Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/fcitx5-chinese-addons-5.0.1/gui/pinyindictmanager/browserdialog.cpp
Examining data/fcitx5-chinese-addons-5.0.1/gui/pinyindictmanager/browserdialog.h
Examining data/fcitx5-chinese-addons-5.0.1/gui/pinyindictmanager/filedownloader.cpp
Examining data/fcitx5-chinese-addons-5.0.1/gui/pinyindictmanager/filedownloader.h
Examining data/fcitx5-chinese-addons-5.0.1/gui/pinyindictmanager/filelistmodel.cpp
Examining data/fcitx5-chinese-addons-5.0.1/gui/pinyindictmanager/filelistmodel.h
Examining data/fcitx5-chinese-addons-5.0.1/gui/pinyindictmanager/guicommon.h
Examining data/fcitx5-chinese-addons-5.0.1/gui/pinyindictmanager/log.cpp
Examining data/fcitx5-chinese-addons-5.0.1/gui/pinyindictmanager/log.h
Examining data/fcitx5-chinese-addons-5.0.1/gui/pinyindictmanager/main.cpp
Examining data/fcitx5-chinese-addons-5.0.1/gui/pinyindictmanager/main.h
Examining data/fcitx5-chinese-addons-5.0.1/gui/pinyindictmanager/pinyindictmanager.cpp
Examining data/fcitx5-chinese-addons-5.0.1/gui/pinyindictmanager/pipeline.cpp
Examining data/fcitx5-chinese-addons-5.0.1/gui/pinyindictmanager/pipeline.h
Examining data/fcitx5-chinese-addons-5.0.1/gui/pinyindictmanager/pipelinejob.cpp
Examining data/fcitx5-chinese-addons-5.0.1/gui/pinyindictmanager/pipelinejob.h
Examining data/fcitx5-chinese-addons-5.0.1/gui/pinyindictmanager/processrunner.cpp
Examining data/fcitx5-chinese-addons-5.0.1/gui/pinyindictmanager/processrunner.h
Examining data/fcitx5-chinese-addons-5.0.1/gui/pinyindictmanager/renamefile.cpp
Examining data/fcitx5-chinese-addons-5.0.1/gui/pinyindictmanager/renamefile.h
Examining data/fcitx5-chinese-addons-5.0.1/gui/pinyindictmanager/pinyindictmanager.h
Examining data/fcitx5-chinese-addons-5.0.1/im/pinyin/pinyin.h
Examining data/fcitx5-chinese-addons-5.0.1/im/pinyin/pinyin.cpp
Examining data/fcitx5-chinese-addons-5.0.1/im/table/context.cpp
Examining data/fcitx5-chinese-addons-5.0.1/im/table/context.h
Examining data/fcitx5-chinese-addons-5.0.1/im/table/engine.cpp
Examining data/fcitx5-chinese-addons-5.0.1/im/table/engine.h
Examining data/fcitx5-chinese-addons-5.0.1/im/table/ime.cpp
Examining data/fcitx5-chinese-addons-5.0.1/im/table/ime.h
Examining data/fcitx5-chinese-addons-5.0.1/im/table/state.cpp
Examining data/fcitx5-chinese-addons-5.0.1/im/table/state.h
Examining data/fcitx5-chinese-addons-5.0.1/modules/chttrans/chttrans-native.cpp
Examining data/fcitx5-chinese-addons-5.0.1/modules/chttrans/chttrans-native.h
Examining data/fcitx5-chinese-addons-5.0.1/modules/chttrans/chttrans-opencc.cpp
Examining data/fcitx5-chinese-addons-5.0.1/modules/chttrans/chttrans-opencc.h
Examining data/fcitx5-chinese-addons-5.0.1/modules/chttrans/chttrans.cpp
Examining data/fcitx5-chinese-addons-5.0.1/modules/chttrans/chttrans.h
Examining data/fcitx5-chinese-addons-5.0.1/modules/cloudpinyin/cloudpinyin.cpp
Examining data/fcitx5-chinese-addons-5.0.1/modules/cloudpinyin/cloudpinyin.h
Examining data/fcitx5-chinese-addons-5.0.1/modules/cloudpinyin/cloudpinyin_public.h
Examining data/fcitx5-chinese-addons-5.0.1/modules/cloudpinyin/fetch.cpp
Examining data/fcitx5-chinese-addons-5.0.1/modules/cloudpinyin/fetch.h
Examining data/fcitx5-chinese-addons-5.0.1/modules/cloudpinyin/lrucache.h
Examining data/fcitx5-chinese-addons-5.0.1/modules/fullwidth/fullwidth.cpp
Examining data/fcitx5-chinese-addons-5.0.1/modules/fullwidth/fullwidth.h
Examining data/fcitx5-chinese-addons-5.0.1/modules/pinyinhelper/pinyinhelper.cpp
Examining data/fcitx5-chinese-addons-5.0.1/modules/pinyinhelper/pinyinhelper.h
Examining data/fcitx5-chinese-addons-5.0.1/modules/pinyinhelper/pinyinhelper_public.h
Examining data/fcitx5-chinese-addons-5.0.1/modules/pinyinhelper/pinyinlookup.cpp
Examining data/fcitx5-chinese-addons-5.0.1/modules/pinyinhelper/pinyinlookup.h
Examining data/fcitx5-chinese-addons-5.0.1/modules/pinyinhelper/stroke.cpp
Examining data/fcitx5-chinese-addons-5.0.1/modules/pinyinhelper/stroke.h
Examining data/fcitx5-chinese-addons-5.0.1/modules/punctuation/punctuation_public.h
Examining data/fcitx5-chinese-addons-5.0.1/modules/punctuation/punctuation.cpp
Examining data/fcitx5-chinese-addons-5.0.1/modules/punctuation/punctuation.h
Examining data/fcitx5-chinese-addons-5.0.1/test/testchttrans.cpp
Examining data/fcitx5-chinese-addons-5.0.1/test/testcloudpinyin.cpp
Examining data/fcitx5-chinese-addons-5.0.1/test/testfullwidth.cpp
Examining data/fcitx5-chinese-addons-5.0.1/test/testpinyin.cpp
Examining data/fcitx5-chinese-addons-5.0.1/test/testpinyinhelper.cpp
Examining data/fcitx5-chinese-addons-5.0.1/test/testpunctuation.cpp
Examining data/fcitx5-chinese-addons-5.0.1/tools/scel2org5.cpp
FINAL RESULTS:
