Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/kdenlive-20.08.3/testingArea/audioOffset.cpp
Examining data/kdenlive-20.08.3/tests/abortutil.cpp
Examining data/kdenlive-20.08.3/tests/test_utils.cpp
Examining data/kdenlive-20.08.3/tests/TestMain.cpp
Examining data/kdenlive-20.08.3/tests/timewarptest.cpp
Examining data/kdenlive-20.08.3/tests/catch.hpp
Examining data/kdenlive-20.08.3/tests/modeltest.cpp
Examining data/kdenlive-20.08.3/tests/treetest.cpp
Examining data/kdenlive-20.08.3/tests/effectstest.cpp
Examining data/kdenlive-20.08.3/tests/snaptest.cpp
Examining data/kdenlive-20.08.3/tests/fakeit.hpp
Examining data/kdenlive-20.08.3/tests/keyframetest.cpp
Examining data/kdenlive-20.08.3/tests/regressions.cpp
Examining data/kdenlive-20.08.3/tests/test_utils.hpp
Examining data/kdenlive-20.08.3/tests/markertest.cpp
Examining data/kdenlive-20.08.3/tests/abortutil.hpp
Examining data/kdenlive-20.08.3/tests/groupstest.cpp
Examining data/kdenlive-20.08.3/tests/compositiontest.cpp
Examining data/kdenlive-20.08.3/tests/trimmingtest.cpp
Examining data/kdenlive-20.08.3/thumbnailer/mltpreview.h
Examining data/kdenlive-20.08.3/thumbnailer/mltpreview.cpp
Examining data/kdenlive-20.08.3/fuzzer/fuzzing.cpp
Examining data/kdenlive-20.08.3/fuzzer/main_reproducer.cpp
Examining data/kdenlive-20.08.3/fuzzer/main_fuzzer.cpp
Examining data/kdenlive-20.08.3/fuzzer/fuzzing.hpp
Examining data/kdenlive-20.08.3/fuzzer/fakeit_standalone.hpp
Examining data/kdenlive-20.08.3/renderer/renderjob.h
Examining data/kdenlive-20.08.3/renderer/renderjob.cpp
Examining data/kdenlive-20.08.3/renderer/kdenlive_render.cpp
Examining data/kdenlive-20.08.3/src/library/librarywidget.h
Examining data/kdenlive-20.08.3/src/library/librarywidget.cpp
Examining data/kdenlive-20.08.3/src/core.h
Examining data/kdenlive-20.08.3/src/titler/gradientwidget.h
Examining data/kdenlive-20.08.3/src/titler/unicodedialog.h
Examining data/kdenlive-20.08.3/src/titler/gradientwidget.cpp
Examining data/kdenlive-20.08.3/src/titler/titlewidget.h
Examining data/kdenlive-20.08.3/src/titler/graphicsscenerectmove.h
Examining data/kdenlive-20.08.3/src/titler/titlewidget.cpp
Examining data/kdenlive-20.08.3/src/titler/unicodedialog.cpp
Examining data/kdenlive-20.08.3/src/titler/graphicsscenerectmove.cpp
Examining data/kdenlive-20.08.3/src/titler/titledocument.cpp
Examining data/kdenlive-20.08.3/src/titler/titledocument.h
Examining data/kdenlive-20.08.3/src/assets/assetpanel.hpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/lumaliftgainparam.cpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/keyframewidget.cpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/colorwheel.h
Examining data/kdenlive-20.08.3/src/assets/view/widgets/hideparamwidget.hpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/abstractparamwidget.cpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/geometryeditwidget.cpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/switchparamwidget.cpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/urlparamwidget.hpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/colorwheel.cpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/lumaliftgainparam.hpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/listparamwidget.h
Examining data/kdenlive-20.08.3/src/assets/view/widgets/keyframeimport.h
Examining data/kdenlive-20.08.3/src/assets/view/widgets/buttonparamwidget.cpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/abstractparamwidget.hpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/doubleparamwidget.hpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/positioneditwidget.cpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/doubleparamwidget.cpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/keyframeedit.cpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/clickablelabelwidget.hpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/keywordparamwidget.hpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/fontparamwidget.hpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/slidewidget.cpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/hideparamwidget.cpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/animationwidget.cpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/keywordparamwidget.cpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/curves/cubic/kis_curve_widget.h
Examining data/kdenlive-20.08.3/src/assets/view/widgets/curves/cubic/kis_cubic_curve.h
Examining data/kdenlive-20.08.3/src/assets/view/widgets/curves/cubic/kis_cubic_curve.cpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/curves/cubic/kis_curve_widget.cpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/curves/abstractcurvewidget.h
Examining data/kdenlive-20.08.3/src/assets/view/widgets/curves/bezier/bpoint.cpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/curves/bezier/bpoint.h
Examining data/kdenlive-20.08.3/src/assets/view/widgets/curves/bezier/beziersplineeditor.cpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/curves/bezier/cubicbezierspline.cpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/curves/bezier/beziersplineeditor.h
Examining data/kdenlive-20.08.3/src/assets/view/widgets/curves/bezier/cubicbezierspline.h
Examining data/kdenlive-20.08.3/src/assets/view/widgets/curves/curveparamwidget.h
Examining data/kdenlive-20.08.3/src/assets/view/widgets/geometryeditwidget.hpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/urlparamwidget.cpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/fontparamwidget.cpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/slidewidget.hpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/coloreditwidget.hpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/coloreditwidget.cpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/keyframeedit.h
Examining data/kdenlive-20.08.3/src/assets/view/widgets/switchparamwidget.hpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/positioneditwidget.hpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/listparamwidget.cpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/boolparamwidget.cpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/keyframeimport.cpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/animationwidget.h
Examining data/kdenlive-20.08.3/src/assets/view/widgets/boolparamwidget.hpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/keyframewidget.hpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/buttonparamwidget.hpp
Examining data/kdenlive-20.08.3/src/assets/view/widgets/clickablelabelwidget.cpp
Examining data/kdenlive-20.08.3/src/assets/view/assetparameterview.hpp
Examining data/kdenlive-20.08.3/src/assets/view/assetparameterview.cpp
Examining data/kdenlive-20.08.3/src/assets/keyframes/view/keyframeview.hpp
Examining data/kdenlive-20.08.3/src/assets/keyframes/view/keyframeview.cpp
Examining data/kdenlive-20.08.3/src/assets/keyframes/model/rotoscoping/rotohelper.hpp
Examining data/kdenlive-20.08.3/src/assets/keyframes/model/rotoscoping/rotohelper.cpp
Examining data/kdenlive-20.08.3/src/assets/keyframes/model/rotoscoping/bpoint.cpp
Examining data/kdenlive-20.08.3/src/assets/keyframes/model/rotoscoping/bpoint.h
Examining data/kdenlive-20.08.3/src/assets/keyframes/model/keyframemodel.cpp
Examining data/kdenlive-20.08.3/src/assets/keyframes/model/keyframemodellist.hpp
