Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/antimicro-2.23/src/aboutdialog.h Examining data/antimicro-2.23/src/addeditautoprofiledialog.cpp Examining data/antimicro-2.23/src/addeditautoprofiledialog.h Examining data/antimicro-2.23/src/advancebuttondialog.cpp Examining data/antimicro-2.23/src/advancebuttondialog.h Examining data/antimicro-2.23/src/advancestickassignmentdialog.cpp Examining data/antimicro-2.23/src/advancestickassignmentdialog.h Examining data/antimicro-2.23/src/antimicrosettings.cpp Examining data/antimicro-2.23/src/antimicrosettings.h Examining data/antimicro-2.23/src/antkeymapper.cpp Examining data/antimicro-2.23/src/antkeymapper.h Examining data/antimicro-2.23/src/applaunchhelper.cpp Examining data/antimicro-2.23/src/applaunchhelper.h Examining data/antimicro-2.23/src/autoprofileinfo.cpp Examining data/antimicro-2.23/src/autoprofileinfo.h Examining data/antimicro-2.23/src/autoprofilewatcher.cpp Examining data/antimicro-2.23/src/autoprofilewatcher.h Examining data/antimicro-2.23/src/axiseditdialog.cpp Examining data/antimicro-2.23/src/axiseditdialog.h Examining data/antimicro-2.23/src/axisvaluebox.cpp Examining data/antimicro-2.23/src/axisvaluebox.h Examining data/antimicro-2.23/src/buttoneditdialog.cpp Examining data/antimicro-2.23/src/buttoneditdialog.h Examining data/antimicro-2.23/src/capturedwindowinfodialog.cpp Examining data/antimicro-2.23/src/capturedwindowinfodialog.h Examining data/antimicro-2.23/src/commandlineutility.cpp Examining data/antimicro-2.23/src/commandlineutility.h Examining data/antimicro-2.23/src/common.cpp Examining data/antimicro-2.23/src/common.h Examining data/antimicro-2.23/src/dpadcontextmenu.cpp Examining data/antimicro-2.23/src/dpadcontextmenu.h Examining data/antimicro-2.23/src/dpadeditdialog.cpp Examining data/antimicro-2.23/src/dpadeditdialog.h Examining data/antimicro-2.23/src/dpadpushbutton.cpp Examining data/antimicro-2.23/src/dpadpushbutton.h Examining data/antimicro-2.23/src/dpadpushbuttongroup.cpp Examining data/antimicro-2.23/src/dpadpushbuttongroup.h Examining data/antimicro-2.23/src/editalldefaultautoprofiledialog.cpp Examining data/antimicro-2.23/src/editalldefaultautoprofiledialog.h Examining data/antimicro-2.23/src/event.cpp Examining data/antimicro-2.23/src/event.h Examining data/antimicro-2.23/src/eventhandlerfactory.cpp Examining data/antimicro-2.23/src/eventhandlerfactory.h Examining data/antimicro-2.23/src/eventhandlers/baseeventhandler.cpp Examining data/antimicro-2.23/src/eventhandlers/baseeventhandler.h Examining data/antimicro-2.23/src/eventhandlers/uinputeventhandler.cpp Examining data/antimicro-2.23/src/eventhandlers/uinputeventhandler.h Examining data/antimicro-2.23/src/eventhandlers/winsendinputeventhandler.cpp Examining data/antimicro-2.23/src/eventhandlers/winsendinputeventhandler.h Examining data/antimicro-2.23/src/eventhandlers/winvmultieventhandler.cpp Examining data/antimicro-2.23/src/eventhandlers/winvmultieventhandler.h Examining data/antimicro-2.23/src/eventhandlers/xtesteventhandler.cpp Examining data/antimicro-2.23/src/eventhandlers/xtesteventhandler.h Examining data/antimicro-2.23/src/extraprofilesettingsdialog.cpp Examining data/antimicro-2.23/src/extraprofilesettingsdialog.h Examining data/antimicro-2.23/src/flashbuttonwidget.cpp Examining data/antimicro-2.23/src/flashbuttonwidget.h Examining