Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/kid3-3.8.4/linux/glibc_version_nightmare.h
Examining data/kid3-3.8.4/src/app/cli/abstractcli.cpp
Examining data/kid3-3.8.4/src/app/cli/abstractcli.h
Examining data/kid3-3.8.4/src/app/cli/abstractcliformatter.cpp
Examining data/kid3-3.8.4/src/app/cli/abstractcliformatter.h
Examining data/kid3-3.8.4/src/app/cli/clicommand.cpp
Examining data/kid3-3.8.4/src/app/cli/clicommand.h
Examining data/kid3-3.8.4/src/app/cli/clierror.h
Examining data/kid3-3.8.4/src/app/cli/jsoncliformatter.cpp
Examining data/kid3-3.8.4/src/app/cli/jsoncliformatter.h
Examining data/kid3-3.8.4/src/app/cli/kid3cli.cpp
Examining data/kid3-3.8.4/src/app/cli/kid3cli.h
Examining data/kid3-3.8.4/src/app/cli/maincli.cpp
Examining data/kid3-3.8.4/src/app/cli/readlinecompleter.cpp
Examining data/kid3-3.8.4/src/app/cli/readlinecompleter.h
Examining data/kid3-3.8.4/src/app/cli/standardiohandler.cpp
Examining data/kid3-3.8.4/src/app/cli/standardiohandler.h
Examining data/kid3-3.8.4/src/app/cli/textcliformatter.cpp
Examining data/kid3-3.8.4/src/app/cli/textcliformatter.h
Examining data/kid3-3.8.4/src/app/kde/kdeconfigdialog.cpp
Examining data/kid3-3.8.4/src/app/kde/kdeconfigdialog.h
Examining data/kid3-3.8.4/src/app/kde/kdemainwindow.cpp
Examining data/kid3-3.8.4/src/app/kde/kdemainwindow.h
Examining data/kid3-3.8.4/src/app/kde/kdeplatformtools.cpp
Examining data/kid3-3.8.4/src/app/kde/kdeplatformtools.h
Examining data/kid3-3.8.4/src/app/kde/kdesettings.cpp
Examining data/kid3-3.8.4/src/app/kde/kdesettings.h
Examining data/kid3-3.8.4/src/app/kde/mainkde.cpp
Examining data/kid3-3.8.4/src/app/qml/mainqml.cpp
Examining data/kid3-3.8.4/src/app/qt/browserdialog.cpp
Examining data/kid3-3.8.4/src/app/qt/browserdialog.h
Examining data/kid3-3.8.4/src/app/qt/configdialog.cpp
Examining data/kid3-3.8.4/src/app/qt/configdialog.h
Examining data/kid3-3.8.4/src/app/qt/kid3mainwindow.cpp
Examining data/kid3-3.8.4/src/app/qt/kid3mainwindow.h
Examining data/kid3-3.8.4/src/app/qt/kid3qtapplication.cpp
Examining data/kid3-3.8.4/src/app/qt/kid3qtapplication.h
Examining data/kid3-3.8.4/src/app/qt/mainqt.cpp
Examining data/kid3-3.8.4/src/app/qt/messagedialog.cpp
Examining data/kid3-3.8.4/src/app/qt/messagedialog.h
Examining data/kid3-3.8.4/src/app/qt/platformtools.cpp
Examining data/kid3-3.8.4/src/app/qt/platformtools.h
Examining data/kid3-3.8.4/src/app/qt/recentfilesmenu.cpp
Examining data/kid3-3.8.4/src/app/qt/recentfilesmenu.h
Examining data/kid3-3.8.4/src/app/qt/shortcutsdelegate.cpp
Examining data/kid3-3.8.4/src/app/qt/shortcutsdelegate.h
Examining data/kid3-3.8.4/src/app/qt/shortcutsmodel.cpp
Examining data/kid3-3.8.4/src/app/qt/shortcutsmodel.h
Examining data/kid3-3.8.4/src/core/config/batchimportconfig.cpp
Examining data/kid3-3.8.4/src/core/config/batchimportconfig.h
Examining data/kid3-3.8.4/src/core/config/batchimportprofile.cpp
Examining data/kid3-3.8.4/src/core/config/batchimportprofile.h
Examining data/kid3-3.8.4/src/core/config/batchimportsourcesmodel.cpp
Examining data/kid3-3.8.4/src/core/config/batchimportsourcesmodel.h
Examining data/kid3-3.8.4/src/core/config/configstore.cpp
Examining data/kid3-3.8.4/src/core/config/configstore.h
Examining data/kid3-3.8.4/src/core/config/exportconfig.cpp
Examining data/kid3-3.8.4/src/core/config/exportconfig.h
Examining data/kid3-3.8.4/src/core/config/fileconfig.cpp
Examining data/kid3-3.8.4/src/core/config/fileconfig.h
Examining data/kid3-3.8.4/src/core/config/filterconfig.cpp
Examining data/kid3-3.8.4/src/core/config/filterconfig.h
Examining data/kid3-3.8.4/src/core/config/findreplaceconfig.cpp
Examining data/kid3-3.8.4/src/core/config/findreplaceconfig.h
Examining data/kid3-3.8.4/src/core/config/formatconfig.cpp
Examining data/kid3-3.8.4/src/core/config/formatconfig.h
Examining data/kid3-3.8.4/src/core/config/generalconfig.cpp
Examining data/kid3-3.8.4/src/core/config/generalconfig.h
Examining data/kid3-3.8.4/src/core/config/guiconfig.cpp
Examining data/kid3-3.8.4/src/core/config/guiconfig.h
Examining data/kid3-3.8.4/src/core/config/importconfig.cpp
Examining data/kid3-3.8.4/src/core/config/importconfig.h
Examining data/kid3-3.8.4/src/core/config/isettings.cpp
Examining data/kid3-3.8.4/src/core/config/isettings.h
Examining data/kid3-3.8.4/src/core/config/kid3settings.cpp
Examining data/kid3-3.8.4/src/core/config/kid3settings.h
Examining data/kid3-3.8.4/src/core/config/mainwindowconfig.cpp
Examining data/kid3-3.8.4/src/core/config/mainwindowconfig.h
Examining data/kid3-3.8.4/src/core/config/networkconfig.cpp
Examining data/kid3-3.8.4/src/core/config/networkconfig.h
Examining data/kid3-3.8.4/src/core/config/numbertracksconfig.cpp
Examining data/kid3-3.8.4/src/core/config/numbertracksconfig.h
Examining data/kid3-3.8.4/src/core/config/playlistconfig.cpp
Examining data/kid3-3.8.4/src/core/config/playlistconfig.h
Examining data/kid3-3.8.4/src/core/config/rendirconfig.cpp