Examining data/kdenlive-20.08.3/src/assets/keyframes/model/corners/cornershelper.hpp
Examining data/kdenlive-20.08.3/src/assets/keyframes/model/corners/cornershelper.cpp
Examining data/kdenlive-20.08.3/src/assets/keyframes/model/keyframemodel.hpp
Examining data/kdenlive-20.08.3/src/assets/keyframes/model/keyframemodellist.cpp
Examining data/kdenlive-20.08.3/src/assets/keyframes/model/keyframemonitorhelper.hpp
Examining data/kdenlive-20.08.3/src/assets/keyframes/model/keyframemonitorhelper.cpp
Examining data/kdenlive-20.08.3/src/assets/model/assetcommand.cpp
Examining data/kdenlive-20.08.3/src/assets/model/assetparametermodel.hpp
Examining data/kdenlive-20.08.3/src/assets/model/assetparametermodel.cpp
Examining data/kdenlive-20.08.3/src/assets/model/assetcommand.hpp
Examining data/kdenlive-20.08.3/src/assets/abstractassetsrepository.hpp
Examining data/kdenlive-20.08.3/src/assets/assetlist/view/qmltypes/asseticonprovider.cpp
Examining data/kdenlive-20.08.3/src/assets/assetlist/view/qmltypes/asseticonprovider.hpp
Examining data/kdenlive-20.08.3/src/assets/assetlist/view/assetlistwidget.hpp
Examining data/kdenlive-20.08.3/src/assets/assetlist/view/assetlistwidget.cpp
Examining data/kdenlive-20.08.3/src/assets/assetlist/model/assettreemodel.hpp
Examining data/kdenlive-20.08.3/src/assets/assetlist/model/assetfilter.hpp
Examining data/kdenlive-20.08.3/src/assets/assetlist/model/assetfilter.cpp
Examining data/kdenlive-20.08.3/src/assets/assetlist/model/assettreemodel.cpp
Examining data/kdenlive-20.08.3/src/assets/assetpanel.cpp
Examining data/kdenlive-20.08.3/src/effectslist/effectbasket.h
Examining data/kdenlive-20.08.3/src/effectslist/effectbasket.cpp
Examining data/kdenlive-20.08.3/src/jobs/jobmanager.h
Examining data/kdenlive-20.08.3/src/jobs/loadjob.cpp
Examining data/kdenlive-20.08.3/src/jobs/stabilizejob.hpp
Examining data/kdenlive-20.08.3/src/jobs/cutclipjob.cpp
Examining data/kdenlive-20.08.3/src/jobs/cachejob.cpp
Examining data/kdenlive-20.08.3/src/jobs/createclipjob.hpp
Examining data/kdenlive-20.08.3/src/jobs/transcodeclipjob.h
Examining data/kdenlive-20.08.3/src/jobs/audiothumbjob.hpp
Examining data/kdenlive-20.08.3/src/jobs/scenesplitjob.hpp
Examining data/kdenlive-20.08.3/src/jobs/thumbjob.hpp
Examining data/kdenlive-20.08.3/src/jobs/audiothumbjob.cpp
Examining data/kdenlive-20.08.3/src/jobs/abstractclipjob.cpp
Examining data/kdenlive-20.08.3/src/jobs/cutclipjob.h
Examining data/kdenlive-20.08.3/src/jobs/meltjob.h
Examining data/kdenlive-20.08.3/src/jobs/speedjob.cpp
Examining data/kdenlive-20.08.3/src/jobs/createclipjob.cpp
Examining data/kdenlive-20.08.3/src/jobs/stabilizejob.cpp
Examining data/kdenlive-20.08.3/src/jobs/speedjob.hpp
Examining data/kdenlive-20.08.3/src/jobs/scenesplitjob.cpp
Examining data/kdenlive-20.08.3/src/jobs/loadjob.hpp
Examining data/kdenlive-20.08.3/src/jobs/thumbjob.cpp
Examining data/kdenlive-20.08.3/src/jobs/filterjob.cpp
Examining data/kdenlive-20.08.3/src/jobs/proxyclipjob.h
Examining data/kdenlive-20.08.3/src/jobs/jobmanager.cpp
Examining data/kdenlive-20.08.3/src/jobs/filterjob.h
Examining data/kdenlive-20.08.3/src/jobs/transcodeclipjob.cpp
Examining data/kdenlive-20.08.3/src/jobs/cachejob.hpp
Examining data/kdenlive-20.08.3/src/jobs/meltjob.cpp
Examining data/kdenlive-20.08.3/src/jobs/filterclipjob.h
Examining data/kdenlive-20.08.3/src/jobs/abstractclipjob.h
Examining data/kdenlive-20.08.3/src/jobs/proxyclipjob.cpp
Examining data/kdenlive-20.08.3/src/jobs/filterclipjob.cpp
Examining data/kdenlive-20.08.3/src/widgets/colorpickerwidget.cpp
Examining data/kdenlive-20.08.3/src/widgets/dragvalue.h
Examining data/kdenlive-20.08.3/src/widgets/positionwidget.cpp
Examining data/kdenlive-20.08.3/src/widgets/positionwidget.h
Examining data/kdenlive-20.08.3/src/widgets/choosecolorwidget.cpp
Examining data/kdenlive-20.08.3/src/widgets/dragvalue.cpp
Examining data/kdenlive-20.08.3/src/widgets/geometrywidget.h
Examining data/kdenlive-20.08.3/src/widgets/doublewidget.h
Examining data/kdenlive-20.08.3/src/widgets/progressbutton.cpp
Examining data/kdenlive-20.08.3/src/widgets/geometrywidget.cpp
Examining data/kdenlive-20.08.3/src/widgets/choosecolorwidget.h
Examining data/kdenlive-20.08.3/src/widgets/progressbutton.h
Examining data/kdenlive-20.08.3/src/widgets/doublewidget.cpp
Examining data/kdenlive-20.08.3/src/widgets/colorpickerwidget.h
Examining data/kdenlive-20.08.3/src/interfaces.h
Examining data/kdenlive-20.08.3/src/statusbarmessagelabel.cpp
Examining data/kdenlive-20.08.3/src/timecode.cpp
Examining data/kdenlive-20.08.3/src/kdenlivecore_export.h
Examining data/kdenlive-20.08.3/src/mainwindow.h
Examining data/kdenlive-20.08.3/src/macros.hpp
Examining data/kdenlive-20.08.3/src/timecodedisplay.cpp
Examining data/kdenlive-20.08.3/src/mltconnection.cpp
Examining data/kdenlive-20.08.3/src/layoutmanagement.h
Examining data/kdenlive-20.08.3/src/effects/effectstack/view/collapsibleeffectview.cpp
Examining data/kdenlive-20.08.3/src/effects/effectstack/view/builtstack.cpp
Examining data/kdenlive-20.08.3/src/effects/effectstack/view/builtstack.hpp
Examining data/kdenlive-20.08.3/src/effects/effectstack/view/qml/colorwheelitem.cpp
Examining data/kdenlive-20.08.3/src/effects/effectstack/view/qml/colorwheelitem.h
Examining data/kdenlive-20.08.3/src/effects/effectstack/view/effectstackview.hpp
Examining data/kdenlive-20.08.3/src/effects/effectstack/view/abstractcollapsiblewidget.h
Examining data/kdenlive-20.08.3/src/effects/effectstack/view/effectstackview.cpp
Examining data/kdenlive-20.08.3/src/effects/effectstack/view/abstractcollapsiblewidget.cpp
Examining data/kdenlive-20.08.3/src/effects/effectstack/view/collapsibleeffectview.hpp
Examining data/kdenlive-20.08.3/src/effects/effectstack/model/effectitemmodel.hpp
Examining data/kdenlive-20.08.3/src/effects/effectstack/model/abstracteffectitem.cpp
Examining data/kdenlive-20.08.3/src/effects/effectstack/model/effectstackmodel.cpp
Examining data/kdenlive-20.08.3/src/effects/effectstack/model/abstracteffectitem.hpp
Examining data/kdenlive-20.08.3/src/effects/effectstack/model/effectgroupmodel.cpp
Examining data/kdenlive-20.08.3/src/effects/effectstack/model/effectgroupmodel.hpp
Examining data/kdenlive-20.08.3/src/effects/effectstack/model/effectitemmodel.cpp
Examining data/kdenlive-20.08.3/src/effects/effectstack/model/effectstackmodel.hpp
Examining data/kdenlive-20.08.3/src/effects/effectlist/view/effectlistwidget.cpp
Examining data/kdenlive-20.08.3/src/effects/effectlist/view/effectlistwidget.hpp
Examining data/kdenlive-20.08.3/src/effects/effectlist/model/effectfilter.hpp
Examining data/kdenlive-20.08.3/src/effects/effectlist/model/effecttreemodel.cpp
Examining data/kdenlive-20.08.3/src/effects/effectlist/model/effecttreemodel.hpp
Examining data/kdenlive-20.08.3/src/effects/effectlist/model/effectfilter.cpp
Examining data/kdenlive-20.08.3/src/effects/effectsrepository.hpp
Examining data/kdenlive-20.08.3/src/effects/effectsrepository.cpp
Examining data/kdenlive-20.08.3/src/timeline2/view/timelinewidget.cpp
Examining data/kdenlive-20.08.3/src/timeline2/view/timelinewidget.h
Examining data/kdenlive-20.08.3/src/timeline2/view/previewmanager.h
Examining data/kdenlive-20.08.3/src/timeline2/view/qml/timelineitems.h
Examining data/kdenlive-20.08.3/src/timeline2/view/qml/timelineitems.cpp
Examining data/kdenlive-20.08.3/src/timeline2/view/qmltypes/thumbnailprovider.h