data/antimicro-2.23/src/gamecontroller/gamecontroller.cpp Examining data/antimicro-2.23/src/gamecontroller/gamecontroller.h Examining data/antimicro-2.23/src/gamecontroller/gamecontrollerdpad.cpp Examining data/antimicro-2.23/src/gamecontroller/gamecontrollerdpad.h Examining data/antimicro-2.23/src/gamecontroller/gamecontrollerset.cpp Examining data/antimicro-2.23/src/gamecontroller/gamecontrollerset.h Examining data/antimicro-2.23/src/gamecontroller/gamecontrollertrigger.cpp Examining data/antimicro-2.23/src/gamecontroller/gamecontrollertrigger.h Examining data/antimicro-2.23/src/gamecontroller/gamecontrollertriggerbutton.cpp Examining data/antimicro-2.23/src/gamecontroller/gamecontrollertriggerbutton.h Examining data/antimicro-2.23/src/gamecontrollerexample.cpp Examining data/antimicro-2.23/src/gamecontrollerexample.h Examining data/antimicro-2.23/src/gamecontrollermappingdialog.cpp Examining data/antimicro-2.23/src/gamecontrollermappingdialog.h Examining data/antimicro-2.23/src/inputdaemon.cpp Examining data/antimicro-2.23/src/inputdaemon.h Examining data/antimicro-2.23/src/inputdevice.cpp Examining data/antimicro-2.23/src/inputdevice.h Examining data/antimicro-2.23/src/inputdevicebitarraystatus.cpp Examining data/antimicro-2.23/src/inputdevicebitarraystatus.h Examining data/antimicro-2.23/src/joyaxis.cpp Examining data/antimicro-2.23/src/joyaxis.h Examining data/antimicro-2.23/src/joyaxiscontextmenu.cpp Examining data/antimicro-2.23/src/joyaxiscontextmenu.h Examining data/antimicro-2.23/src/joyaxiswidget.cpp Examining data/antimicro-2.23/src/joyaxiswidget.h Examining data/antimicro-2.23/src/joybutton.cpp Examining data/antimicro-2.23/src/joybutton.h Examining data/antimicro-2.23/src/joybuttoncontextmenu.cpp Examining data/antimicro-2.23/src/joybuttoncontextmenu.h Examining data/antimicro-2.23/src/joybuttonmousehelper.cpp Examining data/antimicro-2.23/src/joybuttonmousehelper.h Examining data/antimicro-2.23/src/joybuttonslot.cpp Examining data/antimicro-2.23/src/joybuttonslot.h Examining data/antimicro-2.23/src/joybuttonstatusbox.cpp Examining data/antimicro-2.23/src/joybuttonstatusbox.h Examining data/antimicro-2.23/src/joybuttontypes/joyaxisbutton.cpp Examining data/antimicro-2.23/src/joybuttontypes/joyaxisbutton.h Examining data/antimicro-2.23/src/joybuttontypes/joycontrolstickbutton.cpp Examining data/antimicro-2.23/src/joybuttontypes/joycontrolstickbutton.h Examining data/antimicro-2.23/src/joybuttontypes/joycontrolstickmodifierbutton.cpp Examining data/antimicro-2.23/src/joybuttontypes/joycontrolstickmodifierbutton.h Examining data/antimicro-2.23/src/joybuttontypes/joydpadbutton.cpp Examining data/antimicro-2.23/src/joybuttontypes/joydpadbutton.h Examining data/antimicro-2.23/src/joybuttontypes/joygradientbutton.cpp Examining data/antimicro-2.23/src/joybuttontypes/joygradientbutton.h Examining data/antimicro-2.23/src/joybuttonwidget.cpp Examining data/antimicro-2.23/src/joybuttonwidget.h Examining data/antimicro-2.23/src/joycontrolstick.cpp Examining data/antimicro-2.23/src/joycontrolstick.h Examining data/antimicro-2.23/src/joycontrolstickbuttonpushbutton.cpp Examining data/antimicro-2.23/src/joycontrolstickbuttonpushbutton.h Examining data/antimicro-2.23/src/joycontrolstickcontextmenu.cpp Examining data/antimicro-2.23/src/joycontrolstickcontextmenu.h Examining data/antimicro-2.23/src/joycontrolstickdirectionstype.h