Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/kid3-3.8.4/linux/glibc_version_nightmare.h Examining data/kid3-3.8.4/src/app/cli/abstractcli.cpp Examining data/kid3-3.8.4/src/app/cli/abstractcli.h Examining data/kid3-3.8.4/src/app/cli/abstractcliformatter.cpp Examining data/kid3-3.8.4/src/app/cli/abstractcliformatter.h Examining data/kid3-3.8.4/src/app/cli/clicommand.cpp Examining data/kid3-3.8.4/src/app/cli/clicommand.h Examining data/kid3-3.8.4/src/app/cli/clierror.h Examining data/kid3-3.8.4/src/app/cli/jsoncliformatter.cpp Examining data/kid3-3.8.4/src/app/cli/jsoncliformatter.h Examining data/kid3-3.8.4/src/app/cli/kid3cli.cpp Examining data/kid3-3.8.4/src/app/cli/kid3cli.h Examining data/kid3-3.8.4/src/app/cli/maincli.cpp Examining data/kid3-3.8.4/src/app/cli/readlinecompleter.cpp Examining data/kid3-3.8.4/src/app/cli/readlinecompleter.h Examining data/kid3-3.8.4/src/app/cli/standardiohandler.cpp Examining data/kid3-3.8.4/src/app/cli/standardiohandler.h Examining data/kid3-3.8.4/src/app/cli/textcliformatter.cpp Examining data/kid3-3.8.4/src/app/cli/textcliformatter.h Examining data/kid3-3.8.4/src/app/kde/kdeconfigdialog.cpp Examining data/kid3-3.8.4/src/app/kde/kdeconfigdialog.h Examining data/kid3-3.8.4/src/app/kde/kdemainwindow.cpp Examining data/kid3-3.8.4/src/app/kde/kdemainwindow.h Examining data/kid3-3.8.4/src/app/kde/kdeplatformtools.cpp Examining data/kid3-3.8.4/src/app/kde/kdeplatformtools.h Examining data/kid3-3.8.4/src/app/kde/kdesettings.cpp Examining data/kid3-3.8.4/src/app/kde/kdesettings.h Examining data/kid3-3.8.4/src/app/kde/mainkde.cpp Examining data/kid3-3.8.4/src/app/qml/mainqml.cpp Examining data/kid3-3.8.4/src/app/qt/browserdialog.cpp Examining data/kid3-3.8.4/src/app/qt/browserdialog.h Examining data/kid3-3.8.4/src/app/qt/configdialog.cpp Examining data/kid3-3.8.4/src/app/qt/configdialog.h Examining data/kid3-3.8.4/src/app/qt/kid3mainwindow.cpp Examining data/kid3-3.8.4/src/app/qt/kid3mainwindow.h Examining data/kid3-3.8.4/src/app/qt/kid3qtapplication.cpp Examining data/kid3-3.8.4/src/app/qt/kid3qtapplication.h Examining data/kid3-3.8.4/src/app/qt/mainqt.cpp Examining data/kid3-3.8.4/src/app/qt/messagedialog.cpp Examining data/kid3-3.8.4/src/app/qt/messagedialog.h Examining data/kid3-3.8.4/src/app/qt/platformtools.cpp Examining data/kid3-3.8.4/src/app/qt/platformtools.h Examining data/kid3-3.8.4/src/app/qt/recentfilesmenu.cpp Examining data/kid3-3.8.4/src/app/qt/recentfilesmenu.h Examining data/kid3-3.8.4/src/app/qt/shortcutsdelegate.cpp Examining data/kid3-3.8.4/src/app/qt/shortcutsdelegate.h Examining data/kid3-3.8.4/src/app/qt/shortcutsmodel.cpp Examining data/kid3-3.8.4/src/app/qt/shortcutsmodel.h Examining data/kid3-3.8.4/src/core/config/batchimportconfig.cpp Examining data/kid3-3.8.4/src/core/config/batchimportconfig.h Examining data/kid3-3.8.4/src/core/config/batchimportprofile.cpp Examining data/kid3-3.8.4/src/core/config/batchimportprofile.h Examining data/kid3-3.8.4/src/core/config/batchimportsourcesmodel.cpp Examining data/kid3-3.8.4/src/core/config/batchimportsourcesmodel.h Examining data/kid3-3.8.4/src/core/config/configstore.cpp Examining data/kid3-3.8.4/src/core/config/configstore.h Examining data/kid3-3.8.4/src/core/config/exportconfig.cpp Examining data/kid3-3.8.4/src/core/config/exportconfig.h Examining data/kid3-3.8.4/src/core/config/fileconfig.cpp Examining data/kid3-3.8.4/src/core/config/fileconfig.h Examining data/kid3-3.8.4/src/core/config/filterconfig.cpp Examining data/kid3-3.8.4/src/core/config/filterconfig.h Examining data/kid3-3.8.4/src/core/config/findreplaceconfig.cpp Examining data/kid3-3.8.4/src/core/config/findreplaceconfig.h Examining data/kid3-3.8.4/src/core/config/formatconfig.cpp Examining data/kid3-3.8.4/src/core/config/formatconfig.h Examining data/kid3-3.8.4/src/core/config/generalconfig.cpp Examining data/kid3-3.8.4/src/core/config/generalconfig.h Examining data/kid3-3.8.4/src/core/config/guiconfig.cpp Examining data/kid3-3.8.4/src/core/config/guiconfig.h Examining data/kid3-3.8.4/src/core/config/importconfig.cpp Examining data/kid3-3.8.4/src/core/config/importconfig.h Examining data/kid3-3.8.4/src/core/config/isettings.cpp Examining data/kid3-3.8.4/src/core/config/isettings.h Examining data/kid3-3.8.4/src/core/config/kid3settings.cpp Examining data/kid3-3.8.4/src/core/config/kid3settings.h Examining data/kid3-3.8.4/src/core/config/mainwindowconfig.cpp Examining data/kid3-3.8.4/src/core/config/mainwindowconfig.h Examining data/kid3-3.8.4/src/core/config/networkconfig.cpp Examining data/kid3-3.8.4/src/core/config/networkconfig.h Examining data/kid3-3.8.4/src/core/config/numbertracksconfig.cpp Examining data/kid3-3.8.4/src/core/config/numbertracksconfig.h Examining data/kid3-3.8.4/src/core/config/playlistconfig.cpp Examining data/kid3-3.8.4/src/core/config/playlistconfig.h Examining data/kid3-3.8.4/src/core/config/rendirconfig.cpp