Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/main.cpp Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfaddresscache.cpp Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfaddresscache.h Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfattributes.cpp Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfattributes.h Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfdata.cpp Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfdata.h Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfelfmap.cpp Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfelfmap.h Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perffeatures.cpp Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perffeatures.h Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perffilesection.cpp Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perffilesection.h Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfheader.cpp Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfheader.h Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfkallsyms.cpp Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfkallsyms.h Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfregisterinfo.cpp Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfregisterinfo.h Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfstdin.cpp Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfstdin.h Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfsymboltable.cpp Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfsymboltable.h Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.h Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfunwind.cpp Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfunwind.h Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/addresscache/tst_addresscache.cpp Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/elfmap/tst_elfmap.cpp Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/kallsyms/tst_kallsyms.cpp Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/perfdata/tst_perfdata.cpp Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/shared/perfparsertestclient.cpp Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/shared/perfparsertestclient.h Examining data/hotspot-1.1.0+git20190211/src/aboutdialog.cpp Examining data/hotspot-1.1.0+git20190211/src/aboutdialog.h Examining data/hotspot-1.1.0+git20190211/src/flamegraph.cpp Examining data/hotspot-1.1.0+git20190211/src/flamegraph.h Examining data/hotspot-1.1.0+git20190211/src/main.cpp Examining data/hotspot-1.1.0+git20190211/src/mainwindow.cpp Examining data/hotspot-1.1.0+git20190211/src/mainwindow.h Examining data/hotspot-1.1.0+git20190211/src/models/callercalleemodel.cpp Examining data/hotspot-1.1.0+git20190211/src/models/callercalleemodel.h Examining data/hotspot-1.1.0+git20190211/src/models/costdelegate.cpp Examining data/hotspot-1.1.0+git20190211/src/models/costdelegate.h Examining data/hotspot-1.1.0+git20190211/src/models/data.cpp Examining data/hotspot-1.1.0+git20190211/src/models/data.h Examining data/hotspot-1.1.0+git20190211/src/models/eventmodel.cpp Examining data/hotspot-1.1.0+git20190211/src/models/eventmodel.h Examining data/hotspot-1.1.0+git20190211/src/models/filterandzoomstack.cpp Examining data/hotspot-1.1.0+git20190211/src/models/filterandzoomstack.h Examining data/hotspot-1.1.0+git20190211/src/models/hashmodel.cpp Examining data/hotspot-1.1.0+git20190211/src/models/hashmodel.h Examining data/hotspot-1.1.0+git20190211/src/models/processfiltermodel.cpp Examining data/hotspot-1.1.0+git20190211/src/models/processfiltermodel.h Examining data/hotspot-1.1.0+git20190211/src/models/processlist.h Examining data/hotspot-1.1.0+git20190211/src/models/processlist_unix.cpp Examining data/hotspot-1.1.0+git20190211/src/models/processmodel.cpp Examining data/hotspot-1.1.0+git20190211/src/models/processmodel.h Examining data/hotspot-1.1.0+git20190211/src/models/timelinedelegate.cpp Examining data/hotspot-1.1.0+git20190211/src/models/timelinedelegate.h Examining data/hotspot-1.1.0+git20190211/src/models/topproxy.cpp Examining data/hotspot-1.1.0+git20190211/src/models/topproxy.h Examining data/hotspot-1.1.0+git20190211/src/models/treemodel.cpp Examining data/hotspot-1.1.0+git20190211/src/models/treemodel.h Examining data/hotspot-1.1.0+git20190211/src/parsers/perf/perfparser.cpp Examining data/hotspot-1.1.0+git20190211/src/parsers/perf/perfparser.h Examining data/hotspot-1.1.0+git20190211/src/perfrecord.h Examining data/hotspot-1.1.0+git20190211/src/recordpage.h Examining data/hotspot-1.1.0+git20190211/src/resultsbottomuppage.cpp Examining data/hotspot-1.1.0+git20190211/src/resultsbottomuppage.h Examining data/hotspot-1.1.0+git20190211/src/resultscallercalleepage.cpp Examining data/hotspot-1.1.0+git20190211/src/resultscallercalleepage.h Examining data/hotspot-1.1.0+git20190211/src/resultsflamegraphpage.cpp Examining data/hotspot-1.1.0+git20190211/src/resultsflamegraphpage.h Examining data/hotspot-1.1.0+git20190211/src/resultspage.cpp Examining data/hotspot-1.1.0+git20190211/src/resultspage.h Examining data/hotspot-1.1.0+git20190211/src/resultssummarypage.cpp Examining data/hotspot-1.1.0+git20190211/src/resultssummarypage.h Examining data/hotspot-1.1.0+git20190211/src/resultstopdownpage.cpp Examining data/hotspot-1.1.0+git20190211/src/resultstopdownpage.h Examining data/hotspot-1.1.0+git20190211/src/resultsutil.cpp Examining data/hotspot-1.1.0+git20190211/src/resultsutil.h Examining data/hotspot-1.1.0+git20190211/src/startpage.cpp Examining data/hotspot-1.1.0+git20190211/src/startpage.h Examining data/hotspot-1.1.0+git20190211/src/util.cpp Examining data/hotspot-1.1.0+git20190211/src/util.h Examining data/hotspot-1.1.0+git20190211/src/perfrecord.cpp Examining data/hotspot-1.1.0+git20190211/src/recordpage.cpp Examining data/hotspot-1.1.0+git20190211/tests/integrationtests/dump_perf_data.cpp Examining