Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/main.cpp
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfaddresscache.cpp
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfaddresscache.h
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfattributes.cpp
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfattributes.h
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfdata.cpp
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfdata.h
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfelfmap.cpp
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfelfmap.h
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perffeatures.cpp
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perffeatures.h
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perffilesection.cpp
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perffilesection.h
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfheader.cpp
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfheader.h
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfkallsyms.cpp
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfkallsyms.h
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfregisterinfo.cpp
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfregisterinfo.h
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfstdin.cpp
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfstdin.h
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfsymboltable.cpp
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfsymboltable.h
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.h
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfunwind.cpp
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfunwind.h
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/addresscache/tst_addresscache.cpp
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/elfmap/tst_elfmap.cpp
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/kallsyms/tst_kallsyms.cpp
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/perfdata/tst_perfdata.cpp
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/shared/perfparsertestclient.cpp
Examining data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/shared/perfparsertestclient.h
Examining data/hotspot-1.1.0+git20190211/src/aboutdialog.cpp
Examining data/hotspot-1.1.0+git20190211/src/aboutdialog.h
Examining data/hotspot-1.1.0+git20190211/src/flamegraph.cpp
Examining data/hotspot-1.1.0+git20190211/src/flamegraph.h
Examining data/hotspot-1.1.0+git20190211/src/main.cpp
Examining data/hotspot-1.1.0+git20190211/src/mainwindow.cpp
Examining data/hotspot-1.1.0+git20190211/src/mainwindow.h
Examining data/hotspot-1.1.0+git20190211/src/models/callercalleemodel.cpp
Examining data/hotspot-1.1.0+git20190211/src/models/callercalleemodel.h
Examining data/hotspot-1.1.0+git20190211/src/models/costdelegate.cpp
Examining data/hotspot-1.1.0+git20190211/src/models/costdelegate.h
Examining data/hotspot-1.1.0+git20190211/src/models/data.cpp
Examining data/hotspot-1.1.0+git20190211/src/models/data.h
Examining data/hotspot-1.1.0+git20190211/src/models/eventmodel.cpp
Examining data/hotspot-1.1.0+git20190211/src/models/eventmodel.h
Examining data/hotspot-1.1.0+git20190211/src/models/filterandzoomstack.cpp
Examining data/hotspot-1.1.0+git20190211/src/models/filterandzoomstack.h
Examining data/hotspot-1.1.0+git20190211/src/models/hashmodel.cpp
Examining data/hotspot-1.1.0+git20190211/src/models/hashmodel.h
Examining data/hotspot-1.1.0+git20190211/src/models/processfiltermodel.cpp
Examining data/hotspot-1.1.0+git20190211/src/models/processfiltermodel.h
Examining data/hotspot-1.1.0+git20190211/src/models/processlist.h
Examining data/hotspot-1.1.0+git20190211/src/models/processlist_unix.cpp
Examining data/hotspot-1.1.0+git20190211/src/models/processmodel.cpp
Examining data/hotspot-1.1.0+git20190211/src/models/processmodel.h
Examining data/hotspot-1.1.0+git20190211/src/models/timelinedelegate.cpp
Examining data/hotspot-1.1.0+git20190211/src/models/timelinedelegate.h
Examining data/hotspot-1.1.0+git20190211/src/models/topproxy.cpp
Examining data/hotspot-1.1.0+git20190211/src/models/topproxy.h
Examining data/hotspot-1.1.0+git20190211/src/models/treemodel.cpp
Examining data/hotspot-1.1.0+git20190211/src/models/treemodel.h
Examining data/hotspot-1.1.0+git20190211/src/parsers/perf/perfparser.cpp
Examining data/hotspot-1.1.0+git20190211/src/parsers/perf/perfparser.h
Examining data/hotspot-1.1.0+git20190211/src/perfrecord.h
Examining data/hotspot-1.1.0+git20190211/src/recordpage.h
Examining data/hotspot-1.1.0+git20190211/src/resultsbottomuppage.cpp
Examining data/hotspot-1.1.0+git20190211/src/resultsbottomuppage.h
Examining data/hotspot-1.1.0+git20190211/src/resultscallercalleepage.cpp
Examining data/hotspot-1.1.0+git20190211/src/resultscallercalleepage.h
Examining data/hotspot-1.1.0+git20190211/src/resultsflamegraphpage.cpp
Examining data/hotspot-1.1.0+git20190211/src/resultsflamegraphpage.h
Examining data/hotspot-1.1.0+git20190211/src/resultspage.cpp
Examining data/hotspot-1.1.0+git20190211/src/resultspage.h
Examining data/hotspot-1.1.0+git20190211/src/resultssummarypage.cpp
Examining data/hotspot-1.1.0+git20190211/src/resultssummarypage.h
Examining data/hotspot-1.1.0+git20190211/src/resultstopdownpage.cpp
Examining data/hotspot-1.1.0+git20190211/src/resultstopdownpage.h
Examining data/hotspot-1.1.0+git20190211/src/resultsutil.cpp
Examining data/hotspot-1.1.0+git20190211/src/resultsutil.h
Examining data/hotspot-1.1.0+git20190211/src/startpage.cpp
Examining data/hotspot-1.1.0+git20190211/src/startpage.h
Examining data/hotspot-1.1.0+git20190211/src/util.cpp
Examining data/hotspot-1.1.0+git20190211/src/util.h
Examining data/hotspot-1.1.0+git20190211/src/perfrecord.cpp
Examining data/hotspot-1.1.0+git20190211/src/recordpage.cpp