Examining data/kid3-3.8.4/src/core/config/rendirconfig.h Examining data/kid3-3.8.4/src/core/config/serverimporterconfig.cpp Examining data/kid3-3.8.4/src/core/config/serverimporterconfig.h Examining data/kid3-3.8.4/src/core/config/starratingmappingsmodel.cpp Examining data/kid3-3.8.4/src/core/config/starratingmappingsmodel.h Examining data/kid3-3.8.4/src/core/config/tagconfig.cpp Examining data/kid3-3.8.4/src/core/config/tagconfig.h Examining data/kid3-3.8.4/src/core/config/useractionsconfig.cpp Examining data/kid3-3.8.4/src/core/config/useractionsconfig.h Examining data/kid3-3.8.4/src/core/export/playlistcreator.cpp Examining data/kid3-3.8.4/src/core/export/playlistcreator.h Examining data/kid3-3.8.4/src/core/export/textexporter.cpp Examining data/kid3-3.8.4/src/core/export/textexporter.h Examining data/kid3-3.8.4/src/core/import/batchimporter.cpp Examining data/kid3-3.8.4/src/core/import/batchimporter.h Examining data/kid3-3.8.4/src/core/import/httpclient.cpp Examining data/kid3-3.8.4/src/core/import/httpclient.h Examining data/kid3-3.8.4/src/core/import/importclient.cpp Examining data/kid3-3.8.4/src/core/import/importclient.h Examining data/kid3-3.8.4/src/core/import/importparser.cpp Examining data/kid3-3.8.4/src/core/import/importparser.h Examining data/kid3-3.8.4/src/core/import/iserverimporterfactory.cpp Examining data/kid3-3.8.4/src/core/import/iserverimporterfactory.h Examining data/kid3-3.8.4/src/core/import/iservertrackimporterfactory.cpp Examining data/kid3-3.8.4/src/core/import/iservertrackimporterfactory.h Examining data/kid3-3.8.4/src/core/import/jsonparser.cpp Examining data/kid3-3.8.4/src/core/import/jsonparser.h Examining data/kid3-3.8.4/src/core/import/serverimporter.cpp Examining data/kid3-3.8.4/src/core/import/serverimporter.h Examining data/kid3-3.8.4/src/core/import/servertrackimporter.cpp Examining data/kid3-3.8.4/src/core/import/servertrackimporter.h Examining data/kid3-3.8.4/src/core/import/textimporter.cpp Examining data/kid3-3.8.4/src/core/import/textimporter.h Examining data/kid3-3.8.4/src/core/import/trackdatamatcher.cpp Examining data/kid3-3.8.4/src/core/import/trackdatamatcher.h Examining data/kid3-3.8.4/src/core/model/abstractfiledecorationprovider.cpp Examining data/kid3-3.8.4/src/core/model/abstractfiledecorationprovider.h Examining data/kid3-3.8.4/src/core/model/bidirfileproxymodeliterator.cpp Examining data/kid3-3.8.4/src/core/model/bidirfileproxymodeliterator.h Examining data/kid3-3.8.4/src/core/model/checkablestringlistmodel.cpp Examining data/kid3-3.8.4/src/core/model/checkablestringlistmodel.h Examining data/kid3-3.8.4/src/core/model/commandformatreplacer.cpp Examining data/kid3-3.8.4/src/core/model/commandformatreplacer.h Examining data/kid3-3.8.4/src/core/model/commandstablemodel.cpp Examining data/kid3-3.8.4/src/core/model/commandstablemodel.h Examining data/kid3-3.8.4/src/core/model/configtablemodel.cpp Examining data/kid3-3.8.4/src/core/model/configtablemodel.h Examining data/kid3-3.8.4/src/core/model/coretaggedfileiconprovider.cpp Examining data/kid3-3.8.4/src/core/model/coretaggedfileiconprovider.h Examining data/kid3-3.8.4/src/core/model/dirproxymodel.cpp Examining data/kid3-3.8.4/src/core/model/dirproxymodel.h Examining data/kid3-3.8.4/src/core/model/dirrenamer.cpp Examining data/kid3-3.8.4/src/core/model/dirrenamer.h Examining data/kid3-3.8.4/src/core/model/downloadclient.cpp Examining data/kid3-3.8.4/src/core/model/downloadclient.h Examining data/kid3-3.8.4/src/core/model/eventtimingcode.cpp Examining data/kid3-3.8.4/src/core/model/eventtimingcode.h Examining data/kid3-3.8.4/src/core/model/expressionparser.cpp Examining data/kid3-3.8.4/src/core/model/expressionparser.h Examining data/kid3-3.8.4/src/core/model/externalprocess.cpp Examining data/kid3-3.8.4/src/core/model/externalprocess.h Examining data/kid3-3.8.4/src/core/model/filefilter.cpp Examining data/kid3-3.8.4/src/core/model/filefilter.h Examining data/kid3-3.8.4/src/core/model/fileinfogatherer.cpp Examining data/kid3-3.8.4/src/core/model/fileinfogatherer_p.h Examining data/kid3-3.8.4/src/core/model/fileproxymodel.cpp Examining data/kid3-3.8.4/src/core/model/fileproxymodel.h Examining data/kid3-3.8.4/src/core/model/fileproxymodeliterator.cpp Examining data/kid3-3.8.4/src/core/model/fileproxymodeliterator.h Examining data/kid3-3.8.4/src/core/model/filesystemmodel.cpp Examining data/kid3-3.8.4/src/core/model/filesystemmodel.h Examining data/kid3-3.8.4/src/core/model/filesystemmodel_p.h Examining data/kid3-3.8.4/src/core/model/frameeditorobject.cpp Examining data/kid3-3.8.4/src/core/model/frameeditorobject.h Examining data/kid3-3.8.4/src/core/model/framelist.cpp Examining data/kid3-3.8.4/src/core/model/framelist.h Examining data/kid3-3.8.4/src/core/model/frameobjectmodel.cpp Examining data/kid3-3.8.4/src/core/model/frameobjectmodel.h Examining data/kid3-3.8.4/src/core/model/frametablemodel.cpp Examining