Examining data/antimicro-2.23/src/joycontrolstickeditdialog.cpp Examining data/antimicro-2.23/src/joycontrolstickeditdialog.h Examining data/antimicro-2.23/src/joycontrolstickpushbutton.cpp Examining data/antimicro-2.23/src/joycontrolstickpushbutton.h Examining data/antimicro-2.23/src/joycontrolstickstatusbox.cpp Examining data/antimicro-2.23/src/joycontrolstickstatusbox.h Examining data/antimicro-2.23/src/joydpad.cpp Examining data/antimicro-2.23/src/joydpad.h Examining data/antimicro-2.23/src/joydpadbuttonwidget.cpp Examining data/antimicro-2.23/src/joydpadbuttonwidget.h Examining data/antimicro-2.23/src/joykeyrepeathelper.cpp Examining data/antimicro-2.23/src/joykeyrepeathelper.h Examining data/antimicro-2.23/src/joystick.cpp Examining data/antimicro-2.23/src/joystick.h Examining data/antimicro-2.23/src/joystickstatuswindow.cpp Examining data/antimicro-2.23/src/joystickstatuswindow.h Examining data/antimicro-2.23/src/joytabwidget.cpp Examining data/antimicro-2.23/src/joytabwidget.h Examining data/antimicro-2.23/src/joytabwidgetcontainer.cpp Examining data/antimicro-2.23/src/joytabwidgetcontainer.h Examining data/antimicro-2.23/src/keyboard/virtualkeyboardmousewidget.cpp Examining data/antimicro-2.23/src/keyboard/virtualkeyboardmousewidget.h Examining data/antimicro-2.23/src/keyboard/virtualkeypushbutton.cpp Examining data/antimicro-2.23/src/keyboard/virtualkeypushbutton.h Examining data/antimicro-2.23/src/keyboard/virtualmousepushbutton.cpp Examining data/antimicro-2.23/src/keyboard/virtualmousepushbutton.h Examining data/antimicro-2.23/src/localantimicroserver.cpp Examining data/antimicro-2.23/src/localantimicroserver.h Examining data/antimicro-2.23/src/logger.cpp Examining data/antimicro-2.23/src/logger.h Examining data/antimicro-2.23/src/main.cpp Examining data/antimicro-2.23/src/mainsettingsdialog.cpp Examining data/antimicro-2.23/src/mainsettingsdialog.h Examining data/antimicro-2.23/src/mainwindow.cpp Examining data/antimicro-2.23/src/mainwindow.h Examining data/antimicro-2.23/src/mousedialog/mouseaxissettingsdialog.cpp Examining data/antimicro-2.23/src/mousedialog/mouseaxissettingsdialog.h Examining data/antimicro-2.23/src/mousedialog/mousebuttonsettingsdialog.cpp Examining data/antimicro-2.23/src/mousedialog/mousebuttonsettingsdialog.h Examining data/antimicro-2.23/src/mousedialog/mousecontrolsticksettingsdialog.cpp Examining data/antimicro-2.23/src/mousedialog/mousecontrolsticksettingsdialog.h Examining data/antimicro-2.23/src/mousedialog/mousedpadsettingsdialog.cpp Examining data/antimicro-2.23/src/mousedialog/mousedpadsettingsdialog.h Examining data/antimicro-2.23/src/mousedialog/springmoderegionpreview.cpp Examining data/antimicro-2.23/src/mousedialog/springmoderegionpreview.h Examining data/antimicro-2.23/src/mousedialog/uihelpers/mouseaxissettingsdialoghelper.cpp Examining data/antimicro-2.23/src/mousedialog/uihelpers/mouseaxissettingsdialoghelper.h Examining data/antimicro-2.23/src/mousedialog/uihelpers/mousebuttonsettingsdialoghelper.cpp Examining data/antimicro-2.23/src/mousedialog/uihelpers/mousebuttonsettingsdialoghelper.h Examining data/antimicro-2.23/src/mousedialog/uihelpers/mousecontrolsticksettingsdialoghelper.cpp Examining data/antimicro-2.23/src/mousedialog/uihelpers/mousecontrolsticksettingsdialoghelper.h Examining data/antimicro-2.23/src/mousedialog/uihelpers/mousedpadsettingsdialoghelper.cpp