Examining data/hotspot-1.1.0+git20190211/tests/integrationtests/dump_perf_data.cpp
Examining data/hotspot-1.1.0+git20190211/tests/integrationtests/tst_perfparser.cpp
Examining data/hotspot-1.1.0+git20190211/tests/modeltests/modeltest.cpp
Examining data/hotspot-1.1.0+git20190211/tests/modeltests/modeltest.h
Examining data/hotspot-1.1.0+git20190211/tests/modeltests/tst_models.cpp
Examining data/hotspot-1.1.0+git20190211/tests/modeltests/tst_timelinedelegate.cpp
Examining data/hotspot-1.1.0+git20190211/tests/test-clients/c-syscalls/main.c
Examining data/hotspot-1.1.0+git20190211/tests/test-clients/cpp-inlining/main.cpp
Examining data/hotspot-1.1.0+git20190211/tests/test-clients/cpp-locking/main.cpp
Examining data/hotspot-1.1.0+git20190211/tests/test-clients/cpp-minimal-static/main.cpp
Examining data/hotspot-1.1.0+git20190211/tests/test-clients/cpp-parallel/main.cpp
Examining data/hotspot-1.1.0+git20190211/tests/test-clients/cpp-recursion/main.cpp
Examining data/hotspot-1.1.0+git20190211/tests/test-clients/cpp-sleep/main.cpp
Examining data/hotspot-1.1.0+git20190211/tests/test-clients/cpp-stdin/main.cpp
Examining data/hotspot-1.1.0+git20190211/tests/test-clients/cpp-threadnames/main.cpp
Examining data/hotspot-1.1.0+git20190211/tests/testutils.h
FINAL RESULTS:
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp:191:79: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
bool PerfTracingData::readEventFormats(QDataStream &stream, const QByteArray &system)
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp:205:24: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
event.system = system;
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.h:66:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QByteArray system;
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.h:88:66: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
bool readEventFormats(QDataStream &stream, const QByteArray &system);
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfunwind.cpp:249:50: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
const qint32 systemId = resolveString(format.system);
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/perfdata/tst_perfdata.cpp:169:39: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QCOMPARE(client.string(format.system), QByteArray("probe_untitled1"));
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/shared/perfparsertestclient.cpp:168:46: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
stream >> id >> tracePointFormat.system >> tracePointFormat.name
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/shared/perfparsertestclient.cpp:170:42: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
checkString(tracePointFormat.system);
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/shared/perfparsertestclient.h:77:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
qint32 system;
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/main.cpp:200:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!outfile->open(QIODevice::WriteOnly))
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/main.cpp:207:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!outfile->open(stdout, QIODevice::WriteOnly))
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/main.cpp:315:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!infile->open(QIODevice::ReadOnly))
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfkallsyms.cpp:33:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfstdin.cpp:26:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool PerfStdin::open(QIODevice::OpenMode mode)
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfstdin.cpp:31:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return QIODevice::open(mode);
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfstdin.h:29:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(OpenMode mode) override;
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfsymboltable.cpp:50:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(ret, string, length);
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfsymboltable.cpp:57:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define eu_compat_open open
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfsymboltable.cpp:122:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(memcpyTarget(result, wordWidth), src, static_cast<size_t>(wordWidth));
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfsymboltable.cpp:1119:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_perfMapFile.open(QIODevice::ReadOnly);
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfunwind.cpp:122:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(m_debugInfoPath, newDebugInfo.data(), debugInfoLength);
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/elfmap/tst_elfmap.cpp:84:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(tmpFile1.open());
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/elfmap/tst_elfmap.cpp:91:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(tmpFile2.open());
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/kallsyms/tst_kallsyms.cpp:96:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open());
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/kallsyms/tst_kallsyms.cpp:115:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open());
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/perfdata/tst_perfdata.cpp:109:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(input.open(QIODevice::ReadOnly));
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/perfdata/tst_perfdata.cpp:110:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(output.open(QIODevice::WriteOnly));
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/perfdata/tst_perfdata.cpp:156:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output.open(QIODevice::ReadOnly);