data/fcitx5-chinese-addons-5.0.1/tools/scel2org5.cpp:97:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "o:h")) != -1) {
data/fcitx5-chinese-addons-5.0.1/gui/pinyindictmanager/filedownloader.cpp:21:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file_.open(QIODevice::WriteOnly)) {
data/fcitx5-chinese-addons-5.0.1/gui/pinyindictmanager/filelistmodel.cpp:124:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
disableFile.open(QIODevice::WriteOnly);
data/fcitx5-chinese-addons-5.0.1/gui/pinyindictmanager/pinyindictmanager.cpp:120:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tempFile.open()) {
data/fcitx5-chinese-addons-5.0.1/im/pinyin/pinyin.cpp:684:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto file = standardPath.open(StandardPath::Type::PkgData,
data/fcitx5-chinese-addons-5.0.1/im/pinyin/pinyin.cpp:689:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto file = standardPath.open(StandardPath::Type::PkgData,
data/fcitx5-chinese-addons-5.0.1/im/pinyin/pinyin.cpp:751:44: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto file = StandardPath::global().open(StandardPath::Type::PkgConfig,
data/fcitx5-chinese-addons-5.0.1/im/table/ime.cpp:111:52: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto dictFile = StandardPath::global().open(
data/fcitx5-chinese-addons-5.0.1/modules/chttrans/chttrans-native.cpp:20:40: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto file = StandardPath::global().open(StandardPath::Type::PkgData,
data/fcitx5-chinese-addons-5.0.1/modules/pinyinhelper/pinyinlookup.cpp:111:40: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto file = StandardPath::global().open(
data/fcitx5-chinese-addons-5.0.1/modules/pinyinhelper/pinyinlookup.cpp:124:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[FCITX_UTF8_MAX_LENGTH + 1];
data/fcitx5-chinese-addons-5.0.1/modules/pinyinhelper/stroke.cpp:24:40: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto file = StandardPath::global().open(
data/fcitx5-chinese-addons-5.0.1/tools/scel2org5.cpp:72:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char header_str[HEADER_SIZE] = {'\x40', '\x15', '\0', '\0',
data/fcitx5-chinese-addons-5.0.1/tools/scel2org5.cpp:75:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char pinyin_str[PINYIN_SIZE] = {'\x9d', '\x01', '\0', '\0'};
data/fcitx5-chinese-addons-5.0.1/tools/scel2org5.cpp:115:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout.open(outputFile, std::ios::out | std::ios::binary);
data/fcitx5-chinese-addons-5.0.1/tools/scel2org5.cpp:124:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
UnixFD fd = UnixFD::own(open(argv[optind], O_RDONLY));
data/fcitx5-chinese-addons-5.0.1/tools/scel2org5.cpp:130:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char headerBuf[HEADER_SIZE];
data/fcitx5-chinese-addons-5.0.1/tools/scel2org5.cpp:138:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char descBuf[DESC_LENGTH];
data/fcitx5-chinese-addons-5.0.1/tools/scel2org5.cpp:142:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ldescBuf[LDESC_LENGTH];
data/fcitx5-chinese-addons-5.0.1/tools/scel2org5.cpp:146:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nextBuf[NEXT_LENGTH];
data/fcitx5-chinese-addons-5.0.1/tools/scel2org5.cpp:150:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pyBuf[PINYIN_SIZE];
data/fcitx5-chinese-addons-5.0.1/modules/cloudpinyin/cloudpinyin.cpp:44:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start += strlen("\",[\"");
data/fcitx5-chinese-addons-5.0.1/modules/cloudpinyin/cloudpinyin.cpp:74:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start += strlen("[[\"");
data/fcitx5-chinese-addons-5.0.1/modules/pinyinhelper/pinyinlookup.cpp:126:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
auto res = read(file.fd(), &wordLen, 1);
data/fcitx5-chinese-addons-5.0.1/modules/pinyinhelper/pinyinlookup.cpp:133:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(file.fd(), word, wordLen) != wordLen) {
data/fcitx5-chinese-addons-5.0.1/modules/pinyinhelper/pinyinlookup.cpp:143:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(file.fd(), &count, 1) != 1) {
data/fcitx5-chinese-addons-5.0.1/modules/pinyinhelper/pinyinlookup.cpp:152:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(file.fd(), buf, 3) != 3) {
ANALYSIS SUMMARY:
Hits = 27
Lines analyzed = 8685 in approximately 0.28 seconds (31561 lines/second)
Physical Source Lines of Code (SLOC) = 7213
Hits@level = [0] 0 [1] 6 [2] 20 [3] 1 [4] 0 [5] 0
Hits@level+ = [0+] 27 [1+] 27 [2+] 21 [3+] 1 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 3.74324 [1+] 3.74324 [2+] 2.91141 [3+] 0.138639 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.