data/kid3-3.8.4/src/core/model/frametablemodel.h Examining data/kid3-3.8.4/src/core/model/genremodel.cpp Examining data/kid3-3.8.4/src/core/model/genremodel.h Examining data/kid3-3.8.4/src/core/model/iabortable.cpp Examining data/kid3-3.8.4/src/core/model/iabortable.h Examining data/kid3-3.8.4/src/core/model/iframeeditor.cpp Examining data/kid3-3.8.4/src/core/model/iframeeditor.h Examining data/kid3-3.8.4/src/core/model/imagedataprovider.h Examining data/kid3-3.8.4/src/core/model/iusercommandprocessor.cpp Examining data/kid3-3.8.4/src/core/model/iusercommandprocessor.h Examining data/kid3-3.8.4/src/core/model/kid3application.cpp Examining data/kid3-3.8.4/src/core/model/kid3application.h Examining data/kid3-3.8.4/src/core/model/modeliterator.cpp Examining data/kid3-3.8.4/src/core/model/modeliterator.h Examining data/kid3-3.8.4/src/core/model/modelsectionresizemode.h Examining data/kid3-3.8.4/src/core/model/playlistmodel.cpp Examining data/kid3-3.8.4/src/core/model/playlistmodel.h Examining data/kid3-3.8.4/src/core/model/proxyitemselectionmodel.cpp Examining data/kid3-3.8.4/src/core/model/proxyitemselectionmodel.h Examining data/kid3-3.8.4/src/core/model/scriptinterface.cpp Examining data/kid3-3.8.4/src/core/model/scriptinterface.h Examining data/kid3-3.8.4/src/core/model/standardtablemodel.cpp Examining data/kid3-3.8.4/src/core/model/standardtablemodel.h Examining data/kid3-3.8.4/src/core/model/taggedfileselection.cpp Examining data/kid3-3.8.4/src/core/model/taggedfileselection.h Examining data/kid3-3.8.4/src/core/model/tagsearcher.cpp Examining data/kid3-3.8.4/src/core/model/tagsearcher.h Examining data/kid3-3.8.4/src/core/model/texttablemodel.cpp Examining data/kid3-3.8.4/src/core/model/texttablemodel.h Examining data/kid3-3.8.4/src/core/model/timeeventmodel.cpp Examining data/kid3-3.8.4/src/core/model/timeeventmodel.h Examining data/kid3-3.8.4/src/core/model/trackdatamodel.cpp Examining data/kid3-3.8.4/src/core/model/trackdatamodel.h Examining data/kid3-3.8.4/src/core/tags/attributedata.cpp Examining data/kid3-3.8.4/src/core/tags/attributedata.h Examining data/kid3-3.8.4/src/core/tags/formatreplacer.cpp Examining data/kid3-3.8.4/src/core/tags/formatreplacer.h Examining data/kid3-3.8.4/src/core/tags/frame.cpp Examining data/kid3-3.8.4/src/core/tags/frame.h Examining data/kid3-3.8.4/src/core/tags/framenotice.cpp Examining data/kid3-3.8.4/src/core/tags/framenotice.h Examining data/kid3-3.8.4/src/core/tags/genres.cpp Examining data/kid3-3.8.4/src/core/tags/genres.h Examining data/kid3-3.8.4/src/core/tags/itaggedfilefactory.cpp Examining data/kid3-3.8.4/src/core/tags/itaggedfilefactory.h Examining data/kid3-3.8.4/src/core/tags/pictureframe.cpp Examining data/kid3-3.8.4/src/core/tags/pictureframe.h Examining data/kid3-3.8.4/src/core/tags/taggedfile.cpp Examining data/kid3-3.8.4/src/core/tags/taggedfile.h Examining data/kid3-3.8.4/src/core/tags/trackdata.cpp Examining data/kid3-3.8.4/src/core/tags/trackdata.h Examining data/kid3-3.8.4/src/core/utils/androidutils.cpp Examining data/kid3-3.8.4/src/core/utils/androidutils.h Examining data/kid3-3.8.4/src/core/utils/coreplatformtools.cpp Examining data/kid3-3.8.4/src/core/utils/coreplatformtools.h Examining data/kid3-3.8.4/src/core/utils/debugutils.cpp Examining data/kid3-3.8.4/src/core/utils/debugutils.h Examining data/kid3-3.8.4/src/core/utils/icoreplatformtools.cpp Examining data/kid3-3.8.4/src/core/utils/icoreplatformtools.h Examining data/kid3-3.8.4/src/core/utils/kid3api.h Examining data/kid3-3.8.4/src/core/utils/loadtranslation.cpp Examining data/kid3-3.8.4/src/core/utils/loadtranslation.h Examining data/kid3-3.8.4/src/core/utils/saferename.cpp Examining data/kid3-3.8.4/src/core/utils/saferename.h Examining data/kid3-3.8.4/src/gui/dialogs/batchimportdialog.cpp Examining data/kid3-3.8.4/src/gui/dialogs/batchimportdialog.h Examining data/kid3-3.8.4/src/gui/dialogs/batchimportsourcedialog.cpp Examining data/kid3-3.8.4/src/gui/dialogs/batchimportsourcedialog.h Examining data/kid3-3.8.4/src/gui/dialogs/browsecoverartdialog.cpp Examining data/kid3-3.8.4/src/gui/dialogs/browsecoverartdialog.h Examining data/kid3-3.8.4/src/gui/dialogs/configdialogpages.cpp Examining data/kid3-3.8.4/src/gui/dialogs/configdialogpages.h Examining data/kid3-3.8.4/src/gui/dialogs/contexthelp.cpp Examining data/kid3-3.8.4/src/gui/dialogs/contexthelp.h Examining data/kid3-3.8.4/src/gui/dialogs/downloaddialog.cpp Examining data/kid3-3.8.4/src/gui/dialogs/downloaddialog.h Examining data/kid3-3.8.4/src/gui/dialogs/editframefieldsdialog.cpp Examining data/kid3-3.8.4/src/gui/dialogs/editframefieldsdialog.h Examining data/kid3-3.8.4/src/gui/dialogs/exportdialog.cpp Examining data/kid3-3.8.4/src/gui/dialogs/exportdialog.h Examining data/kid3-3.8.4/src/gui/dialogs/filterdialog.cpp Examining data/kid3-3.8.4/src/gui/dialogs/filterdialog.h Examining data/kid3-3.8.4/src/gui/dialogs/findreplacedialog.cpp