Examining data/kid3-3.8.4/src/core/config/rendirconfig.h
Examining data/kid3-3.8.4/src/core/config/serverimporterconfig.cpp
Examining data/kid3-3.8.4/src/core/config/serverimporterconfig.h
Examining data/kid3-3.8.4/src/core/config/starratingmappingsmodel.cpp
Examining data/kid3-3.8.4/src/core/config/starratingmappingsmodel.h
Examining data/kid3-3.8.4/src/core/config/tagconfig.cpp
Examining data/kid3-3.8.4/src/core/config/tagconfig.h
Examining data/kid3-3.8.4/src/core/config/useractionsconfig.cpp
Examining data/kid3-3.8.4/src/core/config/useractionsconfig.h
Examining data/kid3-3.8.4/src/core/export/playlistcreator.cpp
Examining data/kid3-3.8.4/src/core/export/playlistcreator.h
Examining data/kid3-3.8.4/src/core/export/textexporter.cpp
Examining data/kid3-3.8.4/src/core/export/textexporter.h
Examining data/kid3-3.8.4/src/core/import/batchimporter.cpp
Examining data/kid3-3.8.4/src/core/import/batchimporter.h
Examining data/kid3-3.8.4/src/core/import/httpclient.cpp
Examining data/kid3-3.8.4/src/core/import/httpclient.h
Examining data/kid3-3.8.4/src/core/import/importclient.cpp
Examining data/kid3-3.8.4/src/core/import/importclient.h
Examining data/kid3-3.8.4/src/core/import/importparser.cpp
Examining data/kid3-3.8.4/src/core/import/importparser.h
Examining data/kid3-3.8.4/src/core/import/iserverimporterfactory.cpp
Examining data/kid3-3.8.4/src/core/import/iserverimporterfactory.h
Examining data/kid3-3.8.4/src/core/import/iservertrackimporterfactory.cpp
Examining data/kid3-3.8.4/src/core/import/iservertrackimporterfactory.h
Examining data/kid3-3.8.4/src/core/import/jsonparser.cpp
Examining data/kid3-3.8.4/src/core/import/jsonparser.h
Examining data/kid3-3.8.4/src/core/import/serverimporter.cpp
Examining data/kid3-3.8.4/src/core/import/serverimporter.h
Examining data/kid3-3.8.4/src/core/import/servertrackimporter.cpp
Examining data/kid3-3.8.4/src/core/import/servertrackimporter.h
Examining data/kid3-3.8.4/src/core/import/textimporter.cpp
Examining data/kid3-3.8.4/src/core/import/textimporter.h
Examining data/kid3-3.8.4/src/core/import/trackdatamatcher.cpp
Examining data/kid3-3.8.4/src/core/import/trackdatamatcher.h
Examining data/kid3-3.8.4/src/core/model/abstractfiledecorationprovider.cpp
Examining data/kid3-3.8.4/src/core/model/abstractfiledecorationprovider.h
Examining data/kid3-3.8.4/src/core/model/bidirfileproxymodeliterator.cpp
Examining data/kid3-3.8.4/src/core/model/bidirfileproxymodeliterator.h
Examining data/kid3-3.8.4/src/core/model/checkablestringlistmodel.cpp
Examining data/kid3-3.8.4/src/core/model/checkablestringlistmodel.h
Examining data/kid3-3.8.4/src/core/model/commandformatreplacer.cpp
Examining data/kid3-3.8.4/src/core/model/commandformatreplacer.h
Examining data/kid3-3.8.4/src/core/model/commandstablemodel.cpp
Examining data/kid3-3.8.4/src/core/model/commandstablemodel.h
Examining data/kid3-3.8.4/src/core/model/configtablemodel.cpp
Examining data/kid3-3.8.4/src/core/model/configtablemodel.h
Examining data/kid3-3.8.4/src/core/model/coretaggedfileiconprovider.cpp
Examining data/kid3-3.8.4/src/core/model/coretaggedfileiconprovider.h
Examining data/kid3-3.8.4/src/core/model/dirproxymodel.cpp
Examining data/kid3-3.8.4/src/core/model/dirproxymodel.h
Examining data/kid3-3.8.4/src/core/model/dirrenamer.cpp
Examining data/kid3-3.8.4/src/core/model/dirrenamer.h
Examining data/kid3-3.8.4/src/core/model/downloadclient.cpp
Examining data/kid3-3.8.4/src/core/model/downloadclient.h
Examining data/kid3-3.8.4/src/core/model/eventtimingcode.cpp
Examining data/kid3-3.8.4/src/core/model/eventtimingcode.h
Examining data/kid3-3.8.4/src/core/model/expressionparser.cpp
Examining data/kid3-3.8.4/src/core/model/expressionparser.h
Examining data/kid3-3.8.4/src/core/model/externalprocess.cpp
Examining data/kid3-3.8.4/src/core/model/externalprocess.h
Examining data/kid3-3.8.4/src/core/model/filefilter.cpp
Examining data/kid3-3.8.4/src/core/model/filefilter.h
Examining data/kid3-3.8.4/src/core/model/fileinfogatherer.cpp
Examining data/kid3-3.8.4/src/core/model/fileinfogatherer_p.h
Examining data/kid3-3.8.4/src/core/model/fileproxymodel.cpp
Examining data/kid3-3.8.4/src/core/model/fileproxymodel.h
Examining data/kid3-3.8.4/src/core/model/fileproxymodeliterator.cpp
Examining data/kid3-3.8.4/src/core/model/fileproxymodeliterator.h
Examining data/kid3-3.8.4/src/core/model/filesystemmodel.cpp
Examining data/kid3-3.8.4/src/core/model/filesystemmodel.h
Examining data/kid3-3.8.4/src/core/model/filesystemmodel_p.h
Examining data/kid3-3.8.4/src/core/model/frameeditorobject.cpp
Examining data/kid3-3.8.4/src/core/model/frameeditorobject.h
Examining data/kid3-3.8.4/src/core/model/framelist.cpp
Examining data/kid3-3.8.4/src/core/model/framelist.h
Examining data/kid3-3.8.4/src/core/model/frameobjectmodel.cpp
Examining data/kid3-3.8.4/src/core/model/frameobjectmodel.h
Examining data/kid3-3.8.4/src/core/model/frametablemodel.cpp
