell_lang", QLocale::system().name().left(2)).toString();
data/tea-50.0.4/rvln.cpp:579:84: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
spellchecker = new CHunspellChecker (settings->value ("spell_lang", QLocale::system().name().left(2)).toString(), settings->value ("hunspell_dic_path", "/usr/share/hunspell").toString(), dir_user_dict);
data/tea-50.0.4/rvln.cpp:652:50: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QString lng = settings->value ("lng", QLocale::system().name()).toString().left(2).toLower();
data/tea-50.0.4/rvln.cpp:2441:50: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QString lng = settings->value ("lng", QLocale::system().name()).toString().left(2).toLower();
data/tea-50.0.4/rvln.cpp:3213:26: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QString loc = QLocale::system().name().left (2).toLower();
data/tea-50.0.4/rvln.cpp:4768:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (QLocale::system().name().left(2) == "ru")
data/tea-50.0.4/rvln.cpp:7237:81: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
spellchecker = new CAspellchecker (settings->value ("spell_lang", QLocale::system().name().left(2)).toString());
data/tea-50.0.4/rvln.cpp:7243:84: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
spellchecker = new CHunspellChecker (settings->value ("spell_lang", QLocale::system().name().left(2)).toString(), "/usr/share/hunspell/");
data/tea-50.0.4/rvln.cpp:7947:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sdate = sdate.sprintf ("%02d-%02d-%02d", year, month, day);
data/tea-50.0.4/minizip_crypt.h:116:9: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)(time(NULL) ^ ZCR_SEED2));
data/tea-50.0.4/document.cpp:440:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (! file.open (QFile::WriteOnly | QFile::Text))
data/tea-50.0.4/exif_reader.cpp:151:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
return ((( char *)Long)[0] << 24) | (((uchar *)Long)[1] << 16)
data/tea-50.0.4/exif_reader.cpp:154:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
return ((( char *)Long)[3] << 24) | (((uchar *)Long)[2] << 16)
data/tea-50.0.4/exif_reader.cpp:375:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly))
data/tea-50.0.4/ioapi.h:50:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define fopen64 fopen
data/tea-50.0.4/ioapi.h:55:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define fopen64 fopen
data/tea-50.0.4/minizip_crypt.h:104:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[RAND_HEAD_LEN-2]; /* random header */
data/tea-50.0.4/myjoystick.cpp:32:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (filename.toUtf8().data(), O_NONBLOCK)) == -1)
data/tea-50.0.4/myjoystick.cpp:42:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jname[80];
data/tea-50.0.4/qioapi.cpp:128:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
iodevice->open(desiredMode);
data/tea-50.0.4/quagzipfile.cpp:38:36: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
template<typename FileId> bool open(FileId id,
data/tea-50.0.4/quagzipfile.cpp:40:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gzFile open(int fd, const char *modeString);
data/tea-50.0.4/quagzipfile.cpp:41:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gzFile open(const QString &name, const char *modeString);
data/tea-50.0.4/quagzipfile.cpp:44:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gzFile QuaGzipFilePrivate::open(const QString &name, const char *modeString)
data/tea-50.0.4/quagzipfile.cpp:49:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gzFile QuaGzipFilePrivate::open(int fd, const char *modeString)
data/tea-50.0.4/quagzipfile.cpp:55:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool QuaGzipFilePrivate::open(FileId id, QIODevice::OpenMode mode,
data/tea-50.0.4/quagzipfile.cpp:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modeString[2];
data/tea-50.0.4/quagzipfile.cpp:76:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gzd = open(id, modeString);
data/tea-50.0.4/quagzipfile.cpp:125:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool QuaGzipFile::open(QIODevice::OpenMode mode)
data/tea-50.0.4/quagzipfile.cpp:128:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!d->open(d->fileName, mode, error)) {
data/tea-50.0.4/quagzipfile.cpp:132:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return QIODevice::open(mode);
data/tea-50.0.4/quagzipfile.cpp:135:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool QuaGzipFile::open(int fd, QIODevice::OpenMode mode)
data/tea-50.0.4/quagzipfile.cpp:138:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!d->open(fd, mode, error)) {
data/tea-50.0.4/quagzipfile.cpp:142:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return QIODevice::open(mode);
data/tea-50.0.4/quagzipfile.h:79:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(QIODevice::OpenMode mode);
