Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/antimicro-2.23/src/aboutdialog.h
Examining data/antimicro-2.23/src/addeditautoprofiledialog.cpp
Examining data/antimicro-2.23/src/addeditautoprofiledialog.h
Examining data/antimicro-2.23/src/advancebuttondialog.cpp
Examining data/antimicro-2.23/src/advancebuttondialog.h
Examining data/antimicro-2.23/src/advancestickassignmentdialog.cpp
Examining data/antimicro-2.23/src/advancestickassignmentdialog.h
Examining data/antimicro-2.23/src/antimicrosettings.cpp
Examining data/antimicro-2.23/src/antimicrosettings.h
Examining data/antimicro-2.23/src/antkeymapper.cpp
Examining data/antimicro-2.23/src/antkeymapper.h
Examining data/antimicro-2.23/src/applaunchhelper.cpp
Examining data/antimicro-2.23/src/applaunchhelper.h
Examining data/antimicro-2.23/src/autoprofileinfo.cpp
Examining data/antimicro-2.23/src/autoprofileinfo.h
Examining data/antimicro-2.23/src/autoprofilewatcher.cpp
Examining data/antimicro-2.23/src/autoprofilewatcher.h
Examining data/antimicro-2.23/src/axiseditdialog.cpp
Examining data/antimicro-2.23/src/axiseditdialog.h
Examining data/antimicro-2.23/src/axisvaluebox.cpp
Examining data/antimicro-2.23/src/axisvaluebox.h
Examining data/antimicro-2.23/src/buttoneditdialog.cpp
Examining data/antimicro-2.23/src/buttoneditdialog.h
Examining data/antimicro-2.23/src/capturedwindowinfodialog.cpp
Examining data/antimicro-2.23/src/capturedwindowinfodialog.h
Examining data/antimicro-2.23/src/commandlineutility.cpp
Examining data/antimicro-2.23/src/commandlineutility.h
Examining data/antimicro-2.23/src/common.cpp
Examining data/antimicro-2.23/src/common.h
Examining data/antimicro-2.23/src/dpadcontextmenu.cpp
Examining data/antimicro-2.23/src/dpadcontextmenu.h
Examining data/antimicro-2.23/src/dpadeditdialog.cpp
Examining data/antimicro-2.23/src/dpadeditdialog.h
Examining data/antimicro-2.23/src/dpadpushbutton.cpp
Examining data/antimicro-2.23/src/dpadpushbutton.h
Examining data/antimicro-2.23/src/dpadpushbuttongroup.cpp
Examining data/antimicro-2.23/src/dpadpushbuttongroup.h
Examining data/antimicro-2.23/src/editalldefaultautoprofiledialog.cpp
Examining data/antimicro-2.23/src/editalldefaultautoprofiledialog.h
Examining data/antimicro-2.23/src/event.cpp
Examining data/antimicro-2.23/src/event.h
Examining data/antimicro-2.23/src/eventhandlerfactory.cpp
Examining data/antimicro-2.23/src/eventhandlerfactory.h
Examining data/antimicro-2.23/src/eventhandlers/baseeventhandler.cpp
Examining data/antimicro-2.23/src/eventhandlers/baseeventhandler.h
Examining data/antimicro-2.23/src/eventhandlers/uinputeventhandler.cpp
Examining data/antimicro-2.23/src/eventhandlers/uinputeventhandler.h
Examining data/antimicro-2.23/src/eventhandlers/winsendinputeventhandler.cpp
Examining data/antimicro-2.23/src/eventhandlers/winsendinputeventhandler.h
Examining data/antimicro-2.23/src/eventhandlers/winvmultieventhandler.cpp
Examining data/antimicro-2.23/src/eventhandlers/winvmultieventhandler.h
Examining data/antimicro-2.23/src/eventhandlers/xtesteventhandler.cpp
Examining data/antimicro-2.23/src/eventhandlers/xtesteventhandler.h
Examining data/antimicro-2.23/src/extraprofilesettingsdialog.cpp
Examining data/antimicro-2.23/src/extraprofilesettingsdialog.h
Examining data/antimicro-2.23/src/flashbuttonwidget.cpp
Examining data/antimicro-2.23/src/flashbuttonwidget.h
