Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/kdegraphics-thumbnailers-20.04.3/blend/blendercreator.cpp Examining data/kdegraphics-thumbnailers-20.04.3/blend/blendercreator.h Examining data/kdegraphics-thumbnailers-20.04.3/raw/rawcreator.h Examining data/kdegraphics-thumbnailers-20.04.3/raw/rawcreator.cpp Examining data/kdegraphics-thumbnailers-20.04.3/ps/dscparse_adapter.h Examining data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp Examining data/kdegraphics-thumbnailers-20.04.3/ps/dscparse_adapter.cpp Examining data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp Examining data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.h Examining data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.h FINAL RESULTS: data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:1104:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(line, "Unknown in %s section at line %d:\n ", data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:352:2: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execvp(dvipsargs[0], const_cast<char *const *>(dvipsargs)); data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:363:2: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execvp(gsargs[0], const_cast<char *const *>(gsargs)); data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:381:7: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execvp(gsargs[0], const_cast<char *const *>(gsargs)); data/kdegraphics-thumbnailers-20.04.3/blend/blendercreator.cpp:46:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!file.open(QIODevice::ReadOnly)) { data/kdegraphics-thumbnailers-20.04.3/blend/blendercreator.cpp:57:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (gzFile->open(QIODevice::ReadOnly)) { data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:222:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * const dsc_scan_section_name[15] = { data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:335:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dsc->data + dsc->data_length, data, bytes_read); data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:439:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:554:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", i+1); data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:606:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_page, dsc->page, data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:629:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newmedia_array, dsc->media, data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:1013:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char begindata[MAXSTR+1]; data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:1020:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(begindata, dsc->line, num); data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:1042:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cnt = atoi(numberof); data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:1066:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). unsigned long cnt = atoi(dsc->line + 14); data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:1094:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dsc->last_line, dsc->line, len); data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:1102:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[DSC_LINE_LENGTH]; data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:1643:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char media_name[MAXSTR]; data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:1687:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAXSTR]; data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:1688:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char colour[MAXSTR]; data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:1689:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[MAXSTR]; data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:2048:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAXSTR]; data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:2091:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[MAXSTR]; data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:2124:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char colour[MAXSTR]; data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:2360:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXSTR+MAXSTR] = ""; data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:2365:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf+strlen(buf), "\n%%%%Begin%.40s: / %%%%End%.40s\n", str, str); data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:2605:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXSTR]; data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:2823:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXSTR]; data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:3149:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, str, len); data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:3282:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newline[MAXSTR]; data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:3302:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(newline); data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:3308:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newline[MAXSTR]; data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:3352:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char page_label[MAXSTR]; data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:3362:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). page_ordinal = atoi(p); data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.h:389:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[CDSC_DATA_LENGTH];/* start of buffer */ data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.h:405:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char last_line[256]; /* previous DSC line, used for %%+ */ data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:219:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fp = fopen(QFile::encodeName(path), "r"); data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:222:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:244:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char translation[64] = ""; data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:245:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pagesize[32] = ""; data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:246:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char resopt[32] = ""; data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:503:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QIODevice::ReadOnly)) data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:506:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char test[4]; data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:515:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char trailer[4] = { 0xdf,0xdf,0xdf,0xdf }; data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:527:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(QFile::encodeName(path), "r"); data/kdegraphics-thumbnailers-20.04.3/blend/blendercreator.cpp:102:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read != fileBlockHeaderSize) { data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:553:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(dsc->page[i].label) == 0) { data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:555:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((dsc->page[i].label = dsc_alloc_string(dsc, buf, strlen(buf))) data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:592:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dsc_alloc_string(dsc, label, strlen(label)+1); data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:652:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(media->name)); data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:661:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(media->colour)); data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:667:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(media->type)); data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:1107:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(line, dsc->line, length); data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:2071:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dsc_alloc_string(dsc, p, strlen(p)); data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:2113:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dsc_alloc_string(dsc, p, strlen(p)); data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:2146:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dsc_alloc_string(dsc, p, strlen(p)); data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:2362:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, dsc->line, dsc->line_length); data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:2365:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(buf+strlen(buf), "\n%%%%Begin%.40s: / %%%%End%.40s\n", str, str); data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:2366:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return dsc_error(dsc, CDSC_MESSAGE_BEGIN_END, buf, strlen(buf)); data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:3364:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (page_ordinal == 0) || (strlen(page_label) == 0) || data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:395:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int count = write(input[1], prolog, strlen(prolog)); data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:397:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(input[1], translation, strlen(translation)); data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:400:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (count == static_cast<int>(strlen(prolog))) { data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:416:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). count = read(output[0], data.data() + offset, 1024); data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:507:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ( f.read( (char *)test,2)<2 || test[0] != 247 || test[1] != 2 ) data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:517:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ( f.read( (char *)test, 4 )<4 || strncmp( (char *)test, (char*) trailer, 4 ) ) ANALYSIS SUMMARY: Hits = 67 Lines analyzed = 5677 in approximately 0.16 seconds (35905 lines/second) Physical Source Lines of Code (SLOC) = 4253 Hits@level = [0] 5 [1] 21 [2] 42 [3] 0 [4] 4 [5] 0 Hits@level+ = [0+] 72 [1+] 67 [2+] 46 [3+] 4 [4+] 4 [5+] 0 Hits/KSLOC@level+ = [0+] 16.9292 [1+] 15.7536 [2+] 10.8159 [3+] 0.940513 [4+] 0.940513 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.