data/tea-50.0.4/quagzipfile.h:87:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(int fd, QIODevice::OpenMode mode);
data/tea-50.0.4/quaziodevice.cpp:70:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
debug.open(QIODevice::WriteOnly);
data/tea-50.0.4/quaziodevice.cpp:74:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
indebug.open(QIODevice::WriteOnly);
data/tea-50.0.4/quaziodevice.cpp:142:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool QuaZIODevice::open(QIODevice::OpenMode mode)
data/tea-50.0.4/quaziodevice.cpp:164:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return QIODevice::open(mode);
data/tea-50.0.4/quaziodevice.h:79:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(QIODevice::OpenMode mode);
data/tea-50.0.4/quazip.cpp:222:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool QuaZip::open(Mode mode, zlib_filefunc_def* ioApi)
data/tea-50.0.4/quazip.h:193:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(Mode mode, zlib_filefunc_def *ioApi =NULL);
data/tea-50.0.4/quazipfile.cpp:250:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool QuaZipFile::open(OpenMode mode)
data/tea-50.0.4/quazipfile.cpp:252:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(mode, NULL);
data/tea-50.0.4/quazipfile.cpp:255:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool QuaZipFile::open(OpenMode mode, int *method, int *level, bool raw, const char *password)
data/tea-50.0.4/quazipfile.cpp:268:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!p->zip->open(QuaZip::mdUnzip)) {
data/tea-50.0.4/quazipfile.cpp:304:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool QuaZipFile::open(OpenMode mode, const QuaZipNewInfo& info,
data/tea-50.0.4/quazipfile.h:292:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(OpenMode mode);
data/tea-50.0.4/quazipfile.h:298:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inline bool open(OpenMode mode, const char *password)
data/tea-50.0.4/quazipfile.h:299:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{return open(mode, NULL, NULL, false, password);}
data/tea-50.0.4/quazipfile.h:312:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(OpenMode mode, int *method, int *level, bool raw, const char *password =NULL);
data/tea-50.0.4/quazipfile.h:341:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(OpenMode mode, const QuaZipNewInfo& info,
data/tea-50.0.4/rvln.cpp:879:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void rvln::open()
data/tea-50.0.4/rvln.cpp:1169:53: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
connect (openAct, SIGNAL(triggered()), this, SLOT(open()));
data/tea-50.0.4/rvln.cpp:1237:44: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
add_to_menu (fileMenu, tr ("Open"), SLOT(open()), "Ctrl+O", get_theme_icon_fname ("file-open.png"));
data/tea-50.0.4/rvln.cpp:6339:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f.open (QIODevice::ReadOnly))
data/tea-50.0.4/rvln.h:511:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open();
data/tea-50.0.4/single_application_shared.cpp:101:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (to, from, qMin(sharedMemory.size(), byteArray.size()));
data/tea-50.0.4/tio.cpp:131:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (! feol_detector.open (QFile::ReadOnly))
data/tea-50.0.4/tio.cpp:163:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (! file.open (QFile::ReadOnly))
data/tea-50.0.4/tio.cpp:186:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (! file.open (QFile::WriteOnly))
data/tea-50.0.4/tzipper.cpp:39:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (! zip.open (QuaZip::mdCreate))
data/tea-50.0.4/tzipper.cpp:55:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (! inFile.open (QIODevice::ReadOnly))
data/tea-50.0.4/tzipper.cpp:61:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (! outFile.open (QIODevice::WriteOnly, QuaZipNewInfo (outfname, inFile.fileName())))
data/tea-50.0.4/tzipper.cpp:90:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (! zip.open (QuaZip::mdUnzip))
data/tea-50.0.4/tzipper.cpp:104:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (! file.open (QIODevice::ReadOnly))
data/tea-50.0.4/tzipper.cpp:123:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4097];
data/tea-50.0.4/tzipper.cpp:154:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (! zip.open (QuaZip::mdCreate))
data/tea-50.0.4/tzipper.cpp:167:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (! inFile.open (QIODevice::ReadOnly))
data/tea-50.0.4/tzipper.cpp:173:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (! outFile.open (QIODevice::WriteOnly, QuaZipNewInfo (outfname, inFile.fileName())))
data/tea-50.0.4/tzipper.cpp:203:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (! zip.open (QuaZip::mdUnzip))