Examining data/antimicro-2.23/src/gamecontroller/gamecontroller.cpp
Examining data/antimicro-2.23/src/gamecontroller/gamecontroller.h
Examining data/antimicro-2.23/src/gamecontroller/gamecontrollerdpad.cpp
Examining data/antimicro-2.23/src/gamecontroller/gamecontrollerdpad.h
Examining data/antimicro-2.23/src/gamecontroller/gamecontrollerset.cpp
Examining data/antimicro-2.23/src/gamecontroller/gamecontrollerset.h
Examining data/antimicro-2.23/src/gamecontroller/gamecontrollertrigger.cpp
Examining data/antimicro-2.23/src/gamecontroller/gamecontrollertrigger.h
Examining data/antimicro-2.23/src/gamecontroller/gamecontrollertriggerbutton.cpp
Examining data/antimicro-2.23/src/gamecontroller/gamecontrollertriggerbutton.h
Examining data/antimicro-2.23/src/gamecontrollerexample.cpp
Examining data/antimicro-2.23/src/gamecontrollerexample.h
Examining data/antimicro-2.23/src/gamecontrollermappingdialog.cpp
Examining data/antimicro-2.23/src/gamecontrollermappingdialog.h
Examining data/antimicro-2.23/src/inputdaemon.cpp
Examining data/antimicro-2.23/src/inputdaemon.h
Examining data/antimicro-2.23/src/inputdevice.cpp
Examining data/antimicro-2.23/src/inputdevice.h
Examining data/antimicro-2.23/src/inputdevicebitarraystatus.cpp
Examining data/antimicro-2.23/src/inputdevicebitarraystatus.h
Examining data/antimicro-2.23/src/joyaxis.cpp
Examining data/antimicro-2.23/src/joyaxis.h
Examining data/antimicro-2.23/src/joyaxiscontextmenu.cpp
Examining data/antimicro-2.23/src/joyaxiscontextmenu.h
Examining data/antimicro-2.23/src/joyaxiswidget.cpp
Examining data/antimicro-2.23/src/joyaxiswidget.h
Examining data/antimicro-2.23/src/joybutton.cpp
Examining data/antimicro-2.23/src/joybutton.h
Examining data/antimicro-2.23/src/joybuttoncontextmenu.cpp
Examining data/antimicro-2.23/src/joybuttoncontextmenu.h
Examining data/antimicro-2.23/src/joybuttonmousehelper.cpp
Examining data/antimicro-2.23/src/joybuttonmousehelper.h
Examining data/antimicro-2.23/src/joybuttonslot.cpp
Examining data/antimicro-2.23/src/joybuttonslot.h
Examining data/antimicro-2.23/src/joybuttonstatusbox.cpp
Examining data/antimicro-2.23/src/joybuttonstatusbox.h
Examining data/antimicro-2.23/src/joybuttontypes/joyaxisbutton.cpp
Examining data/antimicro-2.23/src/joybuttontypes/joyaxisbutton.h
Examining data/antimicro-2.23/src/joybuttontypes/joycontrolstickbutton.cpp
Examining data/antimicro-2.23/src/joybuttontypes/joycontrolstickbutton.h
Examining data/antimicro-2.23/src/joybuttontypes/joycontrolstickmodifierbutton.cpp
Examining data/antimicro-2.23/src/joybuttontypes/joycontrolstickmodifierbutton.h
Examining data/antimicro-2.23/src/joybuttontypes/joydpadbutton.cpp
Examining data/antimicro-2.23/src/joybuttontypes/joydpadbutton.h
Examining data/antimicro-2.23/src/joybuttontypes/joygradientbutton.cpp
Examining data/antimicro-2.23/src/joybuttontypes/joygradientbutton.h
Examining data/antimicro-2.23/src/joybuttonwidget.cpp
Examining data/antimicro-2.23/src/joybuttonwidget.h
Examining data/antimicro-2.23/src/joycontrolstick.cpp
Examining data/antimicro-2.23/src/joycontrolstick.h
Examining data/antimicro-2.23/src/joycontrolstickbuttonpushbutton.cpp
Examining data/antimicro-2.23/src/joycontrolstickbuttonpushbutton.h
Examining data/antimicro-2.23/src/joycontrolstickcontextmenu.cpp
Examining data/antimicro-2.23/src/joycontrolstickcontextmenu.h
Examining data/antimicro-2.23/src/joycontrolstickdirectionstype.h