Examining data/antimicro-2.23/src/mousedialog/uihelpers/mousedpadsettingsdialoghelper.h Examining data/antimicro-2.23/src/mousehelper.cpp Examining data/antimicro-2.23/src/mousehelper.h Examining data/antimicro-2.23/src/mousesettingsdialog.cpp Examining data/antimicro-2.23/src/mousesettingsdialog.h Examining data/antimicro-2.23/src/qkeydisplaydialog.cpp Examining data/antimicro-2.23/src/qkeydisplaydialog.h Examining data/antimicro-2.23/src/qtkeymapperbase.cpp Examining data/antimicro-2.23/src/qtkeymapperbase.h Examining data/antimicro-2.23/src/qtuinputkeymapper.cpp Examining data/antimicro-2.23/src/qtuinputkeymapper.h Examining data/antimicro-2.23/src/qtvmultikeymapper.cpp Examining data/antimicro-2.23/src/qtvmultikeymapper.h Examining data/antimicro-2.23/src/qtwinkeymapper.cpp Examining data/antimicro-2.23/src/qtwinkeymapper.h Examining data/antimicro-2.23/src/qtx11keymapper.cpp Examining data/antimicro-2.23/src/qtx11keymapper.h Examining data/antimicro-2.23/src/quicksetdialog.cpp Examining data/antimicro-2.23/src/quicksetdialog.h Examining data/antimicro-2.23/src/sdleventreader.cpp Examining data/antimicro-2.23/src/sdleventreader.h Examining data/antimicro-2.23/src/setaxisthrottledialog.cpp Examining data/antimicro-2.23/src/setaxisthrottledialog.h Examining data/antimicro-2.23/src/setjoystick.cpp Examining data/antimicro-2.23/src/setjoystick.h Examining data/antimicro-2.23/src/setnamesdialog.cpp Examining data/antimicro-2.23/src/setnamesdialog.h Examining data/antimicro-2.23/src/simplekeygrabberbutton.cpp Examining data/antimicro-2.23/src/simplekeygrabberbutton.h Examining data/antimicro-2.23/src/slotitemlistwidget.cpp Examining data/antimicro-2.23/src/slotitemlistwidget.h Examining data/antimicro-2.23/src/springmousemoveinfo.h Examining data/antimicro-2.23/src/stickpushbuttongroup.cpp Examining data/antimicro-2.23/src/stickpushbuttongroup.h Examining data/antimicro-2.23/src/uihelpers/advancebuttondialoghelper.cpp Examining data/antimicro-2.23/src/uihelpers/advancebuttondialoghelper.h Examining data/antimicro-2.23/src/uihelpers/buttoneditdialoghelper.cpp Examining data/antimicro-2.23/src/uihelpers/buttoneditdialoghelper.h Examining data/antimicro-2.23/src/uihelpers/dpadcontextmenuhelper.cpp Examining data/antimicro-2.23/src/uihelpers/dpadcontextmenuhelper.h Examining data/antimicro-2.23/src/uihelpers/dpadeditdialoghelper.cpp Examining data/antimicro-2.23/src/uihelpers/dpadeditdialoghelper.h Examining data/antimicro-2.23/src/uihelpers/gamecontrollermappingdialoghelper.cpp Examining data/antimicro-2.23/src/uihelpers/gamecontrollermappingdialoghelper.h Examining data/antimicro-2.23/src/uihelpers/joyaxiscontextmenuhelper.cpp Examining data/antimicro-2.23/src/uihelpers/joyaxiscontextmenuhelper.h Examining data/antimicro-2.23/src/uihelpers/joycontrolstickcontextmenuhelper.cpp Examining data/antimicro-2.23/src/uihelpers/joycontrolstickcontextmenuhelper.h Examining data/antimicro-2.23/src/uihelpers/joycontrolstickeditdialoghelper.cpp Examining data/antimicro-2.23/src/uihelpers/joycontrolstickeditdialoghelper.h Examining data/antimicro-2.23/src/uihelpers/joytabwidgethelper.cpp Examining data/antimicro-2.23/src/uihelpers/joytabwidgethelper.h Examining data/antimicro-2.23/src/uinputhelper.cpp Examining data/antimicro-2.23/src/uinputhelper.h Examining data/antimicro-2.23/src/unixcapturewindowutility.cpp Examining