Examining data/kdenlive-20.08.3/src/timeline2/view/qmltypes/thumbnailprovider.cpp
Examining data/kdenlive-20.08.3/src/timeline2/view/timelinecontroller.cpp
Examining data/kdenlive-20.08.3/src/timeline2/view/previewmanager.cpp
Examining data/kdenlive-20.08.3/src/timeline2/view/dialogs/tracksconfigdialog.cpp
Examining data/kdenlive-20.08.3/src/timeline2/view/dialogs/clipdurationdialog.cpp
Examining data/kdenlive-20.08.3/src/timeline2/view/dialogs/spacerdialog.cpp
Examining data/kdenlive-20.08.3/src/timeline2/view/dialogs/speeddialog.cpp
Examining data/kdenlive-20.08.3/src/timeline2/view/dialogs/tracksconfigdialog.h
Examining data/kdenlive-20.08.3/src/timeline2/view/dialogs/spacerdialog.h
Examining data/kdenlive-20.08.3/src/timeline2/view/dialogs/speeddialog.h
Examining data/kdenlive-20.08.3/src/timeline2/view/dialogs/clipdurationdialog.h
Examining data/kdenlive-20.08.3/src/timeline2/view/dialogs/trackdialog.h
Examining data/kdenlive-20.08.3/src/timeline2/view/dialogs/trackdialog.cpp
Examining data/kdenlive-20.08.3/src/timeline2/view/timelinecontroller.h
Examining data/kdenlive-20.08.3/src/timeline2/view/timelinetabs.cpp
Examining data/kdenlive-20.08.3/src/timeline2/view/timelinetabs.hpp
Examining data/kdenlive-20.08.3/src/timeline2/model/groupsmodel.cpp
Examining data/kdenlive-20.08.3/src/timeline2/model/clipmodel.cpp
Examining data/kdenlive-20.08.3/src/timeline2/model/clipmodel.hpp
Examining data/kdenlive-20.08.3/src/timeline2/model/trackmodel.cpp
Examining data/kdenlive-20.08.3/src/timeline2/model/compositionmodel.hpp
Examining data/kdenlive-20.08.3/src/timeline2/model/moveableItem.hpp
Examining data/kdenlive-20.08.3/src/timeline2/model/timelineitemmodel.hpp
Examining data/kdenlive-20.08.3/src/timeline2/model/clipsnapmodel.cpp
Examining data/kdenlive-20.08.3/src/timeline2/model/snapmodel.hpp
Examining data/kdenlive-20.08.3/src/timeline2/model/trackmodel.hpp
Examining data/kdenlive-20.08.3/src/timeline2/model/timelinefunctions.hpp
Examining data/kdenlive-20.08.3/src/timeline2/model/snapmodel.cpp
Examining data/kdenlive-20.08.3/src/timeline2/model/timelinemodel.hpp
Examining data/kdenlive-20.08.3/src/timeline2/model/compositionmodel.cpp
Examining data/kdenlive-20.08.3/src/timeline2/model/clipsnapmodel.hpp
Examining data/kdenlive-20.08.3/src/timeline2/model/builders/meltBuilder.cpp
Examining data/kdenlive-20.08.3/src/timeline2/model/builders/meltBuilder.hpp
Examining data/kdenlive-20.08.3/src/timeline2/model/timelineitemmodel.cpp
Examining data/kdenlive-20.08.3/src/timeline2/model/timelinefunctions.cpp
Examining data/kdenlive-20.08.3/src/timeline2/model/groupsmodel.hpp
Examining data/kdenlive-20.08.3/src/timeline2/model/timelinemodel.cpp
Examining data/kdenlive-20.08.3/src/project/cliptranscode.cpp
Examining data/kdenlive-20.08.3/src/project/transitionsettings.h
Examining data/kdenlive-20.08.3/src/project/notesplugin.h
Examining data/kdenlive-20.08.3/src/project/notesplugin.cpp
Examining data/kdenlive-20.08.3/src/project/projectcommands.cpp
Examining data/kdenlive-20.08.3/src/project/effectsettings.cpp
Examining data/kdenlive-20.08.3/src/project/invaliddialog.h
Examining data/kdenlive-20.08.3/src/project/clipstabilize.h
Examining data/kdenlive-20.08.3/src/project/clipstabilize.cpp
Examining data/kdenlive-20.08.3/src/project/invaliddialog.cpp
Examining data/kdenlive-20.08.3/src/project/dialogs/backupwidget.h
Examining data/kdenlive-20.08.3/src/project/dialogs/profilewidget.cpp
Examining data/kdenlive-20.08.3/src/project/dialogs/archivewidget.cpp
Examining data/kdenlive-20.08.3/src/project/dialogs/profilewidget.h
Examining data/kdenlive-20.08.3/src/project/dialogs/slideshowclip.cpp
Examining data/kdenlive-20.08.3/src/project/dialogs/backupwidget.cpp
Examining data/kdenlive-20.08.3/src/project/dialogs/temporarydata.h
Examining data/kdenlive-20.08.3/src/project/dialogs/projectsettings.cpp
Examining data/kdenlive-20.08.3/src/project/dialogs/projectsettings.h
Examining data/kdenlive-20.08.3/src/project/dialogs/temporarydata.cpp
Examining data/kdenlive-20.08.3/src/project/dialogs/noteswidget.h
Examining data/kdenlive-20.08.3/src/project/dialogs/slideshowclip.h
Examining data/kdenlive-20.08.3/src/project/dialogs/archivewidget.h
Examining data/kdenlive-20.08.3/src/project/dialogs/clipspeed.cpp
Examining data/kdenlive-20.08.3/src/project/dialogs/clipspeed.h
Examining data/kdenlive-20.08.3/src/project/dialogs/noteswidget.cpp
Examining data/kdenlive-20.08.3/src/project/projectmanager.h
Examining data/kdenlive-20.08.3/src/project/projectcommands.h
Examining data/kdenlive-20.08.3/src/project/effectsettings.h
Examining data/kdenlive-20.08.3/src/project/cliptranscode.h
Examining data/kdenlive-20.08.3/src/project/transitionsettings.cpp
Examining data/kdenlive-20.08.3/src/project/projectmanager.cpp
Examining data/kdenlive-20.08.3/src/transitions/transitionsrepository.hpp
Examining data/kdenlive-20.08.3/src/transitions/view/transitionparameterview.cpp
Examining data/kdenlive-20.08.3/src/transitions/view/transitionstackview.cpp
Examining data/kdenlive-20.08.3/src/transitions/view/transitionstackview.hpp
Examining data/kdenlive-20.08.3/src/transitions/view/transitionparameterview.hpp
Examining data/kdenlive-20.08.3/src/transitions/transitionlist/view/transitionlistwidget.cpp
Examining data/kdenlive-20.08.3/src/transitions/transitionlist/view/transitionlistwidget.hpp
Examining data/kdenlive-20.08.3/src/transitions/transitionlist/model/transitiontreemodel.hpp
Examining data/kdenlive-20.08.3/src/transitions/transitionlist/model/transitionfilter.cpp
Examining data/kdenlive-20.08.3/src/transitions/transitionlist/model/transitionfilter.hpp
Examining data/kdenlive-20.08.3/src/transitions/transitionlist/model/transitiontreemodel.cpp
Examining data/kdenlive-20.08.3/src/transitions/transitionsrepository.cpp
Examining data/kdenlive-20.08.3/src/audiomixer/audiolevelwidget.hpp
Examining data/kdenlive-20.08.3/src/audiomixer/mixermanager.cpp
Examining data/kdenlive-20.08.3/src/audiomixer/mixerwidget.cpp
Examining data/kdenlive-20.08.3/src/audiomixer/mixermanager.hpp
Examining data/kdenlive-20.08.3/src/audiomixer/audiolevelwidget.cpp
Examining data/kdenlive-20.08.3/src/audiomixer/mixerwidget.hpp
Examining data/kdenlive-20.08.3/src/layoutmanagement.cpp
Examining data/kdenlive-20.08.3/src/jogshuttle/jogaction.cpp
Examining data/kdenlive-20.08.3/src/jogshuttle/jogshuttleconfig.cpp
Examining data/kdenlive-20.08.3/src/jogshuttle/jogshuttle.h
Examining data/kdenlive-20.08.3/src/jogshuttle/jogshuttle.cpp
Examining data/kdenlive-20.08.3/src/jogshuttle/jogshuttleconfig.h
Examining data/kdenlive-20.08.3/src/jogshuttle/jogmanager.h
Examining data/kdenlive-20.08.3/src/jogshuttle/jogaction.h
Examining data/kdenlive-20.08.3/src/jogshuttle/jogmanager.cpp
Examining data/kdenlive-20.08.3/src/colortools.cpp
Examining data/kdenlive-20.08.3/src/timecode.h
Examining data/kdenlive-20.08.3/src/dockareaorientationmanager.h
Examining data/kdenlive-20.08.3/src/simplekeyframes/simplekeyframewidget.h
Examining data/kdenlive-20.08.3/src/simplekeyframes/simpletimelinewidget.h
Examining data/kdenlive-20.08.3/src/simplekeyframes/simplekeyframewidget.cpp
Examining data/kdenlive-20.08.3/src/simplekeyframes/simpletimelinewidget.cpp
Examining data/kdenlive-20.08.3/src/mainwindow.cpp
Examining data/kdenlive-20.08.3/src/lib/localeHandling.cpp
