Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ki18n-5.74.0/autotests/ktranscripttest.h
Examining data/ki18n-5.74.0/autotests/ktranscriptcleantest.h
Examining data/ki18n-5.74.0/autotests/ktranscriptcleantest.cpp
Examining data/ki18n-5.74.0/autotests/testhelpers.cpp
Examining data/ki18n-5.74.0/autotests/klocalizedstringtest.cpp
Examining data/ki18n-5.74.0/autotests/testhelpers.h
Examining data/ki18n-5.74.0/autotests/ki18ndeclarativetest.cpp
Examining data/ki18n-5.74.0/autotests/klocalizedstringtest.h
Examining data/ki18n-5.74.0/autotests/ktranscripttest.cpp
Examining data/ki18n-5.74.0/src/kcatalog.cpp
Examining data/ki18n-5.74.0/src/klocalizedstring.cpp
Examining data/ki18n-5.74.0/src/kuitmarkup.h
Examining data/ki18n-5.74.0/src/klocalizedtranslator.cpp
Examining data/ki18n-5.74.0/src/gettext.h
Examining data/ki18n-5.74.0/src/kcatalog_p.h
Examining data/ki18n-5.74.0/src/ktranscript.cpp
Examining data/ki18n-5.74.0/src/common_helpers_p.h
Examining data/ki18n-5.74.0/src/klocalizedcontext.h
Examining data/ki18n-5.74.0/src/kuitmarkup_p.h
Examining data/ki18n-5.74.0/src/klocalizedcontext.cpp
Examining data/ki18n-5.74.0/src/kuitsetup.h
Examining data/ki18n-5.74.0/src/main.cpp
Examining data/ki18n-5.74.0/src/common_helpers.cpp
Examining data/ki18n-5.74.0/src/klocalizedstring.h
Examining data/ki18n-5.74.0/src/ktranscript_p.h
Examining data/ki18n-5.74.0/src/klocalizedtranslator.h
Examining data/ki18n-5.74.0/src/kuitmarkup.cpp
FINAL RESULTS:
data/ki18n-5.74.0/src/klocalizedstring.cpp:362:58: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
appendLanguagesFromQLocale(localeLanguages, QLocale::system());
data/ki18n-5.74.0/src/ktranscript.cpp:167:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, DBGP"%s\n", str);
data/ki18n-5.74.0/src/ktranscript.cpp:176:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, DBGP"%s\n", QString::fromUtf8(str).arg(a1).toLocal8Bit().data());
data/ki18n-5.74.0/src/ktranscript.cpp:185:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, DBGP"%s\n", QString::fromUtf8(str).arg(a1).arg(a2).toLocal8Bit().data());
data/ki18n-5.74.0/src/ktranscript.cpp:194:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, DBGP"%s\n", QString::fromUtf8(str).arg(a1).arg(a2).arg(a3).toLocal8Bit().data());
data/ki18n-5.74.0/src/ktranscript.cpp:203:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, WARNP"%s\n", str);
data/ki18n-5.74.0/src/ktranscript.cpp:208:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, WARNP"%s\n", QString::fromUtf8(str).arg(a1).toLocal8Bit().data());
data/ki18n-5.74.0/src/main.cpp:32:31: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QLocale locale = QLocale::system();
data/ki18n-5.74.0/src/gettext.h:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_ctxt_id[msgctxt_len + msgid_len];
data/ki18n-5.74.0/src/gettext.h:105:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/ki18n-5.74.0/src/gettext.h:113:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg_ctxt_id, msgctxt, msgctxt_len - 1);
data/ki18n-5.74.0/src/gettext.h:115:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg_ctxt_id + msgctxt_len, msgid, msgid_len);
data/ki18n-5.74.0/src/gettext.h:153:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_ctxt_id[msgctxt_len + msgid_len];
data/ki18n-5.74.0/src/gettext.h:155:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/ki18n-5.74.0/src/gettext.h:163:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg_ctxt_id, msgctxt, msgctxt_len - 1);
data/ki18n-5.74.0/src/gettext.h:165:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg_ctxt_id + msgctxt_len, msgid, msgid_len);
data/ki18n-5.74.0/src/ktranscript.cpp:337:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/ki18n-5.74.0/src/ktranscript.cpp:935:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file_check.open(QIODevice::ReadOnly)) {
data/ki18n-5.74.0/src/ktranscript.cpp:939:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file_check.open(QIODevice::ReadOnly)) {
data/ki18n-5.74.0/src/ktranscript.cpp:1205:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/ki18n-5.74.0/src/ktranscript.cpp:1241:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/ki18n-5.74.0/src/ktranscript.cpp:1438:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/ki18n-5.74.0/src/ktranscript.cpp:1461:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/ki18n-5.74.0/src/ktranscript.cpp:1544:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file->open(QIODevice::ReadOnly)) {
data/ki18n-5.74.0/src/gettext.h:98:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgctxt_len = strlen(msgctxt) + 1;
data/ki18n-5.74.0/src/gettext.h:99:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgid_len = strlen(msgid) + 1;
data/ki18n-5.74.0/src/gettext.h:148:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgctxt_len = strlen(msgctxt) + 1;
data/ki18n-5.74.0/src/gettext.h:149:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgid_len = strlen(msgid) + 1;
data/ki18n-5.74.0/src/ktranscript.cpp:1444:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file.read(head.data(), head.size());
data/ki18n-5.74.0/src/ktranscript.cpp:1553:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fstr = file->read(8 + 4 + 8);
data/ki18n-5.74.0/src/ktranscript.cpp:1565:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fstr = file->read(lenekeys);
data/ki18n-5.74.0/src/ktranscript.cpp:1587:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray fstr = file->read(4 + 4);
data/ki18n-5.74.0/src/ktranscript.cpp:1591:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fstr = file->read(lenpkeys);
ANALYSIS SUMMARY:
Hits = 33
Lines analyzed = 10047 in approximately 0.36 seconds (28218 lines/second)
Physical Source Lines of Code (SLOC) = 6816
Hits@level = [0] 0 [1] 9 [2] 16 [3] 0 [4] 8 [5] 0
Hits@level+ = [0+] 33 [1+] 33 [2+] 24 [3+] 8 [4+] 8 [5+] 0
Hits/KSLOC@level+ = [0+] 4.84155 [1+] 4.84155 [2+] 3.52113 [3+] 1.17371 [4+] 1.17371 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.