data/tea-50.0.4/tzipper.cpp:236:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (! file.open (QIODevice::ReadOnly))
data/tea-50.0.4/tzipper.cpp:261:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out.open (QIODevice::WriteOnly);
data/tea-50.0.4/tzipper.cpp:262:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/tea-50.0.4/tzipper.cpp:321:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (! zip.open (QuaZip::mdUnzip))
data/tea-50.0.4/unzip.c:1278:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szCurrentFileName[UNZ_MAXFILENAMEINZIP+1];
data/tea-50.0.4/unzip.c:1492:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source[12];
data/tea-50.0.4/utils.cpp:107:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (! file.open (QFile::WriteOnly | QFile::Text))
data/tea-50.0.4/utils.cpp:122:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (! file.open (QFile::ReadOnly | QFile::Text))
data/tea-50.0.4/utils.cpp:136:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (! file.open (QFile::ReadOnly | QFile::Text))
data/tea-50.0.4/utils.cpp:150:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (! file.open (QFile::ReadOnly))
data/tea-50.0.4/wavinfo.cpp:23:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (! fl.open(QIODevice::ReadOnly))
data/tea-50.0.4/wavinfo.cpp:36:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char riff_type[4];
data/tea-50.0.4/wavinfo.h:10:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chunk_id[4];
data/tea-50.0.4/zip.c:130:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[SIZEDATA_INDATABLOCK];
data/tea-50.0.4/zip.c:301:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8];
data/tea-50.0.4/zip.c:1291:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bufHead[RAND_HEAD_LEN];
data/tea-50.0.4/zip.c:2052:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTmp, p, dataSize + 4);
data/tea-50.0.4/zip.c:2066:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pData, pNewHeader, size);
data/tea-50.0.4/exif_reader.cpp:62:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
data = new QByteArray (file.read (itemlen - 2)); // Read the whole section.
data/tea-50.0.4/myjoystick.cpp:59:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (fd, &js, JS_RETURN) != JS_RETURN)
data/tea-50.0.4/myjoystick.cpp:87:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read (fd, &e, sizeof(e)) > 0)
data/tea-50.0.4/qioapi.cpp:153:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
qint64 ret64 = iodevice->read((char*)buf,size);
data/tea-50.0.4/quaziodevice.cpp:186:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read < maxSize) {
data/tea-50.0.4/quaziodevice.cpp:189:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d->inBufSize = d->io->read(d->inBuf, QUAZIO_INBUFSIZE);
data/tea-50.0.4/quaziodevice.cpp:198:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read < maxSize && d->inBufPos < d->inBufSize) {
data/tea-50.0.4/quaziodevice.cpp:201:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d->zins.next_out = (Bytef *) (data + read);
data/tea-50.0.4/quaziodevice.cpp:202:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d->zins.avail_out = (uInt) (maxSize - read); // hope it's less than 2GB
data/tea-50.0.4/quaziodevice.cpp:213:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/tea-50.0.4/quaziodevice.cpp:223:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
more = d->io->read(d->inBuf + d->inBufSize, QUAZIO_INBUFSIZE - d->inBufSize);
data/tea-50.0.4/quaziodevice.cpp:229:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/tea-50.0.4/quaziodevice.cpp:239:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
indebug.write(data, read);
data/tea-50.0.4/quaziodevice.cpp:241:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/tea-50.0.4/tio.cpp:137:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray block = feol_detector.read (4096);
data/tea-50.0.4/unzip.c:1261:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(szFileName)>=UNZ_MAXFILENAMEINZIP)
data/tea-50.0.4/zip.c:988:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uInt size_filename = (uInt)strlen(filename);
data/tea-50.0.4/zip.c:1138:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_comment = (uInt)strlen(comment);
data/tea-50.0.4/zip.c:1140:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_filename = (uInt)strlen(filename);
data/tea-50.0.4/zip.c:1931:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_global_comment = (uInt)strlen(global_comment);
ANALYSIS SUMMARY:
Hits = 110
Lines analyzed = 32728 in approximately 0.68 seconds (48068 lines/second)
Physical Source Lines of Code (SLOC) = 21287
Hits@level = [0] 1 [1] 20 [2] 80 [3] 1 [4] 9 [5] 0
Hits@level+ = [0+] 111 [1+] 110 [2+] 90 [3+] 10 [4+] 9 [5+] 0
Hits/KSLOC@level+ = [0+] 5.21445 [1+] 5.16747 [2+] 4.22793 [3+] 0.46977 [4+] 0.422793 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.