Examining data/kdenlive-20.08.3/src/lib/localeHandling.h
Examining data/kdenlive-20.08.3/src/lib/qtimerWithTime.h
Examining data/kdenlive-20.08.3/src/lib/qtimerWithTime.cpp
Examining data/kdenlive-20.08.3/src/lib/audio/audioStreamInfo.cpp
Examining data/kdenlive-20.08.3/src/lib/audio/audioCorrelation.cpp
Examining data/kdenlive-20.08.3/src/lib/audio/audioStreamInfo.h
Examining data/kdenlive-20.08.3/src/lib/audio/fftCorrelation.h
Examining data/kdenlive-20.08.3/src/lib/audio/audioCorrelationInfo.h
Examining data/kdenlive-20.08.3/src/lib/audio/fftCorrelation.cpp
Examining data/kdenlive-20.08.3/src/lib/audio/audioCorrelation.h
Examining data/kdenlive-20.08.3/src/lib/audio/fftTools.h
Examining data/kdenlive-20.08.3/src/lib/audio/audioEnvelope.h
Examining data/kdenlive-20.08.3/src/lib/audio/audioEnvelope.cpp
Examining data/kdenlive-20.08.3/src/lib/audio/audioCorrelationInfo.cpp
Examining data/kdenlive-20.08.3/src/lib/audio/audioInfo.cpp
Examining data/kdenlive-20.08.3/src/lib/audio/audioInfo.h
Examining data/kdenlive-20.08.3/src/lib/audio/fftTools.cpp
Examining data/kdenlive-20.08.3/src/lib/external/media_ctrl/mediactrl.c
Examining data/kdenlive-20.08.3/src/lib/external/media_ctrl/mediactrl.h
Examining data/kdenlive-20.08.3/src/lib/external/kiss_fft/kiss_fft.h
Examining data/kdenlive-20.08.3/src/lib/external/kiss_fft/_kiss_fft_guts.h
Examining data/kdenlive-20.08.3/src/lib/external/kiss_fft/tools/kiss_fftr.h
Examining data/kdenlive-20.08.3/src/lib/external/kiss_fft/tools/kiss_fastfir.c
Examining data/kdenlive-20.08.3/src/lib/external/kiss_fft/tools/kiss_fftndr.c
Examining data/kdenlive-20.08.3/src/lib/external/kiss_fft/tools/kiss_fftnd.h
Examining data/kdenlive-20.08.3/src/lib/external/kiss_fft/tools/psdpng.c
Examining data/kdenlive-20.08.3/src/lib/external/kiss_fft/tools/kiss_fftndr.h
Examining data/kdenlive-20.08.3/src/lib/external/kiss_fft/tools/kfc.c
Examining data/kdenlive-20.08.3/src/lib/external/kiss_fft/tools/kiss_fftr.c
Examining data/kdenlive-20.08.3/src/lib/external/kiss_fft/tools/fftutil.c
Examining data/kdenlive-20.08.3/src/lib/external/kiss_fft/tools/kfc.h
Examining data/kdenlive-20.08.3/src/lib/external/kiss_fft/tools/kiss_fftnd.c
Examining data/kdenlive-20.08.3/src/lib/external/kiss_fft/kiss_fft.c
Examining data/kdenlive-20.08.3/src/hidetitlebars.cpp
Examining data/kdenlive-20.08.3/src/colortools.h
Examining data/kdenlive-20.08.3/src/scopes/scopemanager.h
Examining data/kdenlive-20.08.3/src/scopes/abstractscopewidget.cpp
Examining data/kdenlive-20.08.3/src/scopes/colorscopes/waveform.cpp
Examining data/kdenlive-20.08.3/src/scopes/colorscopes/abstractgfxscopewidget.cpp
Examining data/kdenlive-20.08.3/src/scopes/colorscopes/histogram.cpp
Examining data/kdenlive-20.08.3/src/scopes/colorscopes/waveformgenerator.cpp
Examining data/kdenlive-20.08.3/src/scopes/colorscopes/rgbparadegenerator.cpp
Examining data/kdenlive-20.08.3/src/scopes/colorscopes/colorconstants.h
Examining data/kdenlive-20.08.3/src/scopes/colorscopes/colorplaneexport.cpp
Examining data/kdenlive-20.08.3/src/scopes/colorscopes/rgbparade.cpp
Examining data/kdenlive-20.08.3/src/scopes/colorscopes/histogramgenerator.cpp
Examining data/kdenlive-20.08.3/src/scopes/colorscopes/colorplaneexport.h
Examining data/kdenlive-20.08.3/src/scopes/colorscopes/histogramgenerator.h
Examining data/kdenlive-20.08.3/src/scopes/colorscopes/histogram.h
Examining data/kdenlive-20.08.3/src/scopes/colorscopes/vectorscopegenerator.h
Examining data/kdenlive-20.08.3/src/scopes/colorscopes/abstractgfxscopewidget.h
Examining data/kdenlive-20.08.3/src/scopes/colorscopes/waveformgenerator.h
Examining data/kdenlive-20.08.3/src/scopes/colorscopes/waveform.h
Examining data/kdenlive-20.08.3/src/scopes/colorscopes/vectorscopegenerator.cpp
Examining data/kdenlive-20.08.3/src/scopes/colorscopes/rgbparadegenerator.h
Examining data/kdenlive-20.08.3/src/scopes/colorscopes/rgbparade.h
Examining data/kdenlive-20.08.3/src/scopes/colorscopes/vectorscope.cpp
Examining data/kdenlive-20.08.3/src/scopes/colorscopes/vectorscope.h
Examining data/kdenlive-20.08.3/src/scopes/scopemanager.cpp
Examining data/kdenlive-20.08.3/src/scopes/audioscopes/spectrogram.cpp
Examining data/kdenlive-20.08.3/src/scopes/audioscopes/abstractaudioscopewidget.cpp
Examining data/kdenlive-20.08.3/src/scopes/audioscopes/audiospectrum.cpp
Examining data/kdenlive-20.08.3/src/scopes/audioscopes/audiospectrum.h
Examining data/kdenlive-20.08.3/src/scopes/audioscopes/audiosignal.cpp
Examining data/kdenlive-20.08.3/src/scopes/audioscopes/audiosignal.h
Examining data/kdenlive-20.08.3/src/scopes/audioscopes/abstractaudioscopewidget.h
Examining data/kdenlive-20.08.3/src/scopes/audioscopes/spectrogram.h
Examining data/kdenlive-20.08.3/src/scopes/abstractscopewidget.h
Examining data/kdenlive-20.08.3/src/definitions.h
Examining data/kdenlive-20.08.3/src/profiles/profilerepository.cpp
Examining data/kdenlive-20.08.3/src/profiles/tree/profiletreemodel.cpp
Examining data/kdenlive-20.08.3/src/profiles/tree/profiletreemodel.hpp
Examining data/kdenlive-20.08.3/src/profiles/tree/profilefilter.cpp
Examining data/kdenlive-20.08.3/src/profiles/tree/profilefilter.hpp
Examining data/kdenlive-20.08.3/src/profiles/profileinfo.cpp
Examining data/kdenlive-20.08.3/src/profiles/profilemodel.hpp
Examining data/kdenlive-20.08.3/src/profiles/profilemodel.cpp
Examining data/kdenlive-20.08.3/src/profiles/profilerepository.hpp
Examining data/kdenlive-20.08.3/src/profiles/profileinfo.hpp
Examining data/kdenlive-20.08.3/src/dockareaorientationmanager.cpp
Examining data/kdenlive-20.08.3/src/utils/archiveorg.h
Examining data/kdenlive-20.08.3/src/utils/thememanager.cpp
Examining data/kdenlive-20.08.3/src/utils/thumbnailcache.cpp
Examining data/kdenlive-20.08.3/src/utils/clipboardproxy.cpp
Examining data/kdenlive-20.08.3/src/utils/openclipart.h
Examining data/kdenlive-20.08.3/src/utils/freesound.h
Examining data/kdenlive-20.08.3/src/utils/openclipart.cpp
Examining data/kdenlive-20.08.3/src/utils/thumbnailcache.hpp
Examining data/kdenlive-20.08.3/src/utils/thememanager.h
Examining data/kdenlive-20.08.3/src/utils/flowlayout.h
Examining data/kdenlive-20.08.3/src/utils/flowlayout.cpp
Examining data/kdenlive-20.08.3/src/utils/archiveorg.cpp
Examining data/kdenlive-20.08.3/src/utils/otioconvertions.h
Examining data/kdenlive-20.08.3/src/utils/abstractservice.h
Examining data/kdenlive-20.08.3/src/utils/devices.cpp
Examining data/kdenlive-20.08.3/src/utils/resourcewidget.cpp
Examining data/kdenlive-20.08.3/src/utils/abstractservice.cpp
Examining data/kdenlive-20.08.3/src/utils/devices.hpp
Examining data/kdenlive-20.08.3/src/utils/clipboardproxy.hpp
Examining data/kdenlive-20.08.3/src/utils/otioconvertions.cpp
Examining data/kdenlive-20.08.3/src/utils/resourcewidget.h
Examining data/kdenlive-20.08.3/src/utils/freesound.cpp
Examining data/kdenlive-20.08.3/src/qt-oauth-lib/oauth2.h
Examining data/kdenlive-20.08.3/src/qt-oauth-lib/logindialog.h
Examining data/kdenlive-20.08.3/src/qt-oauth-lib/oauth2.cpp
Examining data/kdenlive-20.08.3/src/qt-oauth-lib/logindialog.cpp
Examining data/kdenlive-20.08.3/src/main.cpp
Examining data/kdenlive-20.08.3/src/dialogs/renderwidget.cpp
Examining data/kdenlive-20.08.3/src/dialogs/clipcreationdialog.h
Examining data/kdenlive-20.08.3/src/dialogs/splash.cpp
Examining data/kdenlive-20.08.3/src/dialogs/markerdialog.h
Examining data/kdenlive-20.08.3/src/dialogs/wizard.h