Examining data/antimicro-2.23/src/joycontrolstickeditdialog.cpp
Examining data/antimicro-2.23/src/joycontrolstickeditdialog.h
Examining data/antimicro-2.23/src/joycontrolstickpushbutton.cpp
Examining data/antimicro-2.23/src/joycontrolstickpushbutton.h
Examining data/antimicro-2.23/src/joycontrolstickstatusbox.cpp
Examining data/antimicro-2.23/src/joycontrolstickstatusbox.h
Examining data/antimicro-2.23/src/joydpad.cpp
Examining data/antimicro-2.23/src/joydpad.h
Examining data/antimicro-2.23/src/joydpadbuttonwidget.cpp
Examining data/antimicro-2.23/src/joydpadbuttonwidget.h
Examining data/antimicro-2.23/src/joykeyrepeathelper.cpp
Examining data/antimicro-2.23/src/joykeyrepeathelper.h
Examining data/antimicro-2.23/src/joystick.cpp
Examining data/antimicro-2.23/src/joystick.h
Examining data/antimicro-2.23/src/joystickstatuswindow.cpp
Examining data/antimicro-2.23/src/joystickstatuswindow.h
Examining data/antimicro-2.23/src/joytabwidget.cpp
Examining data/antimicro-2.23/src/joytabwidget.h
Examining data/antimicro-2.23/src/joytabwidgetcontainer.cpp
Examining data/antimicro-2.23/src/joytabwidgetcontainer.h
Examining data/antimicro-2.23/src/keyboard/virtualkeyboardmousewidget.cpp
Examining data/antimicro-2.23/src/keyboard/virtualkeyboardmousewidget.h
Examining data/antimicro-2.23/src/keyboard/virtualkeypushbutton.cpp
Examining data/antimicro-2.23/src/keyboard/virtualkeypushbutton.h
Examining data/antimicro-2.23/src/keyboard/virtualmousepushbutton.cpp
Examining data/antimicro-2.23/src/keyboard/virtualmousepushbutton.h
Examining data/antimicro-2.23/src/localantimicroserver.cpp
Examining data/antimicro-2.23/src/localantimicroserver.h
Examining data/antimicro-2.23/src/logger.cpp
Examining data/antimicro-2.23/src/logger.h
Examining data/antimicro-2.23/src/main.cpp
Examining data/antimicro-2.23/src/mainsettingsdialog.cpp
Examining data/antimicro-2.23/src/mainsettingsdialog.h
Examining data/antimicro-2.23/src/mainwindow.cpp
Examining data/antimicro-2.23/src/mainwindow.h
Examining data/antimicro-2.23/src/mousedialog/mouseaxissettingsdialog.cpp
Examining data/antimicro-2.23/src/mousedialog/mouseaxissettingsdialog.h
Examining data/antimicro-2.23/src/mousedialog/mousebuttonsettingsdialog.cpp
Examining data/antimicro-2.23/src/mousedialog/mousebuttonsettingsdialog.h
Examining data/antimicro-2.23/src/mousedialog/mousecontrolsticksettingsdialog.cpp
Examining data/antimicro-2.23/src/mousedialog/mousecontrolsticksettingsdialog.h
Examining data/antimicro-2.23/src/mousedialog/mousedpadsettingsdialog.cpp
Examining data/antimicro-2.23/src/mousedialog/mousedpadsettingsdialog.h
Examining data/antimicro-2.23/src/mousedialog/springmoderegionpreview.cpp
Examining data/antimicro-2.23/src/mousedialog/springmoderegionpreview.h
Examining data/antimicro-2.23/src/mousedialog/uihelpers/mouseaxissettingsdialoghelper.cpp
Examining data/antimicro-2.23/src/mousedialog/uihelpers/mouseaxissettingsdialoghelper.h
Examining data/antimicro-2.23/src/mousedialog/uihelpers/mousebuttonsettingsdialoghelper.cpp
Examining data/antimicro-2.23/src/mousedialog/uihelpers/mousebuttonsettingsdialoghelper.h
Examining data/antimicro-2.23/src/mousedialog/uihelpers/mousecontrolsticksettingsdialoghelper.cpp
Examining data/antimicro-2.23/src/mousedialog/uihelpers/mousecontrolsticksettingsdialoghelper.h
Examining data/antimicro-2.23/src/mousedialog/uihelpers/mousedpadsettingsdialoghelper.cpp