Examining data/kid3-3.8.4/src/core/model/frametablemodel.h
Examining data/kid3-3.8.4/src/core/model/genremodel.cpp
Examining data/kid3-3.8.4/src/core/model/genremodel.h
Examining data/kid3-3.8.4/src/core/model/iabortable.cpp
Examining data/kid3-3.8.4/src/core/model/iabortable.h
Examining data/kid3-3.8.4/src/core/model/iframeeditor.cpp
Examining data/kid3-3.8.4/src/core/model/iframeeditor.h
Examining data/kid3-3.8.4/src/core/model/imagedataprovider.h
Examining data/kid3-3.8.4/src/core/model/iusercommandprocessor.cpp
Examining data/kid3-3.8.4/src/core/model/iusercommandprocessor.h
Examining data/kid3-3.8.4/src/core/model/kid3application.cpp
Examining data/kid3-3.8.4/src/core/model/kid3application.h
Examining data/kid3-3.8.4/src/core/model/modeliterator.cpp
Examining data/kid3-3.8.4/src/core/model/modeliterator.h
Examining data/kid3-3.8.4/src/core/model/modelsectionresizemode.h
Examining data/kid3-3.8.4/src/core/model/playlistmodel.cpp
Examining data/kid3-3.8.4/src/core/model/playlistmodel.h
Examining data/kid3-3.8.4/src/core/model/proxyitemselectionmodel.cpp
Examining data/kid3-3.8.4/src/core/model/proxyitemselectionmodel.h
Examining data/kid3-3.8.4/src/core/model/scriptinterface.cpp
Examining data/kid3-3.8.4/src/core/model/scriptinterface.h
Examining data/kid3-3.8.4/src/core/model/standardtablemodel.cpp
Examining data/kid3-3.8.4/src/core/model/standardtablemodel.h
Examining data/kid3-3.8.4/src/core/model/taggedfileselection.cpp
Examining data/kid3-3.8.4/src/core/model/taggedfileselection.h
Examining data/kid3-3.8.4/src/core/model/tagsearcher.cpp
Examining data/kid3-3.8.4/src/core/model/tagsearcher.h
Examining data/kid3-3.8.4/src/core/model/texttablemodel.cpp
Examining data/kid3-3.8.4/src/core/model/texttablemodel.h
Examining data/kid3-3.8.4/src/core/model/timeeventmodel.cpp
Examining data/kid3-3.8.4/src/core/model/timeeventmodel.h
Examining data/kid3-3.8.4/src/core/model/trackdatamodel.cpp
Examining data/kid3-3.8.4/src/core/model/trackdatamodel.h
Examining data/kid3-3.8.4/src/core/tags/attributedata.cpp
Examining data/kid3-3.8.4/src/core/tags/attributedata.h
Examining data/kid3-3.8.4/src/core/tags/formatreplacer.cpp
Examining data/kid3-3.8.4/src/core/tags/formatreplacer.h
Examining data/kid3-3.8.4/src/core/tags/frame.cpp
Examining data/kid3-3.8.4/src/core/tags/frame.h
Examining data/kid3-3.8.4/src/core/tags/framenotice.cpp
Examining data/kid3-3.8.4/src/core/tags/framenotice.h
Examining data/kid3-3.8.4/src/core/tags/genres.cpp
Examining data/kid3-3.8.4/src/core/tags/genres.h
Examining data/kid3-3.8.4/src/core/tags/itaggedfilefactory.cpp
Examining data/kid3-3.8.4/src/core/tags/itaggedfilefactory.h
Examining data/kid3-3.8.4/src/core/tags/pictureframe.cpp
Examining data/kid3-3.8.4/src/core/tags/pictureframe.h
Examining data/kid3-3.8.4/src/core/tags/taggedfile.cpp
Examining data/kid3-3.8.4/src/core/tags/taggedfile.h
Examining data/kid3-3.8.4/src/core/tags/trackdata.cpp
Examining data/kid3-3.8.4/src/core/tags/trackdata.h
Examining data/kid3-3.8.4/src/core/utils/androidutils.cpp
Examining data/kid3-3.8.4/src/core/utils/androidutils.h
Examining data/kid3-3.8.4/src/core/utils/coreplatformtools.cpp
Examining data/kid3-3.8.4/src/core/utils/coreplatformtools.h
Examining data/kid3-3.8.4/src/core/utils/debugutils.cpp
Examining data/kid3-3.8.4/src/core/utils/debugutils.h
Examining data/kid3-3.8.4/src/core/utils/icoreplatformtools.cpp
Examining data/kid3-3.8.4/src/core/utils/icoreplatformtools.h
Examining data/kid3-3.8.4/src/core/utils/kid3api.h
Examining data/kid3-3.8.4/src/core/utils/loadtranslation.cpp
Examining data/kid3-3.8.4/src/core/utils/loadtranslation.h
Examining data/kid3-3.8.4/src/core/utils/saferename.cpp
Examining data/kid3-3.8.4/src/core/utils/saferename.h
Examining data/kid3-3.8.4/src/gui/dialogs/batchimportdialog.cpp
Examining data/kid3-3.8.4/src/gui/dialogs/batchimportdialog.h
Examining data/kid3-3.8.4/src/gui/dialogs/batchimportsourcedialog.cpp
Examining data/kid3-3.8.4/src/gui/dialogs/batchimportsourcedialog.h
Examining data/kid3-3.8.4/src/gui/dialogs/browsecoverartdialog.cpp
Examining data/kid3-3.8.4/src/gui/dialogs/browsecoverartdialog.h
Examining data/kid3-3.8.4/src/gui/dialogs/configdialogpages.cpp
Examining data/kid3-3.8.4/src/gui/dialogs/configdialogpages.h
Examining data/kid3-3.8.4/src/gui/dialogs/contexthelp.cpp
Examining data/kid3-3.8.4/src/gui/dialogs/contexthelp.h
Examining data/kid3-3.8.4/src/gui/dialogs/downloaddialog.cpp
Examining data/kid3-3.8.4/src/gui/dialogs/downloaddialog.h
Examining data/kid3-3.8.4/src/gui/dialogs/editframefieldsdialog.cpp
Examining data/kid3-3.8.4/src/gui/dialogs/editframefieldsdialog.h
Examining data/kid3-3.8.4/src/gui/dialogs/exportdialog.cpp
Examining data/kid3-3.8.4/src/gui/dialogs/exportdialog.h
Examining data/kid3-3.8.4/src/gui/dialogs/filterdialog.cpp
Examining data/kid3-3.8.4/src/gui/dialogs/filterdialog.h