Examining data/kdenlive-20.08.3/src/dialogs/encodingprofilesdialog.cpp
Examining data/kdenlive-20.08.3/src/dialogs/renderwidget.h
Examining data/kdenlive-20.08.3/src/dialogs/markerdialog.cpp
Examining data/kdenlive-20.08.3/src/dialogs/titletemplatedialog.cpp
Examining data/kdenlive-20.08.3/src/dialogs/profilesdialog.cpp
Examining data/kdenlive-20.08.3/src/dialogs/kdenlivesettingsdialog.cpp
Examining data/kdenlive-20.08.3/src/dialogs/clipcreationdialog.cpp
Examining data/kdenlive-20.08.3/src/dialogs/encodingprofilesdialog.h
Examining data/kdenlive-20.08.3/src/dialogs/kdenlivesettingsdialog.h
Examining data/kdenlive-20.08.3/src/dialogs/wizard.cpp
Examining data/kdenlive-20.08.3/src/dialogs/titletemplatedialog.h
Examining data/kdenlive-20.08.3/src/dialogs/splash.hpp
Examining data/kdenlive-20.08.3/src/dialogs/profilesdialog.h
Examining data/kdenlive-20.08.3/src/xml/xml.hpp
Examining data/kdenlive-20.08.3/src/xml/xml.cpp
Examining data/kdenlive-20.08.3/src/undohelper.cpp
Examining data/kdenlive-20.08.3/src/timecodedisplay.h
Examining data/kdenlive-20.08.3/src/statusbarmessagelabel.h
Examining data/kdenlive-20.08.3/src/capture/mediacapture.h
Examining data/kdenlive-20.08.3/src/capture/managecapturesdialog.cpp
Examining data/kdenlive-20.08.3/src/capture/mltdevicecapture.cpp
Examining data/kdenlive-20.08.3/src/capture/v4lcapture.cpp
Examining data/kdenlive-20.08.3/src/capture/mediacapture.cpp
Examining data/kdenlive-20.08.3/src/capture/managecapturesdialog.h
Examining data/kdenlive-20.08.3/src/capture/mltdevicecapture.h
Examining data/kdenlive-20.08.3/src/capture/v4lcapture.h
Examining data/kdenlive-20.08.3/src/undohelper.hpp
Examining data/kdenlive-20.08.3/src/logger.cpp
Examining data/kdenlive-20.08.3/src/doc/docundostack.hpp
Examining data/kdenlive-20.08.3/src/doc/kthumb.h
Examining data/kdenlive-20.08.3/src/doc/kthumb.cpp
Examining data/kdenlive-20.08.3/src/doc/documentvalidator.h
Examining data/kdenlive-20.08.3/src/doc/docundostack.cpp
Examining data/kdenlive-20.08.3/src/doc/documentchecker.h
Examining data/kdenlive-20.08.3/src/doc/documentvalidator.cpp
Examining data/kdenlive-20.08.3/src/doc/documentchecker.cpp
Examining data/kdenlive-20.08.3/src/doc/kdenlivedoc.h
Examining data/kdenlive-20.08.3/src/doc/kdenlivedoc.cpp
Examining data/kdenlive-20.08.3/src/bin/bin.cpp
Examining data/kdenlive-20.08.3/src/bin/bin.h
Examining data/kdenlive-20.08.3/src/bin/projectsubclip.h
Examining data/kdenlive-20.08.3/src/bin/projectclip.cpp
Examining data/kdenlive-20.08.3/src/bin/projectsubclip.cpp
Examining data/kdenlive-20.08.3/src/bin/filewatcher.cpp
Examining data/kdenlive-20.08.3/src/bin/projectsortproxymodel.h
Examining data/kdenlive-20.08.3/src/bin/projectitemmodel.cpp
Examining data/kdenlive-20.08.3/src/bin/clipcreator.hpp
Examining data/kdenlive-20.08.3/src/bin/projectfolder.cpp
Examining data/kdenlive-20.08.3/src/bin/filewatcher.hpp
Examining data/kdenlive-20.08.3/src/bin/binplaylist.hpp
Examining data/kdenlive-20.08.3/src/bin/clipcreator.cpp
Examining data/kdenlive-20.08.3/src/bin/projectsortproxymodel.cpp
Examining data/kdenlive-20.08.3/src/bin/projectfolder.h
Examining data/kdenlive-20.08.3/src/bin/bincommands.cpp
Examining data/kdenlive-20.08.3/src/bin/model/markerlistmodel.hpp
Examining data/kdenlive-20.08.3/src/bin/model/markerlistmodel.cpp
Examining data/kdenlive-20.08.3/src/bin/abstractprojectitem.h
Examining data/kdenlive-20.08.3/src/bin/generators/generators.h
Examining data/kdenlive-20.08.3/src/bin/generators/generators.cpp
Examining data/kdenlive-20.08.3/src/bin/tagwidget.cpp
Examining data/kdenlive-20.08.3/src/bin/tagwidget.hpp
Examining data/kdenlive-20.08.3/src/bin/bincommands.h
Examining data/kdenlive-20.08.3/src/bin/binplaylist.cpp
Examining data/kdenlive-20.08.3/src/bin/projectitemmodel.h
Examining data/kdenlive-20.08.3/src/bin/abstractprojectitem.cpp
Examining data/kdenlive-20.08.3/src/bin/projectclip.h
Examining data/kdenlive-20.08.3/src/gentime.h
Examining data/kdenlive-20.08.3/src/mltconnection.h
Examining data/kdenlive-20.08.3/src/dvdwizard/dvdwizardmenu.h
Examining data/kdenlive-20.08.3/src/dvdwizard/dvdwizard.h
Examining data/kdenlive-20.08.3/src/dvdwizard/dvdwizardchapters.h
Examining data/kdenlive-20.08.3/src/dvdwizard/dvdwizardchapters.cpp
Examining data/kdenlive-20.08.3/src/dvdwizard/dvdwizardmenu.cpp
Examining data/kdenlive-20.08.3/src/dvdwizard/dvdwizardvob.cpp
Examining data/kdenlive-20.08.3/src/dvdwizard/dvdwizard.cpp
Examining data/kdenlive-20.08.3/src/dvdwizard/dvdwizardvob.h
Examining data/kdenlive-20.08.3/src/hidetitlebars.h
Examining data/kdenlive-20.08.3/src/definitions.cpp
Examining data/kdenlive-20.08.3/src/monitor/monitor.cpp
Examining data/kdenlive-20.08.3/src/monitor/monitorproxy.cpp
Examining data/kdenlive-20.08.3/src/monitor/monitormanager.cpp
Examining data/kdenlive-20.08.3/src/monitor/recmanager.cpp
Examining data/kdenlive-20.08.3/src/monitor/monitorproxy.h
Examining data/kdenlive-20.08.3/src/monitor/abstractmonitor.h
Examining data/kdenlive-20.08.3/src/monitor/monitor.h
Examining data/kdenlive-20.08.3/src/monitor/glwidget.h
Examining data/kdenlive-20.08.3/src/monitor/scopes/sharedframe.h
Examining data/kdenlive-20.08.3/src/monitor/scopes/scopewidget.cpp
Examining data/kdenlive-20.08.3/src/monitor/scopes/audiographspectrum.cpp
Examining data/kdenlive-20.08.3/src/monitor/scopes/scopewidget.h
Examining data/kdenlive-20.08.3/src/monitor/scopes/sharedframe.cpp
Examining data/kdenlive-20.08.3/src/monitor/scopes/audiographspectrum.h
Examining data/kdenlive-20.08.3/src/monitor/scopes/dataqueue.h
Examining data/kdenlive-20.08.3/src/monitor/scopes/monitoraudiolevel.h
Examining data/kdenlive-20.08.3/src/monitor/scopes/monitoraudiolevel.cpp
Examining data/kdenlive-20.08.3/src/monitor/abstractmonitor.cpp
Examining data/kdenlive-20.08.3/src/monitor/qmlmanager.h
Examining data/kdenlive-20.08.3/src/monitor/glwidget.cpp
Examining data/kdenlive-20.08.3/src/monitor/monitormanager.h
Examining data/kdenlive-20.08.3/src/monitor/qmlmanager.cpp
Examining data/kdenlive-20.08.3/src/monitor/recmanager.h
Examining data/kdenlive-20.08.3/src/abstractmodel/abstracttreemodel.hpp
Examining data/kdenlive-20.08.3/src/abstractmodel/abstracttreemodel.cpp
Examining data/kdenlive-20.08.3/src/abstractmodel/treeitem.hpp
Examining data/kdenlive-20.08.3/src/abstractmodel/treeitem.cpp
Examining data/kdenlive-20.08.3/src/audiospectrum/audiographspectrum.cpp
Examining data/kdenlive-20.08.3/src/audiospectrum/audiographspectrum.h
Examining data/kdenlive-20.08.3/src/audiospectrum/iecscale.h
Examining data/kdenlive-20.08.3/src/logger.hpp
Examining data/kdenlive-20.08.3/src/mltcontroller/clippropertiescontroller.h
Examining data/kdenlive-20.08.3/src/mltcontroller/clipcontroller.h
Examining data/kdenlive-20.08.3/src/mltcontroller/clippropertiescontroller.cpp
Examining data/kdenlive-20.08.3/src/mltcontroller/clipcontroller.cpp
Examining data/kdenlive-20.08.3/src/core.cpp
Examining data/kdenlive-20.08.3/src/gentime.cpp
Examining data/kdenlive-20.08.3/plugins/sampleplugin/sampleplugin.h
Examining data/kdenlive-20.08.3/plugins/sampleplugin/sampleplugin.cpp
FINAL RESULTS:
data/kdenlive-20.08.3/src/mltcontroller/clippropertiescontroller.cpp:1359:33: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QLocale locale(QLocale::system()); // use the user's locale for getting proper separators!