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/perfdata/tst_perfdata.cpp:187:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(input.open(QIODevice::ReadOnly));
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/perfdata/tst_perfdata.cpp:188:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(output.open(QIODevice::WriteOnly));
data/hotspot-1.1.0+git20190211/src/mainwindow.cpp:141:46: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ui->fileMenu->addAction(KStandardAction::open(this, SLOT(onOpenFileButtonClicked()), this));
data/hotspot-1.1.0+git20190211/src/models/processlist_unix.cpp:110:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly))
data/hotspot-1.1.0+git20190211/src/models/processlist_unix.cpp:128:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (cmdFile.open(QFile::ReadOnly)) {
data/hotspot-1.1.0+git20190211/src/parsers/perf/perfparser.cpp:546:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/hotspot-1.1.0+git20190211/src/perfrecord.cpp:112:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outputFile->open();
data/hotspot-1.1.0+git20190211/src/perfrecord.cpp:335:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return paranoid.open(QIODevice::ReadOnly) && paranoid.readAll().trimmed() == "-1";
data/hotspot-1.1.0+git20190211/tests/integrationtests/tst_perfparser.cpp:139:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tempFile.open();
data/hotspot-1.1.0+git20190211/tests/integrationtests/tst_perfparser.cpp:159:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tempFile.open();
data/hotspot-1.1.0+git20190211/tests/integrationtests/tst_perfparser.cpp:177:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tempFile.open();
data/hotspot-1.1.0+git20190211/tests/integrationtests/tst_perfparser.cpp:193:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tempFile.open();
data/hotspot-1.1.0+git20190211/tests/integrationtests/tst_perfparser.cpp:238:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tempFile.open();
data/hotspot-1.1.0+git20190211/tests/integrationtests/tst_perfparser.cpp:254:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tempFile.open();
data/hotspot-1.1.0+git20190211/tests/integrationtests/tst_perfparser.cpp:278:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tempFile.open();
data/hotspot-1.1.0+git20190211/tests/integrationtests/tst_perfparser.cpp:294:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tempFile.open();
data/hotspot-1.1.0+git20190211/tests/integrationtests/tst_perfparser.cpp:326:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tempFile.open();
data/hotspot-1.1.0+git20190211/tests/integrationtests/tst_perfparser.cpp:347:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tempFile.open();
data/hotspot-1.1.0+git20190211/tests/integrationtests/tst_perfparser.cpp:364:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tempFile.open();
data/hotspot-1.1.0+git20190211/tests/integrationtests/tst_perfparser.cpp:409:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tempFile.open();
data/hotspot-1.1.0+git20190211/tests/integrationtests/tst_perfparser.cpp:451:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tempFile.open();
data/hotspot-1.1.0+git20190211/tests/integrationtests/tst_perfparser.cpp:476:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tempFile.open();
data/hotspot-1.1.0+git20190211/tests/test-clients/c-syscalls/main.c:37:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(argv[0], "rb");
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/main.cpp:262:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!attributes.read(infile.data(), &header)) {
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/main.cpp:267:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!features.read(infile.data(), &header)) {
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/main.cpp:292:82: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QObject::connect(infile.data(), &QIODevice::readyRead, &data, &PerfData::read);
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/main.cpp:294:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
data.read();
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfattributes.cpp:211:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool PerfAttributes::read(QIODevice *device, PerfHeader *header)
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfattributes.h:283:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(QIODevice *device, PerfHeader *header);
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfdata.cpp:254:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void PerfData::read()
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfdata.cpp:259:70: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
disconnect(m_source, &QIODevice::readyRead, this, &PerfData::read);
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfdata.cpp:264:70: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
disconnect(m_source, &QIODevice::readyRead, this, &PerfData::read);
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfdata.cpp:275:66: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
disconnect(m_source, &QIODevice::readyRead, this, &PerfData::read);
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfdata.cpp:618:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (quint32 i = 0; i < (record.m_header.size - read) / sizeof(quint64); ++i) {
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfdata.h:516:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read();
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perffeatures.cpp:120:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool PerfFeatures::read(QIODevice *device, const PerfHeader *header)
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perffeatures.h:163:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(QIODevice *device, const PerfHeader *header);