Examining data/antimicro-2.23/src/mousedialog/uihelpers/mousedpadsettingsdialoghelper.h
Examining data/antimicro-2.23/src/mousehelper.cpp
Examining data/antimicro-2.23/src/mousehelper.h
Examining data/antimicro-2.23/src/mousesettingsdialog.cpp
Examining data/antimicro-2.23/src/mousesettingsdialog.h
Examining data/antimicro-2.23/src/qkeydisplaydialog.cpp
Examining data/antimicro-2.23/src/qkeydisplaydialog.h
Examining data/antimicro-2.23/src/qtkeymapperbase.cpp
Examining data/antimicro-2.23/src/qtkeymapperbase.h
Examining data/antimicro-2.23/src/qtuinputkeymapper.cpp
Examining data/antimicro-2.23/src/qtuinputkeymapper.h
Examining data/antimicro-2.23/src/qtvmultikeymapper.cpp
Examining data/antimicro-2.23/src/qtvmultikeymapper.h
Examining data/antimicro-2.23/src/qtwinkeymapper.cpp
Examining data/antimicro-2.23/src/qtwinkeymapper.h
Examining data/antimicro-2.23/src/qtx11keymapper.cpp
Examining data/antimicro-2.23/src/qtx11keymapper.h
Examining data/antimicro-2.23/src/quicksetdialog.cpp
Examining data/antimicro-2.23/src/quicksetdialog.h
Examining data/antimicro-2.23/src/sdleventreader.cpp
Examining data/antimicro-2.23/src/sdleventreader.h
Examining data/antimicro-2.23/src/setaxisthrottledialog.cpp
Examining data/antimicro-2.23/src/setaxisthrottledialog.h
Examining data/antimicro-2.23/src/setjoystick.cpp
Examining data/antimicro-2.23/src/setjoystick.h
Examining data/antimicro-2.23/src/setnamesdialog.cpp
Examining data/antimicro-2.23/src/setnamesdialog.h
Examining data/antimicro-2.23/src/simplekeygrabberbutton.cpp
Examining data/antimicro-2.23/src/simplekeygrabberbutton.h
Examining data/antimicro-2.23/src/slotitemlistwidget.cpp
Examining data/antimicro-2.23/src/slotitemlistwidget.h
Examining data/antimicro-2.23/src/springmousemoveinfo.h
Examining data/antimicro-2.23/src/stickpushbuttongroup.cpp
Examining data/antimicro-2.23/src/stickpushbuttongroup.h
Examining data/antimicro-2.23/src/uihelpers/advancebuttondialoghelper.cpp
Examining data/antimicro-2.23/src/uihelpers/advancebuttondialoghelper.h
Examining data/antimicro-2.23/src/uihelpers/buttoneditdialoghelper.cpp
Examining data/antimicro-2.23/src/uihelpers/buttoneditdialoghelper.h
Examining data/antimicro-2.23/src/uihelpers/dpadcontextmenuhelper.cpp
Examining data/antimicro-2.23/src/uihelpers/dpadcontextmenuhelper.h
Examining data/antimicro-2.23/src/uihelpers/dpadeditdialoghelper.cpp
Examining data/antimicro-2.23/src/uihelpers/dpadeditdialoghelper.h
Examining data/antimicro-2.23/src/uihelpers/gamecontrollermappingdialoghelper.cpp
Examining data/antimicro-2.23/src/uihelpers/gamecontrollermappingdialoghelper.h
Examining data/antimicro-2.23/src/uihelpers/joyaxiscontextmenuhelper.cpp
Examining data/antimicro-2.23/src/uihelpers/joyaxiscontextmenuhelper.h
Examining data/antimicro-2.23/src/uihelpers/joycontrolstickcontextmenuhelper.cpp
Examining data/antimicro-2.23/src/uihelpers/joycontrolstickcontextmenuhelper.h
Examining data/antimicro-2.23/src/uihelpers/joycontrolstickeditdialoghelper.cpp
Examining data/antimicro-2.23/src/uihelpers/joycontrolstickeditdialoghelper.h
Examining data/antimicro-2.23/src/uihelpers/joytabwidgethelper.cpp
Examining data/antimicro-2.23/src/uihelpers/joytabwidgethelper.h
Examining data/antimicro-2.23/src/uinputhelper.cpp
Examining data/antimicro-2.23/src/uinputhelper.h
Examining data/antimicro-2.23/src/unixcapturewindowutility.cpp