data/kdenlive-20.08.3/src/lib/external/kiss_fft/tools/fftutil.c:162:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c=getopt(argc,argv,"n:iR");
data/kdenlive-20.08.3/src/lib/external/kiss_fft/tools/kiss_fastfir.c:363:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c=getopt(argc,argv,"n:h:i:o:vd");
data/kdenlive-20.08.3/src/lib/external/kiss_fft/tools/psdpng.c:39:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt (argc, argv, "n:r:as");
data/kdenlive-20.08.3/tests/catch.hpp:9704:18: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand( config.rngSeed() );
data/kdenlive-20.08.3/fuzzer/fakeit_standalone.hpp:5369:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8];
data/kdenlive-20.08.3/fuzzer/fakeit_standalone.hpp:5819:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char instanceArea[SIZE ? SIZE : 0];
data/kdenlive-20.08.3/fuzzer/main_fuzzer.cpp:31:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[1] = {"fuzz"};
data/kdenlive-20.08.3/renderer/renderjob.cpp:68:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!m_logfile.open(QIODevice::WriteOnly | QIODevice::Text)) {
data/kdenlive-20.08.3/src/assets/model/assetparametermodel.cpp:766:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (loadFile.open(QIODevice::ReadOnly)) {
data/kdenlive-20.08.3/src/assets/model/assetparametermodel.cpp:794:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!loadFile.open(QIODevice::WriteOnly)) {
data/kdenlive-20.08.3/src/assets/model/assetparametermodel.cpp:816:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (loadFile.open(QIODevice::ReadOnly)) {
data/kdenlive-20.08.3/src/assets/model/assetparametermodel.cpp:841:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!loadFile.open(QIODevice::WriteOnly)) {
data/kdenlive-20.08.3/src/assets/model/assetparametermodel.cpp:853:39: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (loadFile.exists() && loadFile.open(QIODevice::ReadOnly)) {
data/kdenlive-20.08.3/src/assets/model/assetparametermodel.cpp:879:39: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (loadFile.exists() && loadFile.open(QIODevice::ReadOnly)) {
data/kdenlive-20.08.3/src/bin/bin.cpp:1503:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::WriteOnly | QIODevice::Text)) {
data/kdenlive-20.08.3/src/bin/bin.cpp:1786:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::WriteOnly | QIODevice::Text)) {
data/kdenlive-20.08.3/src/bin/clipcreator.cpp:109:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (txtfile.open(QIODevice::ReadOnly) && txtdoc.setContent(&txtfile)) {
data/kdenlive-20.08.3/src/bin/clipcreator.cpp:193:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (txtfile.open(QIODevice::ReadOnly) && titledoc.setContent(&txtfile)) {
data/kdenlive-20.08.3/src/bin/projectclip.cpp:979:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) { // write size and hash only if resource points to a file
data/kdenlive-20.08.3/src/capture/mltdevicecapture.cpp:215:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(qimage.bits(), image, (size_t)(width * height * 3));
data/kdenlive-20.08.3/src/capture/mltdevicecapture.cpp:226:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(qimage.scanLine(0), image, static_cast<size_t>(width * height * 3));
data/kdenlive-20.08.3/src/capture/mltdevicecapture.cpp:252:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sampleVector.data(), data, (size_t)(samples * num_channels) * sizeof(qint16));
data/kdenlive-20.08.3/src/capture/mltdevicecapture.cpp:310:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(qimage.bits(), image, static_cast<size_t>(width * height * 3));
data/kdenlive-20.08.3/src/capture/v4lcapture.cpp:42:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(src, O_RDWR | O_NONBLOCK);
data/kdenlive-20.08.3/src/capture/v4lcapture.cpp:87:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[200];
data/kdenlive-20.08.3/src/dialogs/kdenlivesettingsdialog.cpp:639:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/kdenlive-20.08.3/src/dialogs/renderwidget.cpp:724:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly | QIODevice::Text)) {
data/kdenlive-20.08.3/src/dialogs/renderwidget.cpp:959:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly | QIODevice::Text)) {
data/kdenlive-20.08.3/src/dialogs/renderwidget.cpp:1015:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly | QIODevice::Text)) {
data/kdenlive-20.08.3/src/dialogs/renderwidget.cpp:1201:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tmp.open()) {
data/kdenlive-20.08.3/src/dialogs/renderwidget.cpp:1249:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly | QIODevice::Text)) {
data/kdenlive-20.08.3/src/dialogs/renderwidget.cpp:1595:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly | QIODevice::Text)) {
data/kdenlive-20.08.3/src/dialogs/renderwidget.cpp:2259:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly | QIODevice::Text)) {
data/kdenlive-20.08.3/src/dialogs/renderwidget.cpp:2872:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tmp.open()) {
data/kdenlive-20.08.3/src/dialogs/renderwidget.cpp:2879:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly | QIODevice::Text)) {
data/kdenlive-20.08.3/src/dialogs/wizard.cpp:765:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!packageFile.open(QIODevice::WriteOnly)) {
data/kdenlive-20.08.3/src/dialogs/wizard.cpp:966:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tmp.open()) {
data/kdenlive-20.08.3/src/dialogs/wizard.cpp:1009:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tmp2.open()) {
data/kdenlive-20.08.3/src/doc/documentchecker.cpp:977:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) {
data/kdenlive-20.08.3/src/doc/kdenlivedoc.cpp:134:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/kdenlive-20.08.3/src/doc/kdenlivedoc.cpp:159:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/kdenlive-20.08.3/src/doc/kdenlivedoc.cpp:441:51: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!m_autosave->isOpen() && !m_autosave->open(QIODevice::ReadWrite)) {
data/kdenlive-20.08.3/src/doc/kdenlivedoc.cpp:614:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly | QIODevice::Text)) {
data/kdenlive-20.08.3/src/doc/kdenlivedoc.cpp:801:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) {
data/kdenlive-20.08.3/src/doc/kdenlivedoc.cpp:931:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QFile::WriteOnly | QFile::Truncate)) {
data/kdenlive-20.08.3/src/doc/kdenlivedoc.cpp:999:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/kdenlive-20.08.3/src/doc/kthumb.cpp:116:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp.scanLine(0), imagedata, (unsigned)(ow * oh * 4));
data/kdenlive-20.08.3/src/dvdwizard/dvdwizard.cpp:205:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_selectedImage.open();
data/kdenlive-20.08.3/src/dvdwizard/dvdwizard.cpp:206:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_selectedLetterImage.open();
data/kdenlive-20.08.3/src/dvdwizard/dvdwizard.cpp:207:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_highlightedImage.open();
data/kdenlive-20.08.3/src/dvdwizard/dvdwizard.cpp:208:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_highlightedLetterImage.open();
data/kdenlive-20.08.3/src/dvdwizard/dvdwizard.cpp:212:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_menuImageBackground.open();
data/kdenlive-20.08.3/src/dvdwizard/dvdwizard.cpp:215:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_menuVideo.open();
data/kdenlive-20.08.3/src/dvdwizard/dvdwizard.cpp:217:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_menuFinalVideo.open();
data/kdenlive-20.08.3/src/dvdwizard/dvdwizard.cpp:222:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_letterboxMovie.open();
data/kdenlive-20.08.3/src/dvdwizard/dvdwizard.cpp:227:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_menuFile.open();
data/kdenlive-20.08.3/src/dvdwizard/dvdwizard.cpp:232:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_menuVobFile.open();
data/kdenlive-20.08.3/src/dvdwizard/dvdwizard.cpp:237:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_authorFile.open();
data/kdenlive-20.08.3/src/dvdwizard/dvdwizard.cpp:359:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (menuFile.open(QFile::WriteOnly)) {
data/kdenlive-20.08.3/src/dvdwizard/dvdwizard.cpp:465:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (menuFile.open(QFile::WriteOnly)) {
data/kdenlive-20.08.3/src/dvdwizard/dvdwizard.cpp:670:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (data2.open(QFile::WriteOnly)) {
data/kdenlive-20.08.3/src/dvdwizard/dvdwizard.cpp:993:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly | QIODevice::Text)) {