Examining data/kid3-3.8.4/src/gui/dialogs/findreplacedialog.cpp
Examining data/kid3-3.8.4/src/gui/dialogs/findreplacedialog.h
Examining data/kid3-3.8.4/src/gui/dialogs/importdialog.cpp
Examining data/kid3-3.8.4/src/gui/dialogs/importdialog.h
Examining data/kid3-3.8.4/src/gui/dialogs/numbertracksdialog.cpp
Examining data/kid3-3.8.4/src/gui/dialogs/numbertracksdialog.h
Examining data/kid3-3.8.4/src/gui/dialogs/playlistdialog.cpp
Examining data/kid3-3.8.4/src/gui/dialogs/playlistdialog.h
Examining data/kid3-3.8.4/src/gui/dialogs/playlisteditdialog.cpp
Examining data/kid3-3.8.4/src/gui/dialogs/playlisteditdialog.h
Examining data/kid3-3.8.4/src/gui/dialogs/rendirdialog.cpp
Examining data/kid3-3.8.4/src/gui/dialogs/rendirdialog.h
Examining data/kid3-3.8.4/src/gui/dialogs/serverimportdialog.cpp
Examining data/kid3-3.8.4/src/gui/dialogs/serverimportdialog.h
Examining data/kid3-3.8.4/src/gui/dialogs/servertrackimportdialog.cpp
Examining data/kid3-3.8.4/src/gui/dialogs/servertrackimportdialog.h
Examining data/kid3-3.8.4/src/gui/dialogs/stringlisteditdialog.cpp
Examining data/kid3-3.8.4/src/gui/dialogs/stringlisteditdialog.h
Examining data/kid3-3.8.4/src/gui/dialogs/tagimportdialog.cpp
Examining data/kid3-3.8.4/src/gui/dialogs/tagimportdialog.h
Examining data/kid3-3.8.4/src/gui/dialogs/textimportdialog.cpp
Examining data/kid3-3.8.4/src/gui/dialogs/textimportdialog.h
Examining data/kid3-3.8.4/src/gui/forms/audioplayer.cpp
Examining data/kid3-3.8.4/src/gui/forms/audioplayer.h
Examining data/kid3-3.8.4/src/gui/forms/basemainwindow.cpp
Examining data/kid3-3.8.4/src/gui/forms/basemainwindow.h
Examining data/kid3-3.8.4/src/gui/forms/configurabletreeview.cpp
Examining data/kid3-3.8.4/src/gui/forms/configurabletreeview.h
Examining data/kid3-3.8.4/src/gui/forms/filelist.cpp
Examining data/kid3-3.8.4/src/gui/forms/filelist.h
Examining data/kid3-3.8.4/src/gui/forms/guiplatformtools.cpp
Examining data/kid3-3.8.4/src/gui/forms/guiplatformtools.h
Examining data/kid3-3.8.4/src/gui/forms/iplatformtools.cpp
Examining data/kid3-3.8.4/src/gui/forms/iplatformtools.h
Examining data/kid3-3.8.4/src/gui/forms/kid3form.cpp
Examining data/kid3-3.8.4/src/gui/forms/kid3form.h
Examining data/kid3-3.8.4/src/gui/forms/mprisinterface.cpp
Examining data/kid3-3.8.4/src/gui/forms/mprisinterface.h
Examining data/kid3-3.8.4/src/gui/forms/pixmapprovider.cpp
Examining data/kid3-3.8.4/src/gui/forms/pixmapprovider.h
Examining data/kid3-3.8.4/src/gui/forms/playlistview.cpp
Examining data/kid3-3.8.4/src/gui/forms/playlistview.h
Examining data/kid3-3.8.4/src/gui/forms/sectionactions.cpp
Examining data/kid3-3.8.4/src/gui/forms/sectionactions.h
Examining data/kid3-3.8.4/src/gui/forms/taggedfileiconprovider.cpp
Examining data/kid3-3.8.4/src/gui/forms/taggedfileiconprovider.h
Examining data/kid3-3.8.4/src/gui/widgets/abstractlistedit.cpp
Examining data/kid3-3.8.4/src/gui/widgets/abstractlistedit.h
Examining data/kid3-3.8.4/src/gui/widgets/chaptereditor.cpp
Examining data/kid3-3.8.4/src/gui/widgets/chaptereditor.h
Examining data/kid3-3.8.4/src/gui/widgets/comboboxdelegate.cpp
Examining data/kid3-3.8.4/src/gui/widgets/comboboxdelegate.h
Examining data/kid3-3.8.4/src/gui/widgets/configtable.cpp
Examining data/kid3-3.8.4/src/gui/widgets/configtable.h
Examining data/kid3-3.8.4/src/gui/widgets/enumdelegate.cpp
Examining data/kid3-3.8.4/src/gui/widgets/enumdelegate.h
Examining data/kid3-3.8.4/src/gui/widgets/eventcodedelegate.cpp
Examining data/kid3-3.8.4/src/gui/widgets/eventcodedelegate.h
Examining data/kid3-3.8.4/src/gui/widgets/filenameformatbox.cpp
Examining data/kid3-3.8.4/src/gui/widgets/filenameformatbox.h
Examining data/kid3-3.8.4/src/gui/widgets/formatbox.cpp
Examining data/kid3-3.8.4/src/gui/widgets/formatbox.h
Examining data/kid3-3.8.4/src/gui/widgets/formatlistedit.cpp
Examining data/kid3-3.8.4/src/gui/widgets/formatlistedit.h
Examining data/kid3-3.8.4/src/gui/widgets/frameitemdelegate.cpp
Examining data/kid3-3.8.4/src/gui/widgets/frameitemdelegate.h
Examining data/kid3-3.8.4/src/gui/widgets/frametable.cpp
Examining data/kid3-3.8.4/src/gui/widgets/frametable.h
Examining data/kid3-3.8.4/src/gui/widgets/imageviewer.cpp
Examining data/kid3-3.8.4/src/gui/widgets/imageviewer.h
Examining data/kid3-3.8.4/src/gui/widgets/picturelabel.cpp
Examining data/kid3-3.8.4/src/gui/widgets/picturelabel.h
Examining data/kid3-3.8.4/src/gui/widgets/playtoolbar.cpp
Examining data/kid3-3.8.4/src/gui/widgets/playtoolbar.h
Examining data/kid3-3.8.4/src/gui/widgets/progresswidget.cpp
Examining data/kid3-3.8.4/src/gui/widgets/progresswidget.h
Examining data/kid3-3.8.4/src/gui/widgets/stringlistedit.cpp
Examining data/kid3-3.8.4/src/gui/widgets/stringlistedit.h
Examining data/kid3-3.8.4/src/gui/widgets/subframeseditor.cpp
Examining data/kid3-3.8.4/src/gui/widgets/subframeseditor.h
Examining data/kid3-3.8.4/src/gui/widgets/tablemodeledit.cpp
Examining data/kid3-3.8.4/src/gui/widgets/tablemodeledit.h