Examining data/antimicro-2.23/src/unixcapturewindowutility.h
Examining data/antimicro-2.23/src/unixwindowinfodialog.cpp
Examining data/antimicro-2.23/src/unixwindowinfodialog.h
Examining data/antimicro-2.23/src/vdpad.cpp
Examining data/antimicro-2.23/src/vdpad.h
Examining data/antimicro-2.23/src/winappprofiletimerdialog.cpp
Examining data/antimicro-2.23/src/winappprofiletimerdialog.h
Examining data/antimicro-2.23/src/winextras.cpp
Examining data/antimicro-2.23/src/winextras.h
Examining data/antimicro-2.23/src/x11extras.cpp
Examining data/antimicro-2.23/src/x11extras.h
Examining data/antimicro-2.23/src/xmlconfigmigration.cpp
Examining data/antimicro-2.23/src/xmlconfigmigration.h
Examining data/antimicro-2.23/src/xmlconfigreader.cpp
Examining data/antimicro-2.23/src/xmlconfigreader.h
Examining data/antimicro-2.23/src/xmlconfigwriter.cpp
Examining data/antimicro-2.23/src/xmlconfigwriter.h
Examining data/antimicro-2.23/src/aboutdialog.cpp
FINAL RESULTS:
data/antimicro-2.23/src/x11extras.cpp:377:27: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
ssize_t len = readlink(tempByteArray.constData(), buf, sizeof(buf)-1);
data/antimicro-2.23/src/keyboard/virtualkeyboardmousewidget.cpp:149:18: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (QLocale::system().language() != QLocale::French &&
data/antimicro-2.23/src/keyboard/virtualkeyboardmousewidget.cpp:150:18: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QLocale::system().language() != QLocale::German)
data/antimicro-2.23/src/keyboard/virtualkeyboardmousewidget.cpp:170:18: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (QLocale::system().language() == QLocale::French ||
data/antimicro-2.23/src/keyboard/virtualkeyboardmousewidget.cpp:171:18: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QLocale::system().language() == QLocale::German)
data/antimicro-2.23/src/keyboard/virtualkeyboardmousewidget.cpp:183:18: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (QLocale::system().language() == QLocale::French)
data/antimicro-2.23/src/main.cpp:486:35: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QString targetLang = QLocale::system().name();
data/antimicro-2.23/src/mainsettingsdialog.cpp:834:38: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
emit changeLanguage(QLocale::system().name());
data/antimicro-2.23/src/aboutdialog.cpp:94:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
temp.open(QIODevice::Text | QIODevice::ReadOnly);
data/antimicro-2.23/src/event.cpp:736:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempstring[256];
data/antimicro-2.23/src/event.cpp:772:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t buffer[50] = {0};
data/antimicro-2.23/src/eventhandlers/uinputeventhandler.cpp:320:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
filehandle = open(tempArray.constData(), O_WRONLY | O_NONBLOCK);
data/antimicro-2.23/src/gamecontroller/gamecontroller.cpp:85:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char guidString[65] = {'0'};
data/antimicro-2.23/src/inputdaemon.cpp:196:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char guidString[65] = {'0'};
data/antimicro-2.23/src/inputdaemon.cpp:274:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char guidString[65] = {'0'};
data/antimicro-2.23/src/inputdaemon.cpp:516:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char guidString[65] = {'0'};