Examining data/kid3-3.8.4/src/gui/dialogs/findreplacedialog.h Examining data/kid3-3.8.4/src/gui/dialogs/importdialog.cpp Examining data/kid3-3.8.4/src/gui/dialogs/importdialog.h Examining data/kid3-3.8.4/src/gui/dialogs/numbertracksdialog.cpp Examining data/kid3-3.8.4/src/gui/dialogs/numbertracksdialog.h Examining data/kid3-3.8.4/src/gui/dialogs/playlistdialog.cpp Examining data/kid3-3.8.4/src/gui/dialogs/playlistdialog.h Examining data/kid3-3.8.4/src/gui/dialogs/playlisteditdialog.cpp Examining data/kid3-3.8.4/src/gui/dialogs/playlisteditdialog.h Examining data/kid3-3.8.4/src/gui/dialogs/rendirdialog.cpp Examining data/kid3-3.8.4/src/gui/dialogs/rendirdialog.h Examining data/kid3-3.8.4/src/gui/dialogs/serverimportdialog.cpp Examining data/kid3-3.8.4/src/gui/dialogs/serverimportdialog.h Examining data/kid3-3.8.4/src/gui/dialogs/servertrackimportdialog.cpp Examining data/kid3-3.8.4/src/gui/dialogs/servertrackimportdialog.h Examining data/kid3-3.8.4/src/gui/dialogs/stringlisteditdialog.cpp Examining data/kid3-3.8.4/src/gui/dialogs/stringlisteditdialog.h Examining data/kid3-3.8.4/src/gui/dialogs/tagimportdialog.cpp Examining data/kid3-3.8.4/src/gui/dialogs/tagimportdialog.h Examining data/kid3-3.8.4/src/gui/dialogs/textimportdialog.cpp Examining data/kid3-3.8.4/src/gui/dialogs/textimportdialog.h Examining data/kid3-3.8.4/src/gui/forms/audioplayer.cpp Examining data/kid3-3.8.4/src/gui/forms/audioplayer.h Examining data/kid3-3.8.4/src/gui/forms/basemainwindow.cpp Examining data/kid3-3.8.4/src/gui/forms/basemainwindow.h Examining data/kid3-3.8.4/src/gui/forms/configurabletreeview.cpp Examining data/kid3-3.8.4/src/gui/forms/configurabletreeview.h Examining data/kid3-3.8.4/src/gui/forms/filelist.cpp Examining data/kid3-3.8.4/src/gui/forms/filelist.h Examining data/kid3-3.8.4/src/gui/forms/guiplatformtools.cpp Examining data/kid3-3.8.4/src/gui/forms/guiplatformtools.h Examining data/kid3-3.8.4/src/gui/forms/iplatformtools.cpp Examining data/kid3-3.8.4/src/gui/forms/iplatformtools.h Examining data/kid3-3.8.4/src/gui/forms/kid3form.cpp Examining data/kid3-3.8.4/src/gui/forms/kid3form.h Examining data/kid3-3.8.4/src/gui/forms/mprisinterface.cpp Examining data/kid3-3.8.4/src/gui/forms/mprisinterface.h Examining data/kid3-3.8.4/src/gui/forms/pixmapprovider.cpp Examining data/kid3-3.8.4/src/gui/forms/pixmapprovider.h Examining data/kid3-3.8.4/src/gui/forms/playlistview.cpp Examining data/kid3-3.8.4/src/gui/forms/playlistview.h Examining data/kid3-3.8.4/src/gui/forms/sectionactions.cpp Examining data/kid3-3.8.4/src/gui/forms/sectionactions.h Examining data/kid3-3.8.4/src/gui/forms/taggedfileiconprovider.cpp Examining data/kid3-3.8.4/src/gui/forms/taggedfileiconprovider.h Examining data/kid3-3.8.4/src/gui/widgets/abstractlistedit.cpp Examining data/kid3-3.8.4/src/gui/widgets/abstractlistedit.h Examining data/kid3-3.8.4/src/gui/widgets/chaptereditor.cpp Examining data/kid3-3.8.4/src/gui/widgets/chaptereditor.h Examining data/kid3-3.8.4/src/gui/widgets/comboboxdelegate.cpp Examining data/kid3-3.8.4/src/gui/widgets/comboboxdelegate.h Examining data/kid3-3.8.4/src/gui/widgets/configtable.cpp Examining data/kid3-3.8.4/src/gui/widgets/configtable.h Examining data/kid3-3.8.4/src/gui/widgets/enumdelegate.cpp Examining data/kid3-3.8.4/src/gui/widgets/enumdelegate.h Examining data/kid3-3.8.4/src/gui/widgets/eventcodedelegate.cpp Examining data/kid3-3.8.4/src/gui/widgets/eventcodedelegate.h Examining data/kid3-3.8.4/src/gui/widgets/filenameformatbox.cpp Examining data/kid3-3.8.4/src/gui/widgets/filenameformatbox.h Examining data/kid3-3.8.4/src/gui/widgets/formatbox.cpp Examining data/kid3-3.8.4/src/gui/widgets/formatbox.h Examining data/kid3-3.8.4/src/gui/widgets/formatlistedit.cpp Examining data/kid3-3.8.4/src/gui/widgets/formatlistedit.h Examining data/kid3-3.8.4/src/gui/widgets/frameitemdelegate.cpp Examining data/kid3-3.8.4/src/gui/widgets/frameitemdelegate.h Examining data/kid3-3.8.4/src/gui/widgets/frametable.cpp Examining data/kid3-3.8.4/src/gui/widgets/frametable.h Examining data/kid3-3.8.4/src/gui/widgets/imageviewer.cpp Examining data/kid3-3.8.4/src/gui/widgets/imageviewer.h Examining data/kid3-3.8.4/src/gui/widgets/picturelabel.cpp Examining data/kid3-3.8.4/src/gui/widgets/picturelabel.h Examining data/kid3-3.8.4/src/gui/widgets/playtoolbar.cpp Examining data/kid3-3.8.4/src/gui/widgets/playtoolbar.h Examining data/kid3-3.8.4/src/gui/widgets/progresswidget.cpp Examining data/kid3-3.8.4/src/gui/widgets/progresswidget.h Examining data/kid3-3.8.4/src/gui/widgets/stringlistedit.cpp Examining data/kid3-3.8.4/src/gui/widgets/stringlistedit.h Examining data/kid3-3.8.4/src/gui/widgets/subframeseditor.cpp Examining data/kid3-3.8.4/src/gui/widgets/subframeseditor.h Examining data/kid3-3.8.4/src/gui/widgets/tablemodeledit.cpp Examining data/kid3-3.8.4/src/gui/widgets/tablemodeledit.h Examining data/kid3-3.8.4/src/gui/widgets/tableofcontentseditor.cpp