Examining data/kid3-3.8.4/src/gui/widgets/tableofcontentseditor.cpp
Examining data/kid3-3.8.4/src/gui/widgets/tableofcontentseditor.h
Examining data/kid3-3.8.4/src/gui/widgets/tagformatbox.cpp
Examining data/kid3-3.8.4/src/gui/widgets/tagformatbox.h
Examining data/kid3-3.8.4/src/gui/widgets/timeeventeditor.cpp
Examining data/kid3-3.8.4/src/gui/widgets/timeeventeditor.h
Examining data/kid3-3.8.4/src/gui/widgets/timestampdelegate.cpp
Examining data/kid3-3.8.4/src/gui/widgets/timestampdelegate.h
Examining data/kid3-3.8.4/src/gui/widgets/tracknumbervalidator.cpp
Examining data/kid3-3.8.4/src/gui/widgets/tracknumbervalidator.h
Examining data/kid3-3.8.4/src/plugins/acoustidimport/abstractfingerprintdecoder.cpp
Examining data/kid3-3.8.4/src/plugins/acoustidimport/abstractfingerprintdecoder.h
Examining data/kid3-3.8.4/src/plugins/acoustidimport/acoustidimportplugin.cpp
Examining data/kid3-3.8.4/src/plugins/acoustidimport/acoustidimportplugin.h
Examining data/kid3-3.8.4/src/plugins/acoustidimport/ffmpegfingerprintdecoder.cpp
Examining data/kid3-3.8.4/src/plugins/acoustidimport/ffmpegfingerprintdecoder.h
Examining data/kid3-3.8.4/src/plugins/acoustidimport/fingerprintcalculator.cpp
Examining data/kid3-3.8.4/src/plugins/acoustidimport/fingerprintcalculator.h
Examining data/kid3-3.8.4/src/plugins/acoustidimport/gstfingerprintdecoder.cpp
Examining data/kid3-3.8.4/src/plugins/acoustidimport/gstfingerprintdecoder.h
Examining data/kid3-3.8.4/src/plugins/acoustidimport/musicbrainzclient.cpp
Examining data/kid3-3.8.4/src/plugins/acoustidimport/musicbrainzclient.h
Examining data/kid3-3.8.4/src/plugins/acoustidimport/qtfingerprintdecoder.cpp
Examining data/kid3-3.8.4/src/plugins/acoustidimport/qtfingerprintdecoder.h
Examining data/kid3-3.8.4/src/plugins/amazonimport/amazonconfig.cpp
Examining data/kid3-3.8.4/src/plugins/amazonimport/amazonconfig.h
Examining data/kid3-3.8.4/src/plugins/amazonimport/amazonimporter.cpp
Examining data/kid3-3.8.4/src/plugins/amazonimport/amazonimporter.h
Examining data/kid3-3.8.4/src/plugins/amazonimport/amazonimportplugin.cpp
Examining data/kid3-3.8.4/src/plugins/amazonimport/amazonimportplugin.h
Examining data/kid3-3.8.4/src/plugins/discogsimport/discogsconfig.cpp
Examining data/kid3-3.8.4/src/plugins/discogsimport/discogsconfig.h
Examining data/kid3-3.8.4/src/plugins/discogsimport/discogsimporter.cpp
Examining data/kid3-3.8.4/src/plugins/discogsimport/discogsimporter.h
Examining data/kid3-3.8.4/src/plugins/discogsimport/discogsimportplugin.cpp
Examining data/kid3-3.8.4/src/plugins/discogsimport/discogsimportplugin.h
Examining data/kid3-3.8.4/src/plugins/freedbimport/freedbconfig.cpp
Examining data/kid3-3.8.4/src/plugins/freedbimport/freedbconfig.h
Examining data/kid3-3.8.4/src/plugins/freedbimport/freedbimporter.cpp
Examining data/kid3-3.8.4/src/plugins/freedbimport/freedbimporter.h
Examining data/kid3-3.8.4/src/plugins/freedbimport/freedbimportplugin.cpp
Examining data/kid3-3.8.4/src/plugins/freedbimport/freedbimportplugin.h
Examining data/kid3-3.8.4/src/plugins/freedbimport/tracktypeimporter.cpp
Examining data/kid3-3.8.4/src/plugins/freedbimport/tracktypeimporter.h
Examining data/kid3-3.8.4/src/plugins/id3libmetadata/id3libmetadataplugin.cpp
Examining data/kid3-3.8.4/src/plugins/id3libmetadata/id3libmetadataplugin.h
Examining data/kid3-3.8.4/src/plugins/id3libmetadata/mp3file.cpp
Examining data/kid3-3.8.4/src/plugins/id3libmetadata/mp3file.h
Examining data/kid3-3.8.4/src/plugins/kid3qml/checkablelistmodel.cpp
Examining data/kid3-3.8.4/src/plugins/kid3qml/checkablelistmodel.h
Examining data/kid3-3.8.4/src/plugins/kid3qml/configobjects.cpp
Examining data/kid3-3.8.4/src/plugins/kid3qml/configobjects.h
Examining data/kid3-3.8.4/src/plugins/kid3qml/kid3qmlplugin.cpp
Examining data/kid3-3.8.4/src/plugins/kid3qml/kid3qmlplugin.h
Examining data/kid3-3.8.4/src/plugins/kid3qml/qmlimageprovider.cpp
Examining data/kid3-3.8.4/src/plugins/kid3qml/qmlimageprovider.h
Examining data/kid3-3.8.4/src/plugins/kid3qml/scriptutils.cpp
Examining data/kid3-3.8.4/src/plugins/kid3qml/scriptutils.h
Examining data/kid3-3.8.4/src/plugins/mp4v2metadata/m4afile.cpp
Examining data/kid3-3.8.4/src/plugins/mp4v2metadata/m4afile.h
Examining data/kid3-3.8.4/src/plugins/mp4v2metadata/mp4v2metadataplugin.cpp
Examining data/kid3-3.8.4/src/plugins/mp4v2metadata/mp4v2metadataplugin.h
Examining data/kid3-3.8.4/src/plugins/musicbrainzimport/musicbrainzconfig.cpp
Examining data/kid3-3.8.4/src/plugins/musicbrainzimport/musicbrainzconfig.h
Examining data/kid3-3.8.4/src/plugins/musicbrainzimport/musicbrainzimporter.cpp
Examining data/kid3-3.8.4/src/plugins/musicbrainzimport/musicbrainzimporter.h
Examining data/kid3-3.8.4/src/plugins/musicbrainzimport/musicbrainzimportplugin.cpp
Examining data/kid3-3.8.4/src/plugins/musicbrainzimport/musicbrainzimportplugin.h
Examining data/kid3-3.8.4/src/plugins/oggflacmetadata/flacfile.cpp