data/antimicro-2.23/src/inputdaemon.cpp:611:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char guidString[65] = {'0'};
data/antimicro-2.23/src/joystick.cpp:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char guidString[65] = {'0'};
data/antimicro-2.23/src/logger.cpp:374:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
instance->outputFile.open( QIODevice::WriteOnly | QIODevice::Append );
data/antimicro-2.23/src/logger.cpp:387:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
instance->errorFile.open( QIODevice::WriteOnly | QIODevice::Append );
data/antimicro-2.23/src/mainsettingsdialog.cpp:638:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (tempFile.open(QFile::WriteOnly))
data/antimicro-2.23/src/qtwinkeymapper.cpp:258:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf[2] = {'\0', '\0'};
data/antimicro-2.23/src/qtx11keymapper.cpp:350:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char returnstring[256];
data/antimicro-2.23/src/winextras.cpp:267:9: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR filename[MAX_PATH];
data/antimicro-2.23/src/winextras.cpp:349:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t tempverb[6];
data/antimicro-2.23/src/winextras.cpp:350:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t tempfile[antiProgramLocation.length() + 1];
data/antimicro-2.23/src/winextras.cpp:462:9: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR foundWindowTitle[256];
data/antimicro-2.23/src/x11extras.cpp:375:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/antimicro-2.23/src/xmlconfigreader.cpp:92:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
configFile->open(QFile::ReadOnly | QFile::Text);
data/antimicro-2.23/src/xmlconfigreader.cpp:119:33: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
configFile->open(QFile::WriteOnly | QFile::Text);
data/antimicro-2.23/src/xmlconfigwriter.cpp:58:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
configFile->open(QFile::WriteOnly | QFile::Text);
data/antimicro-2.23/src/eventhandlers/uinputeventhandler.cpp:399:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(uidev.name, temp.constData(), UINPUT_MAX_NAME_SIZE);
data/antimicro-2.23/src/eventhandlers/uinputeventhandler.cpp:416:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(uidev.name, temp.constData(), UINPUT_MAX_NAME_SIZE);
data/antimicro-2.23/src/eventhandlers/uinputeventhandler.cpp:433:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(uidev.name, temp.constData(), UINPUT_MAX_NAME_SIZE);
data/antimicro-2.23/src/main.cpp:350:9: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(0);
data/antimicro-2.23/src/xmlconfigreader.cpp:79:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read();
data/antimicro-2.23/src/xmlconfigreader.cpp:82:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool XMLConfigReader::read()
data/antimicro-2.23/src/xmlconfigreader.h:44:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read();
ANALYSIS SUMMARY:
Hits = 38
Lines analyzed = 62682 in approximately 1.33 seconds (46978 lines/second)
Physical Source Lines of Code (SLOC) = 47588
Hits@level = [0] 0 [1] 7 [2] 23 [3] 0 [4] 7 [5] 1
Hits@level+ = [0+] 38 [1+] 38 [2+] 31 [3+] 8 [4+] 8 [5+] 1
Hits/KSLOC@level+ = [0+] 0.798521 [1+] 0.798521 [2+] 0.651425 [3+] 0.16811 [4+] 0.16811 [5+] 0.0210137
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.