Examining data/kid3-3.8.4/src/gui/widgets/tableofcontentseditor.h Examining data/kid3-3.8.4/src/gui/widgets/tagformatbox.cpp Examining data/kid3-3.8.4/src/gui/widgets/tagformatbox.h Examining data/kid3-3.8.4/src/gui/widgets/timeeventeditor.cpp Examining data/kid3-3.8.4/src/gui/widgets/timeeventeditor.h Examining data/kid3-3.8.4/src/gui/widgets/timestampdelegate.cpp Examining data/kid3-3.8.4/src/gui/widgets/timestampdelegate.h Examining data/kid3-3.8.4/src/gui/widgets/tracknumbervalidator.cpp Examining data/kid3-3.8.4/src/gui/widgets/tracknumbervalidator.h Examining data/kid3-3.8.4/src/plugins/acoustidimport/abstractfingerprintdecoder.cpp Examining data/kid3-3.8.4/src/plugins/acoustidimport/abstractfingerprintdecoder.h Examining data/kid3-3.8.4/src/plugins/acoustidimport/acoustidimportplugin.cpp Examining data/kid3-3.8.4/src/plugins/acoustidimport/acoustidimportplugin.h Examining data/kid3-3.8.4/src/plugins/acoustidimport/ffmpegfingerprintdecoder.cpp Examining data/kid3-3.8.4/src/plugins/acoustidimport/ffmpegfingerprintdecoder.h Examining data/kid3-3.8.4/src/plugins/acoustidimport/fingerprintcalculator.cpp Examining data/kid3-3.8.4/src/plugins/acoustidimport/fingerprintcalculator.h Examining data/kid3-3.8.4/src/plugins/acoustidimport/gstfingerprintdecoder.cpp Examining data/kid3-3.8.4/src/plugins/acoustidimport/gstfingerprintdecoder.h Examining data/kid3-3.8.4/src/plugins/acoustidimport/musicbrainzclient.cpp Examining data/kid3-3.8.4/src/plugins/acoustidimport/musicbrainzclient.h Examining data/kid3-3.8.4/src/plugins/acoustidimport/qtfingerprintdecoder.cpp Examining data/kid3-3.8.4/src/plugins/acoustidimport/qtfingerprintdecoder.h Examining data/kid3-3.8.4/src/plugins/amazonimport/amazonconfig.cpp Examining data/kid3-3.8.4/src/plugins/amazonimport/amazonconfig.h Examining data/kid3-3.8.4/src/plugins/amazonimport/amazonimporter.cpp Examining data/kid3-3.8.4/src/plugins/amazonimport/amazonimporter.h Examining data/kid3-3.8.4/src/plugins/amazonimport/amazonimportplugin.cpp Examining data/kid3-3.8.4/src/plugins/amazonimport/amazonimportplugin.h Examining data/kid3-3.8.4/src/plugins/discogsimport/discogsconfig.cpp Examining data/kid3-3.8.4/src/plugins/discogsimport/discogsconfig.h Examining data/kid3-3.8.4/src/plugins/discogsimport/discogsimporter.cpp Examining data/kid3-3.8.4/src/plugins/discogsimport/discogsimporter.h Examining data/kid3-3.8.4/src/plugins/discogsimport/discogsimportplugin.cpp Examining data/kid3-3.8.4/src/plugins/discogsimport/discogsimportplugin.h Examining data/kid3-3.8.4/src/plugins/freedbimport/freedbconfig.cpp Examining data/kid3-3.8.4/src/plugins/freedbimport/freedbconfig.h Examining data/kid3-3.8.4/src/plugins/freedbimport/freedbimporter.cpp Examining data/kid3-3.8.4/src/plugins/freedbimport/freedbimporter.h Examining data/kid3-3.8.4/src/plugins/freedbimport/freedbimportplugin.cpp Examining data/kid3-3.8.4/src/plugins/freedbimport/freedbimportplugin.h Examining data/kid3-3.8.4/src/plugins/freedbimport/tracktypeimporter.cpp Examining data/kid3-3.8.4/src/plugins/freedbimport/tracktypeimporter.h Examining data/kid3-3.8.4/src/plugins/id3libmetadata/id3libmetadataplugin.cpp Examining data/kid3-3.8.4/src/plugins/id3libmetadata/id3libmetadataplugin.h Examining data/kid3-3.8.4/src/plugins/id3libmetadata/mp3file.cpp Examining data/kid3-3.8.4/src/plugins/id3libmetadata/mp3file.h Examining data/kid3-3.8.4/src/plugins/kid3qml/checkablelistmodel.cpp Examining data/kid3-3.8.4/src/plugins/kid3qml/checkablelistmodel.h Examining data/kid3-3.8.4/src/plugins/kid3qml/configobjects.cpp Examining data/kid3-3.8.4/src/plugins/kid3qml/configobjects.h Examining data/kid3-3.8.4/src/plugins/kid3qml/kid3qmlplugin.cpp Examining data/kid3-3.8.4/src/plugins/kid3qml/kid3qmlplugin.h Examining data/kid3-3.8.4/src/plugins/kid3qml/qmlimageprovider.cpp Examining data/kid3-3.8.4/src/plugins/kid3qml/qmlimageprovider.h Examining data/kid3-3.8.4/src/plugins/kid3qml/scriptutils.cpp Examining data/kid3-3.8.4/src/plugins/kid3qml/scriptutils.h Examining data/kid3-3.8.4/src/plugins/mp4v2metadata/m4afile.cpp Examining data/kid3-3.8.4/src/plugins/mp4v2metadata/m4afile.h Examining data/kid3-3.8.4/src/plugins/mp4v2metadata/mp4v2metadataplugin.cpp Examining data/kid3-3.8.4/src/plugins/mp4v2metadata/mp4v2metadataplugin.h Examining data/kid3-3.8.4/src/plugins/musicbrainzimport/musicbrainzconfig.cpp Examining data/kid3-3.8.4/src/plugins/musicbrainzimport/musicbrainzconfig.h Examining data/kid3-3.8.4/src/plugins/musicbrainzimport/musicbrainzimporter.cpp Examining data/kid3-3.8.4/src/plugins/musicbrainzimport/musicbrainzimporter.h Examining data/kid3-3.8.4/src/plugins/musicbrainzimport/musicbrainzimportplugin.cpp Examining data/kid3-3.8.4/src/plugins/musicbrainzimport/musicbrainzimportplugin.h Examining data/kid3-3.8.4/src/plugins/oggflacmetadata/flacfile.cpp Examining data/kid3-3.8.4/src/plugins/oggflacmetadata/flacfile.hpp