Examining data/kid3-3.8.4/src/plugins/oggflacmetadata/flacfile.hpp
Examining data/kid3-3.8.4/src/plugins/oggflacmetadata/oggfile.cpp
Examining data/kid3-3.8.4/src/plugins/oggflacmetadata/oggfile.hpp
Examining data/kid3-3.8.4/src/plugins/oggflacmetadata/oggflacmetadataplugin.cpp
Examining data/kid3-3.8.4/src/plugins/oggflacmetadata/oggflacmetadataplugin.h
Examining data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.c
Examining data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.h
Examining data/kid3-3.8.4/src/plugins/qmlcommand/qmlcommandplugin.cpp
Examining data/kid3-3.8.4/src/plugins/qmlcommand/qmlcommandplugin.h
Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/aac/aacfiletyperesolver.cpp
Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/aac/aacfiletyperesolver.h
Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsffile.cpp
Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsffile.h
Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsffiletyperesolver.cpp
Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsffiletyperesolver.h
Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsfheader.cpp
Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsfheader.h
Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsfproperties.cpp
Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsfproperties.h
Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/eventtimingcodesframe.cpp
Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/eventtimingcodesframe.h
Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/mp2/mp2filetyperesolver.cpp
Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/mp2/mp2filetyperesolver.h
Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/synchronizedlyricsframe.cpp
Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/synchronizedlyricsframe.h
Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/tdebug.h
Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibfile.cpp
Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibfile.h
Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibmetadataplugin.cpp
Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibmetadataplugin.h
Examining data/kid3-3.8.4/src/test/dummysettings.cpp
Examining data/kid3-3.8.4/src/test/dummysettings.h
Examining data/kid3-3.8.4/src/test/maintest.cpp
Examining data/kid3-3.8.4/src/test/testdiscogsimporter.cpp
Examining data/kid3-3.8.4/src/test/testdiscogsimporter.h
Examining data/kid3-3.8.4/src/test/testjsonparser.cpp
Examining data/kid3-3.8.4/src/test/testjsonparser.h
Examining data/kid3-3.8.4/src/test/testmusicbrainzreleaseimporter.cpp
Examining data/kid3-3.8.4/src/test/testmusicbrainzreleaseimporter.h
Examining data/kid3-3.8.4/src/test/testmusicbrainzreleaseimportparser.cpp
Examining data/kid3-3.8.4/src/test/testmusicbrainzreleaseimportparser.h
Examining data/kid3-3.8.4/src/test/testserverimporterbase.cpp
Examining data/kid3-3.8.4/src/test/testserverimporterbase.h
Examining data/kid3-3.8.4/src/test/testutils.cpp
Examining data/kid3-3.8.4/src/test/testutils.h
FINAL RESULTS:
data/kid3-3.8.4/src/core/model/filesystemmodel.cpp:839:21: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return QLocale::system().toString(node(index)->lastModified(), QLocale::ShortFormat);
data/kid3-3.8.4/src/plugins/kid3qml/scriptutils.cpp:419:27: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QVariantList ScriptUtils::system(
data/kid3-3.8.4/src/plugins/kid3qml/scriptutils.h:281:35: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Q_INVOKABLE static QVariantList system(
data/kid3-3.8.4/src/app/cli/standardiohandler.cpp:140:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t buf[numCharsInBuf];
data/kid3-3.8.4/src/app/kde/kdemainwindow.cpp:80:38: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QAction* action = KStandardAction::open(
data/kid3-3.8.4/src/app/kde/kdemainwindow.cpp:83:38: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QAction* action = KStandardAction::open(
data/kid3-3.8.4/src/core/export/playlistcreator.cpp:119:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool ok = file.open(QIODevice::WriteOnly);
data/kid3-3.8.4/src/core/export/playlistcreator.cpp:230:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) {
data/kid3-3.8.4/src/core/export/textexporter.cpp:115:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::WriteOnly)) {
data/kid3-3.8.4/src/core/model/filesystemmodel.cpp:1751:9: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t name[MAX_PATH + 1];
data/kid3-3.8.4/src/core/model/kid3application.cpp:1208:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) {
data/kid3-3.8.4/src/core/model/kid3application.cpp:3455:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::WriteOnly)) {
data/kid3-3.8.4/src/core/model/kid3application.cpp:3600:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) {