data/kdenlive-20.08.3/src/dvdwizard/dvdwizardvob.cpp:377:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) {
data/kdenlive-20.08.3/src/effects/effectsrepository.cpp:167:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (effectFile.open(QIODevice::WriteOnly | QIODevice::Text)) {
data/kdenlive-20.08.3/src/effects/effectsrepository.cpp:379:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QFile::WriteOnly | QFile::Truncate)) {
data/kdenlive-20.08.3/src/effects/effectstack/view/collapsibleeffectview.cpp:473:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QFile::WriteOnly | QFile::Truncate)) {
data/kdenlive-20.08.3/src/effects/effectstack/view/effectstackview.cpp:493:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QFile::WriteOnly | QFile::Truncate)) {
data/kdenlive-20.08.3/src/jobs/audiothumbjob.cpp:172:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!channelTmpfile->open()) {
data/kdenlive-20.08.3/src/jobs/audiothumbjob.cpp:234:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
channelFile->open();
data/kdenlive-20.08.3/src/jobs/loadjob.cpp:298:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (txtfile.open(QIODevice::ReadOnly) && txtdoc.setContent(&txtfile)) {
data/kdenlive-20.08.3/src/jobs/loadjob.cpp:525:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char property[200];
data/kdenlive-20.08.3/src/jobs/proxyclipjob.cpp:81:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (playlist->open()) {
data/kdenlive-20.08.3/src/lib/audio/audioStreamInfo.cpp:34:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char property[200];
data/kdenlive-20.08.3/src/lib/audio/fftTools.cpp:204:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mFile.open("/tmp/freq.m");
data/kdenlive-20.08.3/src/lib/external/kiss_fft/kiss_fft.c:380:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fout, tmpbuf, sizeof(kiss_fft_cpx) * st->nfft);
data/kdenlive-20.08.3/src/lib/external/kiss_fft/tools/fftutil.c:144:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dims[ndims++] = atoi(arg);
data/kdenlive-20.08.3/src/lib/external/kiss_fft/tools/fftutil.c:182:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(argv[optind],"rb");
data/kdenlive-20.08.3/src/lib/external/kiss_fft/tools/fftutil.c:188:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(argv[optind],"wb");
data/kdenlive-20.08.3/src/lib/external/kiss_fft/tools/kiss_fastfir.c:206:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(st->tmpbuf,inbuf,sizeof(kffsamp_t)*n );
data/kdenlive-20.08.3/src/lib/external/kiss_fft/tools/kiss_fastfir.c:210:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuf,st->tmpbuf,sizeof(kffsamp_t)*( st->ngood - zpad ));
data/kdenlive-20.08.3/src/lib/external/kiss_fft/tools/kiss_fastfir.c:228:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( inbuf , inbuf+nwritten , *offset * sizeof(kffsamp_t) );
data/kdenlive-20.08.3/src/lib/external/kiss_fft/tools/kiss_fastfir.c:370:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nfft=atoi(optarg);
data/kdenlive-20.08.3/src/lib/external/kiss_fft/tools/kiss_fastfir.c:373:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(optarg,"rb");
data/kdenlive-20.08.3/src/lib/external/kiss_fft/tools/kiss_fastfir.c:380:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(optarg,"w+b");
data/kdenlive-20.08.3/src/lib/external/kiss_fft/tools/kiss_fastfir.c:387:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
filtfile = fopen(optarg,"rb");
data/kdenlive-20.08.3/src/lib/external/kiss_fft/tools/kiss_fftnd.c:169:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( st->tmpbuf, fin, sizeof(kiss_fft_cpx) * st->dimprod );
data/kdenlive-20.08.3/src/lib/external/kiss_fft/tools/psdpng.c:43:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'n': nfft=(int)atoi(optarg);break;
data/kdenlive-20.08.3/src/lib/external/kiss_fft/tools/psdpng.c:44:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'r': navg=(int)atoi(optarg);break;
data/kdenlive-20.08.3/src/lib/external/kiss_fft/tools/psdpng.c:63:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(argv[optind],"rb");
data/kdenlive-20.08.3/src/lib/external/kiss_fft/tools/psdpng.c:69:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(argv[optind],"wb");
data/kdenlive-20.08.3/src/lib/external/media_ctrl/mediactrl.c:353:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/kdenlive-20.08.3/src/lib/external/media_ctrl/mediactrl.c:357:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "/dev/input/event%d", i);
data/kdenlive-20.08.3/src/lib/external/media_ctrl/mediactrl.c:358:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(buf, O_RDONLY);
data/kdenlive-20.08.3/src/lib/external/media_ctrl/mediactrl.c:388:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(devname, O_RDONLY);
data/kdenlive-20.08.3/src/logger.cpp:286:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fuzz_file.open("fuzz_case_" + std::to_string(dump_count) + ".txt");
data/kdenlive-20.08.3/src/logger.cpp:288:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
test_file.open("test_case_" + std::to_string(dump_count) + ".cpp");
data/kdenlive-20.08.3/src/mltcontroller/clippropertiescontroller.cpp:1276:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char property[200];
data/kdenlive-20.08.3/src/mltcontroller/clippropertiescontroller.cpp:1435:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly | QIODevice::Text)) {
data/kdenlive-20.08.3/src/mltcontroller/clippropertiescontroller.cpp:1460:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/kdenlive-20.08.3/src/mltcontroller/clippropertiescontroller.cpp:1577:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/kdenlive-20.08.3/src/monitor/scopes/sharedframe.cpp:91:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy, data, (unsigned)size);
data/kdenlive-20.08.3/src/monitor/scopes/sharedframe.cpp:107:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy, data, (unsigned)size);
data/kdenlive-20.08.3/src/monitor/scopes/sharedframe.cpp:122:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy, data, (unsigned)size);
data/kdenlive-20.08.3/src/profiles/profilerepository.cpp:183:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly)) {
data/kdenlive-20.08.3/src/project/dialogs/archivewidget.cpp:284:59: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!m_extractArchive->isOpen() && !m_extractArchive->open(QIODevice::ReadOnly)) {
data/kdenlive-20.08.3/src/project/dialogs/archivewidget.cpp:878:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!m_temp->open()) {
data/kdenlive-20.08.3/src/project/dialogs/archivewidget.cpp:897:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly | QIODevice::Text)) {
data/kdenlive-20.08.3/src/project/dialogs/archivewidget.cpp:934:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
archive->open(QIODevice::WriteOnly);
data/kdenlive-20.08.3/src/project/dialogs/archivewidget.cpp:1050:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/kdenlive-20.08.3/src/project/dialogs/archivewidget.cpp:1059:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly | QIODevice::Text)) {
data/kdenlive-20.08.3/src/project/dialogs/projectsettings.cpp:577:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/kdenlive-20.08.3/src/project/dialogs/projectsettings.cpp:687:20: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
QTemporaryFile tmpfile;
data/kdenlive-20.08.3/src/project/dialogs/projectsettings.cpp:688:10: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (!tmpfile.open()) {
data/kdenlive-20.08.3/src/project/dialogs/projectsettings.cpp:688:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tmpfile.open()) {
data/kdenlive-20.08.3/src/project/dialogs/projectsettings.cpp:689:76: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
qCWarning(KDENLIVE_LOG) << "///// CANNOT CREATE TMP FILE in: " << tmpfile.fileName();
data/kdenlive-20.08.3/src/project/dialogs/projectsettings.cpp:692:16: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
QFile xmlf(tmpfile.fileName());
data/kdenlive-20.08.3/src/project/dialogs/projectsettings.cpp:693:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!xmlf.open(QIODevice::WriteOnly)) {
data/kdenlive-20.08.3/src/project/dialogs/projectsettings.cpp:702:68: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
KIO::FileCopyJob *copyjob = KIO::file_copy(QUrl::fromLocalFile(tmpfile.fileName()), QUrl::fromLocalFile(savePath));
data/kdenlive-20.08.3/src/project/projectmanager.cpp:75:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QAction *a = KStandardAction::open(this, SLOT(openFile()), pCore->window()->actionCollection());
data/kdenlive-20.08.3/src/project/projectmanager.cpp:369:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::ReadWrite | QIODevice::Text);