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfheader.cpp:27:63: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
connect(source, &QIODevice::readyRead, this, &PerfHeader::read);
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfheader.cpp:32:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void PerfHeader::read()
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfheader.cpp:102:68: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
disconnect(m_source, &QIODevice::readyRead, this, &PerfHeader::read);
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfheader.h:76:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read();
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfstdin.cpp:44:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Q_ASSERT(read <= static_cast<size_t>(maxlen));
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfstdin.cpp:45:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return static_cast<qint64>(read);
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfsymboltable.cpp:48:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t length = strlen(string) + 1; // include null char
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perfsymboltable.cpp:599:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ret >= 0 || !debugLink || strlen(debugLink) == 0)
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp:34:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream >> read;
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp:35:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != 0)
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp:36:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
string.append(read);
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp:44:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray read(magic.size(), Qt::Uninitialized);
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp:45:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream.readRawData(read.data(), read.size());
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp:45:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream.readRawData(read.data(), read.size());
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp:46:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != magic) {
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp:47:63: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
qWarning() << "Invalid magic in perf tracing data" << read << " - expected" << magic;
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp:336:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
qint8 read;
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp:337:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream >> read;
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp:338:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
record.m_bigEndian = (read != 0);
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp:340:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream >> read;
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/app/perftracingdata.cpp:341:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
record.m_fileLongSize = (read != 0);
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/perfdata/tst_perfdata.cpp:46:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
attributes->read(input, header);
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/perfdata/tst_perfdata.cpp:49:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
features.read(input, header);
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/perfdata/tst_perfdata.cpp:74:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
data.read();
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/perfdata/tst_perfdata.cpp:81:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
header.read();
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/shared/perfparsertestclient.cpp:37:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
device->read(magic.data(), magicSize);
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/shared/perfparsertestclient.cpp:41:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
device->read(reinterpret_cast<char *>(&version), sizeof(qint32));
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/shared/perfparsertestclient.cpp:65:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
device->read(reinterpret_cast<char *>(&size), sizeof(quint32));
data/hotspot-1.1.0+git20190211/3rdparty/perfparser/tests/auto/shared/perfparsertestclient.cpp:69:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QDataStream stream(device->read(size));
data/hotspot-1.1.0+git20190211/src/parsers/perf/perfparser.cpp:566:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
process.read(buffer.buffer().data(), magic.size() + 1);
data/hotspot-1.1.0+git20190211/src/parsers/perf/perfparser.cpp:581:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
process.read(buffer.buffer().data(), sizeof(dataStreamVersion));
data/hotspot-1.1.0+git20190211/src/parsers/perf/perfparser.cpp:592:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
process.read(buffer.buffer().data(), sizeof(eventSize));
data/hotspot-1.1.0+git20190211/src/parsers/perf/perfparser.cpp:602:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
process.read(buffer.buffer().data(), eventSize);
ANALYSIS SUMMARY:
Hits = 98
Lines analyzed = 21097 in approximately 3.95 seconds (5344 lines/second)
Physical Source Lines of Code (SLOC) = 15018
Hits@level = [0] 2 [1] 47 [2] 42 [3] 0 [4] 9 [5] 0
Hits@level+ = [0+] 100 [1+] 98 [2+] 51 [3+] 9 [4+] 9 [5+] 0
Hits/KSLOC@level+ = [0+] 6.65868 [1+] 6.5255 [2+] 3.39592 [3+] 0.599281 [4+] 0.599281 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.