Examining data/kid3-3.8.4/src/plugins/oggflacmetadata/oggfile.cpp Examining data/kid3-3.8.4/src/plugins/oggflacmetadata/oggfile.hpp Examining data/kid3-3.8.4/src/plugins/oggflacmetadata/oggflacmetadataplugin.cpp Examining data/kid3-3.8.4/src/plugins/oggflacmetadata/oggflacmetadataplugin.h Examining data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.c Examining data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.h Examining data/kid3-3.8.4/src/plugins/qmlcommand/qmlcommandplugin.cpp Examining data/kid3-3.8.4/src/plugins/qmlcommand/qmlcommandplugin.h Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/aac/aacfiletyperesolver.cpp Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/aac/aacfiletyperesolver.h Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsffile.cpp Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsffile.h Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsffiletyperesolver.cpp Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsffiletyperesolver.h Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsfheader.cpp Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsfheader.h Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsfproperties.cpp Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsfproperties.h Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/eventtimingcodesframe.cpp Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/eventtimingcodesframe.h Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/mp2/mp2filetyperesolver.cpp Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/mp2/mp2filetyperesolver.h Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/synchronizedlyricsframe.cpp Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/synchronizedlyricsframe.h Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/tdebug.h Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibfile.cpp Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibfile.h Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibmetadataplugin.cpp Examining data/kid3-3.8.4/src/plugins/taglibmetadata/taglibmetadataplugin.h Examining data/kid3-3.8.4/src/test/dummysettings.cpp Examining data/kid3-3.8.4/src/test/dummysettings.h Examining data/kid3-3.8.4/src/test/maintest.cpp Examining data/kid3-3.8.4/src/test/testdiscogsimporter.cpp Examining data/kid3-3.8.4/src/test/testdiscogsimporter.h Examining data/kid3-3.8.4/src/test/testjsonparser.cpp Examining data/kid3-3.8.4/src/test/testjsonparser.h Examining data/kid3-3.8.4/src/test/testmusicbrainzreleaseimporter.cpp Examining data/kid3-3.8.4/src/test/testmusicbrainzreleaseimporter.h Examining data/kid3-3.8.4/src/test/testmusicbrainzreleaseimportparser.cpp Examining data/kid3-3.8.4/src/test/testmusicbrainzreleaseimportparser.h Examining data/kid3-3.8.4/src/test/testserverimporterbase.cpp Examining data/kid3-3.8.4/src/test/testserverimporterbase.h Examining data/kid3-3.8.4/src/test/testutils.cpp Examining data/kid3-3.8.4/src/test/testutils.h FINAL RESULTS: data/kid3-3.8.4/src/core/model/filesystemmodel.cpp:839:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. return QLocale::system().toString(node(index)->lastModified(), QLocale::ShortFormat); data/kid3-3.8.4/src/plugins/kid3qml/scriptutils.cpp:419:27: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. QVariantList ScriptUtils::system( data/kid3-3.8.4/src/plugins/kid3qml/scriptutils.h:281:35: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. Q_INVOKABLE static QVariantList system( data/kid3-3.8.4/src/app/cli/standardiohandler.cpp:140:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t buf[numCharsInBuf]; data/kid3-3.8.4/src/app/kde/kdemainwindow.cpp:80:38: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QAction* action = KStandardAction::open( data/kid3-3.8.4/src/app/kde/kdemainwindow.cpp:83:38: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QAction* action = KStandardAction::open( data/kid3-3.8.4/src/core/export/playlistcreator.cpp:119:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool ok = file.open(QIODevice::WriteOnly); data/kid3-3.8.4/src/core/export/playlistcreator.cpp:230:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::ReadOnly)) { data/kid3-3.8.4/src/core/export/textexporter.cpp:115:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::WriteOnly)) { data/kid3-3.8.4/src/core/model/filesystemmodel.cpp:1751:9: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t name[MAX_PATH + 1]; data/kid3-3.8.4/src/core/model/kid3application.cpp:1208:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::ReadOnly)) { data/kid3-3.8.4/src/core/model/kid3application.cpp:3455:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::WriteOnly)) { data/kid3-3.8.4/src/core/model/kid3application.cpp:3600:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::ReadOnly)) { data/kid3-3.8.4/src/core/model/kid3application.cpp:3676:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::ReadOnly)) { data/kid3-3.8.4/src/core/tags/attributedata.cpp:169:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[16]; data/kid3-3.8.4/src/core/tags/formatreplacer.cpp:57:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char