data/kdenlive-20.08.3/src/project/projectmanager.cpp:442:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (stale->open(QIODevice::QIODevice::ReadWrite)) {
data/kdenlive-20.08.3/src/project/projectmanager.cpp:461:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stale->open(QIODevice::ReadWrite);
data/kdenlive-20.08.3/src/project/projectmanager.cpp:1003:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tmpFile.open()) {
data/kdenlive-20.08.3/src/project/projectmanager.cpp:1064:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly | QIODevice::Text)) {
data/kdenlive-20.08.3/src/scopes/audioscopes/audiospectrum.cpp:219:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_lastFFT.data(), &(freqSpectrum[0]), (uint)fftWindow / 2 * sizeof(float));
data/kdenlive-20.08.3/src/scopes/audioscopes/spectrogram.cpp:333:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(spectrumVector.data(), &freqSpectrum[0], (uint)fftWindow / 2 * sizeof(float));
data/kdenlive-20.08.3/src/titler/titledocument.cpp:58:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) {
data/kdenlive-20.08.3/src/titler/titledocument.cpp:120:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f.open(QIODevice::WriteOnly)) {
data/kdenlive-20.08.3/src/titler/titledocument.cpp:343:20: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
QTemporaryFile tmpfile;
data/kdenlive-20.08.3/src/titler/titledocument.cpp:344:10: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (!tmpfile.open()) {
data/kdenlive-20.08.3/src/titler/titledocument.cpp:344:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tmpfile.open()) {
data/kdenlive-20.08.3/src/titler/titledocument.cpp:345:76: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
qCWarning(KDENLIVE_LOG) << "///// CANNOT CREATE TMP FILE in: " << tmpfile.fileName();
data/kdenlive-20.08.3/src/titler/titledocument.cpp:348:16: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
QFile xmlf(tmpfile.fileName());
data/kdenlive-20.08.3/src/titler/titledocument.cpp:349:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!xmlf.open(QIODevice::WriteOnly)) {
data/kdenlive-20.08.3/src/titler/titledocument.cpp:358:68: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
KIO::FileCopyJob *copyjob = KIO::file_copy(QUrl::fromLocalFile(tmpfile.fileName()), url, -1, KIO::Overwrite);
data/kdenlive-20.08.3/src/utils/otioconvertions.cpp:96:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tmp.open() || !(tmp.write(xml) > 0)) {
data/kdenlive-20.08.3/src/utils/resourcewidget.cpp:247:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (m_tmpThumbFile->open()) {
data/kdenlive-20.08.3/src/utils/resourcewidget.cpp:268:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (m_tmpThumbFile->open()) {
data/kdenlive-20.08.3/src/utils/resourcewidget.cpp:833:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::WriteOnly)) {
data/kdenlive-20.08.3/tests/abortutil.hpp:77:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[128];
data/kdenlive-20.08.3/tests/catch.hpp:1804:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeStamp[timeStampSize];
data/kdenlive-20.08.3/tests/catch.hpp:4609:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
alignas(alignof(T)) char storage[sizeof(T)];
data/kdenlive-20.08.3/tests/catch.hpp:5068:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[CATCH_CONFIG_CONSOLE_WIDTH] = {0};
data/kdenlive-20.08.3/tests/catch.hpp:5631:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open();
data/kdenlive-20.08.3/tests/catch.hpp:9111:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&i, &f, sizeof(f));
data/kdenlive-20.08.3/tests/catch.hpp:9120:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&i, &d, sizeof(d));
data/kdenlive-20.08.3/tests/catch.hpp:9513:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_buffer[L_tmpnam] = { 0 };
data/kdenlive-20.08.3/tests/catch.hpp:9590:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100];
data/kdenlive-20.08.3/tests/catch.hpp:9599:23: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
m_file = std::tmpfile();
data/kdenlive-20.08.3/tests/catch.hpp:9623:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100] = {};
data/kdenlive-20.08.3/tests/catch.hpp:10039:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tracker->open();
data/kdenlive-20.08.3/tests/catch.hpp:10785:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **utf8Argv = new char *[ argc ];
data/kdenlive-20.08.3/tests/catch.hpp:10939:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[bufferSize];
data/kdenlive-20.08.3/tests/catch.hpp:10988:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ofs.open( filename.c_str() );
data/kdenlive-20.08.3/tests/catch.hpp:11219:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( m_data, m_start, m_size );
data/kdenlive-20.08.3/tests/catch.hpp:11732:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void TrackerBase::open() {
data/kdenlive-20.08.3/tests/catch.hpp:11832:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open();
data/kdenlive-20.08.3/tests/catch.hpp:12117:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char asChar[sizeof (int)];
data/kdenlive-20.08.3/tests/catch.hpp:12774:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[maxDoubleSize];
data/kdenlive-20.08.3/tests/catch.hpp:12781:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%.3f", duration);
data/kdenlive-20.08.3/tests/catch.hpp:13349:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() {
data/kdenlive-20.08.3/tests/catch.hpp:13378:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tp.open();
data/kdenlive-20.08.3/tests/catch.hpp:13724:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeStamp[timeStampSize];
data/kdenlive-20.08.3/tests/fakeit.hpp:5396:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8];
data/kdenlive-20.08.3/tests/fakeit.hpp:5846:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char instanceArea[SIZE ? SIZE : 0];
data/kdenlive-20.08.3/thumbnailer/mltpreview.cpp:105:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mltImage.bits(), imagedata, width * height * 4);
data/kdenlive-20.08.3/fuzzer/main_fuzzer.cpp:41:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(target, input, size);
data/kdenlive-20.08.3/src/bin/abstractprojectitem.cpp:60:12: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return equal;
data/kdenlive-20.08.3/src/bin/projectclip.cpp:827:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t prefix_len = strlen(prefix);
data/kdenlive-20.08.3/src/bin/projectclip.cpp:830:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(current) >= prefix_len && strncmp(current, prefix, prefix_len) == 0) {
data/kdenlive-20.08.3/src/bin/projectclip.cpp:987:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fileData = file.read(1000000);
data/kdenlive-20.08.3/src/doc/documentchecker.cpp:983:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fileData = file.read(1000000);
data/kdenlive-20.08.3/src/doc/kdenlivedoc.cpp:808:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fileData = file.read(1000000);
data/kdenlive-20.08.3/src/lib/external/media_ctrl/mediactrl.c:287:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(ctrl->fd, &ev, sizeof(ev));
data/kdenlive-20.08.3/src/mltconnection.cpp:58:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!resource || resource[0] != '<' || resource[strlen(resource) - 1] != '>')
data/kdenlive-20.08.3/tests/abortutil.hpp:78:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int n = read(fd[0], buff, 127);
data/kdenlive-20.08.3/tests/catch.hpp:10814:36: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static_cast<void>(std::getchar());
data/kdenlive-20.08.3/tests/catch.hpp:10819:36: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static_cast<void>(std::getchar());
data/kdenlive-20.08.3/tests/catch.hpp:11110:50: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return s.size() >= prefix.size() && std::equal(prefix.begin(), prefix.end(), s.begin());
data/kdenlive-20.08.3/tests/catch.hpp:11116:50: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return s.size() >= suffix.size() && std::equal(suffix.rbegin(), suffix.rend(), s.rbegin());
data/kdenlive-20.08.3/tests/catch.hpp:11187:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
: StringRef( rawChars, static_cast<StringRef::size_type>(std::strlen(rawChars) ) )
ANALYSIS SUMMARY:
Hits = 182
Lines analyzed = 184839 in approximately 4.82 seconds (38337 lines/second)
Physical Source Lines of Code (SLOC) = 139475
Hits@level = [0] 56 [1] 15 [2] 162 [3] 4 [4] 1 [5] 0
Hits@level+ = [0+] 238 [1+] 182 [2+] 167 [3+] 5 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 1.7064 [1+] 1.30489 [2+] 1.19735 [3+] 0.0358487 [4+] 0.00716974 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.