data/antimicro-2.23/src/unixcapturewindowutility.h Examining data/antimicro-2.23/src/unixwindowinfodialog.cpp Examining data/antimicro-2.23/src/unixwindowinfodialog.h Examining data/antimicro-2.23/src/vdpad.cpp Examining data/antimicro-2.23/src/vdpad.h Examining data/antimicro-2.23/src/winappprofiletimerdialog.cpp Examining data/antimicro-2.23/src/winappprofiletimerdialog.h Examining data/antimicro-2.23/src/winextras.cpp Examining data/antimicro-2.23/src/winextras.h Examining data/antimicro-2.23/src/x11extras.cpp Examining data/antimicro-2.23/src/x11extras.h Examining data/antimicro-2.23/src/xmlconfigmigration.cpp Examining data/antimicro-2.23/src/xmlconfigmigration.h Examining data/antimicro-2.23/src/xmlconfigreader.cpp Examining data/antimicro-2.23/src/xmlconfigreader.h Examining data/antimicro-2.23/src/xmlconfigwriter.cpp Examining data/antimicro-2.23/src/xmlconfigwriter.h Examining data/antimicro-2.23/src/aboutdialog.cpp FINAL RESULTS: data/antimicro-2.23/src/x11extras.cpp:377:27: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. ssize_t len = readlink(tempByteArray.constData(), buf, sizeof(buf)-1); data/antimicro-2.23/src/keyboard/virtualkeyboardmousewidget.cpp:149:18: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (QLocale::system().language() != QLocale::French && data/antimicro-2.23/src/keyboard/virtualkeyboardmousewidget.cpp:150:18: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. QLocale::system().language() != QLocale::German) data/antimicro-2.23/src/keyboard/virtualkeyboardmousewidget.cpp:170:18: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (QLocale::system().language() == QLocale::French || data/antimicro-2.23/src/keyboard/virtualkeyboardmousewidget.cpp:171:18: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. QLocale::system().language() == QLocale::German) data/antimicro-2.23/src/keyboard/virtualkeyboardmousewidget.cpp:183:18: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (QLocale::system().language() == QLocale::French) data/antimicro-2.23/src/main.cpp:486:35: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. QString targetLang = QLocale::system().name(); data/antimicro-2.23/src/mainsettingsdialog.cpp:834:38: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. emit changeLanguage(QLocale::system().name()); data/antimicro-2.23/src/aboutdialog.cpp:94:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). temp.open(QIODevice::Text | QIODevice::ReadOnly); data/antimicro-2.23/src/event.cpp:736:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempstring[256]; data/antimicro-2.23/src/event.cpp:772:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t buffer[50] = {0}; data/antimicro-2.23/src/eventhandlers/uinputeventhandler.cpp:320:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). filehandle = open(tempArray.constData(), O_WRONLY | O_NONBLOCK); data/antimicro-2.23/src/gamecontroller/gamecontroller.cpp:85:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char guidString[65] = {'0'}; data/antimicro-2.23/src/inputdaemon.cpp:196:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char guidString[65] = {'0'}; data/antimicro-2.23/src/inputdaemon.cpp:274:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char guidString[65] = {'0'}; data/antimicro-2.23/src/inputdaemon.cpp:516:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char