data/kid3-3.8.4/src/core/model/kid3application.cpp:3676:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) {
data/kid3-3.8.4/src/core/tags/attributedata.cpp:169:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/kid3-3.8.4/src/core/tags/formatreplacer.cpp:57:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char escChar[numEscCodes] = {
data/kid3-3.8.4/src/core/tags/genres.h:105:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char s_genreNum[Genres::count + 1];
data/kid3-3.8.4/src/core/tags/pictureframe.cpp:592:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) {
data/kid3-3.8.4/src/core/tags/pictureframe.cpp:620:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::WriteOnly)) {
data/kid3-3.8.4/src/core/utils/coreplatformtools.cpp:228:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly))
data/kid3-3.8.4/src/gui/dialogs/editframefieldsdialog.cpp:1186:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::WriteOnly);
data/kid3-3.8.4/src/gui/dialogs/editframefieldsdialog.cpp:1207:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) {
data/kid3-3.8.4/src/gui/dialogs/editframefieldsdialog.cpp:1249:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::WriteOnly)) {
data/kid3-3.8.4/src/gui/dialogs/textimportdialog.cpp:134:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) {
data/kid3-3.8.4/src/gui/forms/kid3form.cpp:736:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::WriteOnly);
data/kid3-3.8.4/src/gui/forms/mprisinterface.cpp:281:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_tempCoverArtFile->open();
data/kid3-3.8.4/src/gui/widgets/timeeventeditor.cpp:280:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) {
data/kid3-3.8.4/src/gui/widgets/timeeventeditor.cpp:306:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::WriteOnly)) {
data/kid3-3.8.4/src/plugins/acoustidimport/ffmpegfingerprintdecoder.cpp:140:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open() {
data/kid3-3.8.4/src/plugins/acoustidimport/ffmpegfingerprintdecoder.cpp:191:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(samples, m_frame->extended_data[0], planeSize);
data/kid3-3.8.4/src/plugins/acoustidimport/ffmpegfingerprintdecoder.cpp:195:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(out, m_frame->extended_data[ch], planeSize);
data/kid3-3.8.4/src/plugins/acoustidimport/ffmpegfingerprintdecoder.cpp:213:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(samples, m_frame->extended_data[0], planeSize);
data/kid3-3.8.4/src/plugins/acoustidimport/ffmpegfingerprintdecoder.cpp:217:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(out, m_frame->extended_data[ch], planeSize);
data/kid3-3.8.4/src/plugins/acoustidimport/ffmpegfingerprintdecoder.cpp:558:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!codec.open() || codec.channels() <= 0) {
data/kid3-3.8.4/src/plugins/kid3qml/scriptutils.cpp:200:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::WriteOnly | QIODevice::Truncate)) {
data/kid3-3.8.4/src/plugins/kid3qml/scriptutils.cpp:216:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) {
data/kid3-3.8.4/src/plugins/kid3qml/scriptutils.cpp:557:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::WriteOnly);
data/kid3-3.8.4/src/plugins/mp4v2metadata/m4afile.cpp:777:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.value, value.data(), data.valueSize);
data/kid3-3.8.4/src/plugins/oggflacmetadata/oggfile.cpp:185:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fpIn.open(QIODevice::ReadOnly)) {
data/kid3-3.8.4/src/plugins/oggflacmetadata/oggfile.cpp:256:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fpIn.open(QIODevice::ReadOnly)) {
data/kid3-3.8.4/src/plugins/oggflacmetadata/oggfile.cpp:265:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fpOut.open(QIODevice::WriteOnly)) {
data/kid3-3.8.4/src/plugins/oggflacmetadata/oggfile.cpp:878:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fp.open(QIODevice::ReadOnly)) {
data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.c:80:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer->data + buffer->data_len, og->header,
data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.c:83:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer->data + buffer->data_len, og->body,
data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.c:400:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op->packet, opb.buffer, oggpack_bytes(&opb));
data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.c:622:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->mainbuf, header_main.packet, header_main.bytes);
data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.c:668:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->bookbuf, header->packet,
data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.c:691:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->vendor, state->vc->vendor, vendor_size);