escChar[numEscCodes] = { data/kid3-3.8.4/src/core/tags/genres.h:105:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char s_genreNum[Genres::count + 1]; data/kid3-3.8.4/src/core/tags/pictureframe.cpp:592:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::ReadOnly)) { data/kid3-3.8.4/src/core/tags/pictureframe.cpp:620:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::WriteOnly)) { data/kid3-3.8.4/src/core/utils/coreplatformtools.cpp:228:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::WriteOnly)) data/kid3-3.8.4/src/gui/dialogs/editframefieldsdialog.cpp:1186:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::WriteOnly); data/kid3-3.8.4/src/gui/dialogs/editframefieldsdialog.cpp:1207:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::ReadOnly)) { data/kid3-3.8.4/src/gui/dialogs/editframefieldsdialog.cpp:1249:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::WriteOnly)) { data/kid3-3.8.4/src/gui/dialogs/textimportdialog.cpp:134:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::ReadOnly)) { data/kid3-3.8.4/src/gui/forms/kid3form.cpp:736:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::WriteOnly); data/kid3-3.8.4/src/gui/forms/mprisinterface.cpp:281:35: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_tempCoverArtFile->open(); data/kid3-3.8.4/src/gui/widgets/timeeventeditor.cpp:280:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::ReadOnly)) { data/kid3-3.8.4/src/gui/widgets/timeeventeditor.cpp:306:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::WriteOnly)) { data/kid3-3.8.4/src/plugins/acoustidimport/ffmpegfingerprintdecoder.cpp:140:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open() { data/kid3-3.8.4/src/plugins/acoustidimport/ffmpegfingerprintdecoder.cpp:191:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(samples, m_frame->extended_data[0], planeSize); data/kid3-3.8.4/src/plugins/acoustidimport/ffmpegfingerprintdecoder.cpp:195:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(out, m_frame->extended_data[ch], planeSize); data/kid3-3.8.4/src/plugins/acoustidimport/ffmpegfingerprintdecoder.cpp:213:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(samples, m_frame->extended_data[0], planeSize); data/kid3-3.8.4/src/plugins/acoustidimport/ffmpegfingerprintdecoder.cpp:217:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(out, m_frame->extended_data[ch], planeSize); data/kid3-3.8.4/src/plugins/acoustidimport/ffmpegfingerprintdecoder.cpp:558:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!codec.open() || codec.channels() <= 0) { data/kid3-3.8.4/src/plugins/kid3qml/scriptutils.cpp:200:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::WriteOnly | QIODevice::Truncate)) { data/kid3-3.8.4/src/plugins/kid3qml/scriptutils.cpp:216:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::ReadOnly)) { data/kid3-3.8.4/src/plugins/kid3qml/scriptutils.cpp:557:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::WriteOnly); data/kid3-3.8.4/src/plugins/mp4v2metadata/m4afile.cpp:777:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data.value, value.data(), data.valueSize); data/kid3-3.8.4/src/plugins/oggflacmetadata/oggfile.cpp:185:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (fpIn.open(QIODevice::ReadOnly)) { data/kid3-3.8.4/src/plugins/oggflacmetadata/oggfile.cpp:256:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (fpIn.open(QIODevice::ReadOnly)) { data/kid3-3.8.4/src/plugins/oggflacmetadata/oggfile.cpp:265:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (fpOut.open(QIODevice::WriteOnly)) { data/kid3-3.8.4/src/plugins/oggflacmetadata/oggfile.cpp:878:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (fp.open(QIODevice::ReadOnly)) { data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.c:80:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer->data + buffer->data_len, og->header, data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.c:83:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer->data + buffer->data_len, og->body, data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.c:400:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op->packet, opb.buffer, oggpack_bytes(&opb)); data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.c:622:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->mainbuf, header_main.packet, header_main.bytes); data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.c:668:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->bookbuf, header->packet, data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.c:691:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->vendor, state->vc->vendor, vendor_size); data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsffile.cpp:79:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char