guidString[65] = {'0'}; data/antimicro-2.23/src/inputdaemon.cpp:611:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char guidString[65] = {'0'}; data/antimicro-2.23/src/joystick.cpp:68:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char guidString[65] = {'0'}; data/antimicro-2.23/src/logger.cpp:374:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). instance->outputFile.open( QIODevice::WriteOnly | QIODevice::Append ); data/antimicro-2.23/src/logger.cpp:387:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). instance->errorFile.open( QIODevice::WriteOnly | QIODevice::Append ); data/antimicro-2.23/src/mainsettingsdialog.cpp:638:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (tempFile.open(QFile::WriteOnly)) data/antimicro-2.23/src/qtwinkeymapper.cpp:258:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cbuf[2] = {'\0', '\0'}; data/antimicro-2.23/src/qtx11keymapper.cpp:350:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char returnstring[256]; data/antimicro-2.23/src/winextras.cpp:267:9: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR filename[MAX_PATH]; data/antimicro-2.23/src/winextras.cpp:349:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t tempverb[6]; data/antimicro-2.23/src/winextras.cpp:350:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t tempfile[antiProgramLocation.length() + 1]; data/antimicro-2.23/src/winextras.cpp:462:9: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR foundWindowTitle[256]; data/antimicro-2.23/src/x11extras.cpp:375:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/antimicro-2.23/src/xmlconfigreader.cpp:92:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). configFile->open(QFile::ReadOnly | QFile::Text); data/antimicro-2.23/src/xmlconfigreader.cpp:119:33: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). configFile->open(QFile::WriteOnly | QFile::Text); data/antimicro-2.23/src/xmlconfigwriter.cpp:58:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). configFile->open(QFile::WriteOnly | QFile::Text); data/antimicro-2.23/src/eventhandlers/uinputeventhandler.cpp:399:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(uidev.name, temp.constData(), UINPUT_MAX_NAME_SIZE); data/antimicro-2.23/src/eventhandlers/uinputeventhandler.cpp:416:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(uidev.name, temp.constData(), UINPUT_MAX_NAME_SIZE); data/antimicro-2.23/src/eventhandlers/uinputeventhandler.cpp:433:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(uidev.name, temp.constData(), UINPUT_MAX_NAME_SIZE); data/antimicro-2.23/src/main.cpp:350:9: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(0); data/antimicro-2.23/src/xmlconfigreader.cpp:79:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(); data/antimicro-2.23/src/xmlconfigreader.cpp:82:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool XMLConfigReader::read() data/antimicro-2.23/src/xmlconfigreader.h:44:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(); ANALYSIS SUMMARY: Hits = 38 Lines analyzed = 62682 in approximately 1.33 seconds (46978 lines/second) Physical Source Lines of Code (SLOC) = 47588 Hits@level = [0] 0 [1] 7 [2] 23 [3] 0 [4] 7 [5] 1 Hits@level+ = [0+] 38 [1+] 38 [2+] 31 [3+] 8 [4+] 8 [5+] 1 Hits/KSLOC@level+ = [0+] 0.798521 [1+] 0.798521 [2+] 0.651425 [3+] 0.16811 [4+] 0.16811 [5+] 0.0210137 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.