data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsffile.cpp:79:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw[8];
data/kid3-3.8.4/src/core/export/playlistcreator.cpp:224:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool PlaylistCreator::read(
data/kid3-3.8.4/src/core/export/playlistcreator.h:149:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(const QString& playlistPath, QStringList& filePaths,
data/kid3-3.8.4/src/core/model/playlistmodel.cpp:181:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (creator.read(path, filePaths, format, useFullPath, writeInfo)) {
data/kid3-3.8.4/src/plugins/acoustidimport/qtfingerprintdecoder.cpp:98:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QAudioBuffer buffer = m_decoder->read();
data/kid3-3.8.4/src/plugins/mp4v2metadata/m4afile.cpp:417:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_fileInfo.read(handle);
data/kid3-3.8.4/src/plugins/mp4v2metadata/m4afile.cpp:1412:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool M4aFile::FileInfo::read(MP4FileHandle handle)
data/kid3-3.8.4/src/plugins/mp4v2metadata/m4afile.h:234:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(void* handle);
data/kid3-3.8.4/src/plugins/oggflacmetadata/flacfile.cpp:158:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (m_chain->read(fnIn)) {
data/kid3-3.8.4/src/plugins/oggflacmetadata/oggfile.cpp:64:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
qint64 len = iodev->read(reinterpret_cast<char*>(ptr), size * nmemb);
data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.c:380:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oggpack_write(&opb,strlen(vendor),32);
data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.c:381:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_v_writestring(&opb,vendor, strlen(vendor));
data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.c:445:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes = s->read(buffer,1, CHUNKSIZE, s->in);
data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.c:517:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes = state->read(buffer, 1, CHUNKSIZE, state->in);
data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.c:595:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes = state->read(buffer, 1, CHUNKSIZE, state->in);
data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.c:678:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes = state->read(buffer, 1, CHUNKSIZE, state->in);
data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.c:689:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vendor_size = strlen(state->vc->vendor) +1;
data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.c:874:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes = state->read(buffer,1, CHUNKSIZE, state->in);
data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.h:36:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
vcedit_read_func read;
data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsffile.cpp:132:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(readProperties, propertiesStyle);
data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsffile.cpp:144:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(readProperties, propertiesStyle);
data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsffile.cpp:156:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(readProperties, propertiesStyle);
data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsffile.cpp:295:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void DSFFile::read(bool readProperties,
data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsffile.h:234:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(bool readProperties,
data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsfproperties.cpp:75:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read();
data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsfproperties.cpp:138:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void DSFProperties::read()
data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsfproperties.h:94:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read();
data/kid3-3.8.4/src/plugins/taglibmetadata/taglibfile.h:435:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void setRead(bool read) { m_read = read; }
data/kid3-3.8.4/src/plugins/taglibmetadata/taglibfile.h:435:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void setRead(bool read) { m_read = read; }
ANALYSIS SUMMARY:
Hits = 77
Lines analyzed = 116121 in approximately 2.67 seconds (43438 lines/second)
Physical Source Lines of Code (SLOC) = 64123
Hits@level = [0] 3 [1] 28 [2] 46 [3] 0 [4] 3 [5] 0
Hits@level+ = [0+] 80 [1+] 77 [2+] 49 [3+] 3 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 1.2476 [1+] 1.20082 [2+] 0.764156 [3+] 0.0467851 [4+] 0.0467851 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.