raw[8]; data/kid3-3.8.4/src/core/export/playlistcreator.cpp:224:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool PlaylistCreator::read( data/kid3-3.8.4/src/core/export/playlistcreator.h:149:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(const QString& playlistPath, QStringList& filePaths, data/kid3-3.8.4/src/core/model/playlistmodel.cpp:181:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (creator.read(path, filePaths, format, useFullPath, writeInfo)) { data/kid3-3.8.4/src/plugins/acoustidimport/qtfingerprintdecoder.cpp:98:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QAudioBuffer buffer = m_decoder->read(); data/kid3-3.8.4/src/plugins/mp4v2metadata/m4afile.cpp:417:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_fileInfo.read(handle); data/kid3-3.8.4/src/plugins/mp4v2metadata/m4afile.cpp:1412:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool M4aFile::FileInfo::read(MP4FileHandle handle) data/kid3-3.8.4/src/plugins/mp4v2metadata/m4afile.h:234:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(void* handle); data/kid3-3.8.4/src/plugins/oggflacmetadata/flacfile.cpp:158:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (m_chain->read(fnIn)) { data/kid3-3.8.4/src/plugins/oggflacmetadata/oggfile.cpp:64:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). qint64 len = iodev->read(reinterpret_cast<char*>(ptr), size * nmemb); data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.c:380:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oggpack_write(&opb,strlen(vendor),32); data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.c:381:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _v_writestring(&opb,vendor, strlen(vendor)); data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.c:445:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytes = s->read(buffer,1, CHUNKSIZE, s->in); data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.c:517:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytes = state->read(buffer, 1, CHUNKSIZE, state->in); data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.c:595:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytes = state->read(buffer, 1, CHUNKSIZE, state->in); data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.c:678:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytes = state->read(buffer, 1, CHUNKSIZE, state->in); data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.c:689:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vendor_size = strlen(state->vc->vendor) +1; data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.c:874:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytes = state->read(buffer,1, CHUNKSIZE, state->in); data/kid3-3.8.4/src/plugins/oggflacmetadata/vcedit.h:36:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). vcedit_read_func read; data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsffile.cpp:132:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(readProperties, propertiesStyle); data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsffile.cpp:144:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(readProperties, propertiesStyle); data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsffile.cpp:156:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(readProperties, propertiesStyle); data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsffile.cpp:295:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void DSFFile::read(bool readProperties, data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsffile.h:234:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void read(bool readProperties, data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsfproperties.cpp:75:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(); data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsfproperties.cpp:138:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void DSFProperties::read() data/kid3-3.8.4/src/plugins/taglibmetadata/taglibext/dsf/dsfproperties.h:94:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void read(); data/kid3-3.8.4/src/plugins/taglibmetadata/taglibfile.h:435:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void setRead(bool read) { m_read = read; } data/kid3-3.8.4/src/plugins/taglibmetadata/taglibfile.h:435:40: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void setRead(bool read) { m_read = read; } ANALYSIS SUMMARY: Hits = 77 Lines analyzed = 116121 in approximately 2.67 seconds (43438 lines/second) Physical Source Lines of Code (SLOC) = 64123 Hits@level = [0] 3 [1] 28 [2] 46 [3] 0 [4] 3 [5] 0 Hits@level+ = [0+] 80 [1+] 77 [2+] 49 [3+] 3 [4+] 3 [5+] 0 Hits/KSLOC@level+ = [0+] 1.2476 [1+] 1.20082 [2+] 0.764156 [3+] 0.0467851 [4+] 0.0467851 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.