data/hotspot-1.1.0+git20190211/tests/integrationtests/tst_perfparser.cpp Examining data/hotspot-1.1.0+git20190211/tests/modeltests/modeltest.cpp Examining data/hotspot-1.1.0+git20190211/tests/modeltests/modeltest.h Examining data/hotspot-1.1.0+git20190211/tests/modeltests/tst_models.cpp Examining data/hotspot-1.1.0+git20190211/tests/modeltests/tst_timelinedelegate.cpp Examining data/hotspot-1.1.0+git20190211/tests/test-clients/c-syscalls/main.c Examining data/hotspot-1.1.0+git20190211/tests/test-clients/cpp-inlining/main.cpp Examining data/hotspot-1.1.0+git20190211/tests/test-clients/cpp-locking/main.cpp Examining data/hotspot-1.1.0+git20190211/tests/test-clients/cpp-minimal-static/main.cpp Examining data/hotspot-1.1.0+git20190211/tests/test-clients/cpp-parallel/main.cpp Examining data/hotspot-1.1.0+git20190211/tests/test-clients/cpp-recursion/main.cpp Examining data/hotspot-1.1.0+git20190211/tests/test-clients/cpp-sleep/main.cpp Examining data/hotspot-1.1.0+git20190211/tests/test-clients/cpp-stdin/main.cpp Examining data/hotspot-1.1.0+git20190211/tests/test-clients/cpp-threadnames/main.cpp Examining data/hotspot-1.1.0+git20190211/tests/testutils.h FINAL RESULTS: data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp:191:79: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. bool PerfTracingData::readEventFormats(QDataStream &stream, const QByteArray &system) data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp:205:24: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. event.system = system; data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.h:66:16: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. QByteArray system; data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.h:88:66: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. bool readEventFormats(QDataStream &stream, const QByteArray &system); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfunwind.cpp:249:50: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. const qint32 systemId = resolveString(format.system); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/perfdata/tst_perfdata.cpp:169:39: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. QCOMPARE(client.string(format.system), QByteArray("probe_untitled1")); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/shared/perfparsertestclient.cpp:168:46: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. stream >> id >> tracePointFormat.system >> tracePointFormat.name data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/shared/perfparsertestclient.cpp:170:42: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. checkString(tracePointFormat.system); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/shared/perfparsertestclient.h:77:16: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. qint32 system; data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/main.cpp:200:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!outfile->open(QIODevice::WriteOnly)) data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/main.cpp:207:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!outfile->open(stdout, QIODevice::WriteOnly)) data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/main.cpp:315:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!infile->open(QIODevice::ReadOnly)) data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfkallsyms.cpp:33:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) { data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfstdin.cpp:26:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool PerfStdin::open(QIODevice::OpenMode mode) data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfstdin.cpp:31:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return QIODevice::open(mode); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfstdin.h:29:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(OpenMode mode) override; data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfsymboltable.cpp:50:14: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(ret, string, length); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfsymboltable.cpp:57:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define eu_compat_open open data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfsymboltable.cpp:122:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(memcpyTarget(result, wordWidth), src, static_cast<size_t>(wordWidth)); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfsymboltable.cpp:1119:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_perfMapFile.open(QIODevice::ReadOnly); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfunwind.cpp:122:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(m_debugInfoPath, newDebugInfo.data(), debugInfoLength); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/elfmap/tst_elfmap.cpp:84:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(tmpFile1.open()); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/elfmap/tst_elfmap.cpp:91:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(tmpFile2.open()); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/kallsyms/tst_kallsyms.cpp:96:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(file.open()); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/kallsyms/tst_kallsyms.cpp:115:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(file.open()); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/perfdata/tst_perfdata.cpp:109:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(input.open(QIODevice::ReadOnly)); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/perfdata/tst_perfdata.cpp:110:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(output.open(QIODevice::WriteOnly)); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/perfdata/tst_perfdata.cpp:156:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). output.open(QIODevice::ReadOnly); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/perfdata/tst_perfdata.cpp:187:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(input.open(QIODevice::ReadOnly)); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/perfdata/tst_perfdata.cpp:188:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(output.open(QIODevice::WriteOnly)); data/hotspot-1.1.0+git20190211/src/mainwindow.cpp:141:46: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ui->fileMenu->addAction(KStandardAction::open(this, SLOT(onOpenFileButtonClicked()), this)); data/hotspot-1.1.0+git20190211/src/models/processlist_unix.cpp:110:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly)) data/hotspot-1.1.0+git20190211/src/models/processlist_unix.cpp:128:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (cmdFile.open(QFile::ReadOnly)) { data/hotspot-1.1.0+git20190211/src/parsers/perf/perfparser.cpp:546:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadOnly); data/hotspot-1.1.0+git20190211/src/perfrecord.cpp:112:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outputFile->open(); data/hotspot-1.1.0+git20190211/src/perfrecord.cpp:335:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return paranoid.open(QIODevice::ReadOnly) && paranoid.readAll().trimmed() == "-1"; data/hotspot-1.1.0+git20190211/tests/integrationtests/tst_perfparser.cpp:139:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tempFile.open(); data/hotspot-1.1.0+git20190211/tests/integrationtests/tst_perfparser.cpp:159:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tempFile.open(); data/hotspot-1.1.0+git20190211/tests/integrationtests/tst_perfparser.cpp:177:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tempFile.open(); data/hotspot-1.1.0+git20190211/tests/integrationtests/tst_perfparser.cpp:193:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tempFile.open(); data/hotspot-1.1.0+git20190211/tests/integrationtests/tst_perfparser.cpp:238:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tempFile.open(); data/hotspot-1.1.0+git20190211/tests/integrationtests/tst_perfparser.cpp:254:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tempFile.open(); data/hotspot-1.1.0+git20190211/tests/integrationtests/tst_perfparser.cpp:278:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tempFile.open(); data/hotspot-1.1.0+git20190211/tests/integrationtests/tst_perfparser.cpp:294:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tempFile.open(); data/hotspot-1.1.0+git20190211/tests/integrationtests/tst_perfparser.cpp:326:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tempFile.open(); data/hotspot-1.1.0+git20190211/tests/integrationtests/tst_perfparser.cpp:347:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tempFile.open(); data/hotspot-1.1.0+git20190211/tests/integrationtests/tst_perfparser.cpp:364:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tempFile.open(); data/hotspot-1.1.0+git20190211/tests/integrationtests/tst_perfparser.cpp:409:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tempFile.open(); data/hotspot-1.1.0+git20190211/tests/integrationtests/tst_perfparser.cpp:451:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tempFile.open(); data/hotspot-1.1.0+git20190211/tests/integrationtests/tst_perfparser.cpp:476:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tempFile.open(); data/hotspot-1.1.0+git20190211/tests/test-clients/c-syscalls/main.c:37:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(argv[0], "rb"); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/main.cpp:262:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!attributes.read(infile.data(), &header)) { data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/main.cpp:267:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!features.read(infile.data(), &header)) { data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/main.cpp:292:82: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QObject::connect(infile.data(), &QIODevice::readyRead, &data, &PerfData::read); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/main.cpp:294:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). data.read(); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfattributes.cpp:211:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool PerfAttributes::read(QIODevice *device, PerfHeader *header) data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfattributes.h:283:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(QIODevice *device, PerfHeader *header); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfdata.cpp:254:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void PerfData::read() data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfdata.cpp:259:70: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). disconnect(m_source, &QIODevice::readyRead, this, &PerfData::read); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfdata.cpp:264:70: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). disconnect(m_source, &QIODevice::readyRead, this, &PerfData::read); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfdata.cpp:275:66: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). disconnect(m_source, &QIODevice::readyRead, this, &PerfData::read); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfdata.cpp:618:53: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (quint32 i = 0; i < (record.m_header.size - read) / sizeof(quint64); ++i) { data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfdata.h:516:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void read(); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perffeatures.cpp:120:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool PerfFeatures::read(QIODevice *device, const PerfHeader *header) data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perffeatures.h:163:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(QIODevice *device, const PerfHeader *header); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfheader.cpp:27:63: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). connect(source, &QIODevice::readyRead, this, &PerfHeader::read); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfheader.cpp:32:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void PerfHeader::read() data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfheader.cpp:102:68: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). disconnect(m_source, &QIODevice::readyRead, this, &PerfHeader::read); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfheader.h:76:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void read(); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfstdin.cpp:44:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Q_ASSERT(read <= static_cast<size_t>(maxlen)); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfstdin.cpp:45:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return static_cast<qint64>(read); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfsymboltable.cpp:48:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t length = strlen(string) + 1; // include null char data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfsymboltable.cpp:599:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (ret >= 0 || !debugLink || strlen(debugLink) == 0) data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp:34:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). stream >> read; data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp:35:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read != 0) data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp:36:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). string.append(read); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp:44:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QByteArray read(magic.size(), Qt::Uninitialized); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp:45:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). stream.readRawData(read.data(), read.size()); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp:45:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). stream.readRawData(read.data(), read.size()); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp:46:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read != magic) { data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp:47:63: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). qWarning() << "Invalid magic in perf tracing data" << read << " - expected" << magic; data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp:336:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). qint8 read; data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp:337:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). stream >> read; data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp:338:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). record.m_bigEndian = (read != 0); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp:340:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). stream >> read; data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp:341:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). record.m_fileLongSize = (read != 0); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/perfdata/tst_perfdata.cpp:46:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). attributes->read(input, header); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/perfdata/tst_perfdata.cpp:49:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). features.read(input, header); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/perfdata/tst_perfdata.cpp:74:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). data.read(); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/perfdata/tst_perfdata.cpp:81:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). header.read(); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/shared/perfparsertestclient.cpp:37:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). device->read(magic.data(), magicSize); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/shared/perfparsertestclient.cpp:41:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). device->read(reinterpret_cast<char *>(&version), sizeof(qint32)); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/shared/perfparsertestclient.cpp:65:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). device->read(reinterpret_cast<char *>(&size), sizeof(quint32)); data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/shared/perfparsertestclient.cpp:69:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QDataStream stream(device->read(size)); data/hotspot-1.1.0+git20190211/src/parsers/perf/perfparser.cpp:566:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). process.read(buffer.buffer().data(), magic.size() + 1); data/hotspot-1.1.0+git20190211/src/parsers/perf/perfparser.cpp:581:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). process.read(buffer.buffer().data(), sizeof(dataStreamVersion)); data/hotspot-1.1.0+git20190211/src/parsers/perf/perfparser.cpp:592:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). process.read(buffer.buffer().data(), sizeof(eventSize)); data/hotspot-1.1.0+git20190211/src/parsers/perf/perfparser.cpp:602:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). process.read(buffer.buffer().data(), eventSize); ANALYSIS SUMMARY: Hits = 98 Lines analyzed = 21097 in approximately 3.95 seconds (5344 lines/second) Physical Source Lines of Code (SLOC) = 15018 Hits@level = [0] 2 [1] 47 [2] 42 [3] 0 [4] 9 [5] 0 Hits@level+ = [0+] 100 [1+] 98 [2+] 51 [3+] 9 [4+] 9 [5+] 0 Hits/KSLOC@level+ = [0+] 6.65868 [1+] 6.5255 [2+] 3.39592 [3+] 0.599281 [4+] 0.599281 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.