Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/kiten-20.08.3/lib/dictionarypreferencedialog.h Examining data/kiten-20.08.3/lib/entrylist.h Examining data/kiten-20.08.3/lib/DictKanjidic/entrykanjidic.cpp Examining data/kiten-20.08.3/lib/DictKanjidic/dictfilekanjidic.cpp Examining data/kiten-20.08.3/lib/DictKanjidic/dictfilekanjidic.h Examining data/kiten-20.08.3/lib/DictKanjidic/entrykanjidic.h Examining data/kiten-20.08.3/lib/kitenmacros.h Examining data/kiten-20.08.3/lib/dictionarymanager.cpp Examining data/kiten-20.08.3/lib/kromajiedit.h Examining data/kiten-20.08.3/lib/entry.cpp Examining data/kiten-20.08.3/lib/dictquery.cpp Examining data/kiten-20.08.3/lib/entrylist.cpp Examining data/kiten-20.08.3/lib/DictEdict/indexededictfile.h Examining data/kiten-20.08.3/lib/DictEdict/entryedict.cpp Examining data/kiten-20.08.3/lib/DictEdict/linearedictfile.cpp Examining data/kiten-20.08.3/lib/DictEdict/dictfileedict.cpp Examining data/kiten-20.08.3/lib/DictEdict/linearedictfile.h Examining data/kiten-20.08.3/lib/DictEdict/dictfilefieldselector.h Examining data/kiten-20.08.3/lib/DictEdict/entryedict.h Examining data/kiten-20.08.3/lib/DictEdict/dictfileedict.h Examining data/kiten-20.08.3/lib/DictEdict/indexededictfile.cpp Examining data/kiten-20.08.3/lib/DictEdict/dictfilefieldselector.cpp Examining data/kiten-20.08.3/lib/DictEdict/deinflection.cpp Examining data/kiten-20.08.3/lib/DictEdict/deinflection.h Examining data/kiten-20.08.3/lib/dictquery.h Examining data/kiten-20.08.3/lib/kromajiedit.cpp Examining data/kiten-20.08.3/lib/historyptrlist.h Examining data/kiten-20.08.3/lib/dictionarymanager.h Examining data/kiten-20.08.3/lib/entry.h Examining data/kiten-20.08.3/lib/dictfile.h Examining data/kiten-20.08.3/lib/dictionarypreferencedialog.cpp Examining data/kiten-20.08.3/lib/historyptrlist.cpp Examining data/kiten-20.08.3/app/entrylistview.h Examining data/kiten-20.08.3/app/configuredialog.h Examining data/kiten-20.08.3/app/configsortingpage.cpp Examining data/kiten-20.08.3/app/wordtype.cpp Examining data/kiten-20.08.3/app/kiten.cpp Examining data/kiten-20.08.3/app/dictionaryupdatemanager.h Examining data/kiten-20.08.3/app/configdictionaryselector.cpp Examining data/kiten-20.08.3/app/entrylistmodel.cpp Examining data/kiten-20.08.3/app/kiten.h Examining data/kiten-20.08.3/app/resultsview.cpp Examining data/kiten-20.08.3/app/wordtype.h Examining data/kiten-20.08.3/app/main.cpp Examining data/kiten-20.08.3/app/searchstringinput.cpp Examining data/kiten-20.08.3/app/entrylistmodel.h Examining data/kiten-20.08.3/app/configuredialog.cpp Examining data/kiten-20.08.3/app/resultsview.h Examining data/kiten-20.08.3/app/dictionaryupdatemanager.cpp Examining data/kiten-20.08.3/app/configdictionaryselector.h Examining data/kiten-20.08.3/app/entrylistview.cpp Examining data/kiten-20.08.3/app/configsortingpage.h Examining data/kiten-20.08.3/app/searchstringinput.h Examining data/kiten-20.08.3/radselect/radselectview.cpp Examining data/kiten-20.08.3/radselect/radselect.h Examining data/kiten-20.08.3/radselect/radicalbutton.cpp Examining data/kiten-20.08.3/radselect/radical.cpp Examining data/kiten-20.08.3/radselect/buttongrid.cpp Examining data/kiten-20.08.3/radselect/radicalbutton.h Examining data/kiten-20.08.3/radselect/radselect.cpp Examining data/kiten-20.08.3/radselect/radical.h Examining data/kiten-20.08.3/radselect/main.cpp Examining data/kiten-20.08.3/radselect/kanji.h Examining data/kiten-20.08.3/radselect/radicalfile.cpp Examining data/kiten-20.08.3/radselect/radicalfile.h Examining data/kiten-20.08.3/radselect/buttongrid.h Examining data/kiten-20.08.3/radselect/radselectview.h Examining data/kiten-20.08.3/radselect/kanji.cpp Examining data/kiten-20.08.3/kanjibrowser/kanjibrowserview.h Examining data/kiten-20.08.3/kanjibrowser/kanjibrowserview.cpp Examining data/kiten-20.08.3/kanjibrowser/kanjibrowser.cpp Examining data/kiten-20.08.3/kanjibrowser/main.cpp Examining data/kiten-20.08.3/kanjibrowser/kanjibrowser.h Examining data/kiten-20.08.3/xjdxgen.c FINAL RESULTS: data/kiten-20.08.3/xjdxgen.c:219:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*)currstr,(char*)(currstr+1)); data/kiten-20.08.3/app/dictionaryupdatemanager.cpp:101:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( ! tempFile.open() ) data/kiten-20.08.3/app/dictionaryupdatemanager.cpp:194:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( ! file.open( QIODevice::ReadOnly | QIODevice::Text ) ) data/kiten-20.08.3/app/dictionaryupdatemanager.cpp:249:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( ! compressedFile.open() ) data/kiten-20.08.3/app/dictionaryupdatemanager.cpp:267:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( ! device->open( QIODevice::ReadOnly ) ) data/kiten-20.08.3/app/dictionaryupdatemanager.cpp:288:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( ! dictionary.open( QIODevice::WriteOnly ) ) data/kiten-20.08.3/lib/DictEdict/deinflection.cpp:183:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( ! f.open( QIODevice::ReadOnly ) ) data/kiten-20.08.3/lib/DictEdict/dictfileedict.cpp:351:33: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( ! file.exists() || ! file.open( QIODevice::ReadOnly ) ) data/kiten-20.08.3/lib/DictEdict/indexededictfile.cpp:322:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( ! m_dictFile.open( QIODevice::ReadOnly ) ) data/kiten-20.08.3/lib/DictEdict/indexededictfile.cpp:327:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( m_indexFile.open( QIODevice::ReadOnly ) ) data/kiten-20.08.3/lib/DictEdict/linearedictfile.cpp:66:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( ! file.open( QIODevice::ReadOnly | QIODevice::Text ) ) data/kiten-20.08.3/lib/DictKanjidic/dictfilekanjidic.cpp:172:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( ! dictionary.open( QIODevice::ReadOnly | QIODevice::Text ) ) data/kiten-20.08.3/lib/DictKanjidic/dictfilekanjidic.cpp:268:33: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( ! file.exists() || ! file.open( QIODevice::ReadOnly ) ) data/kiten-20.08.3/lib/kromajiedit.cpp:50:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( ! f.open( QIODevice::ReadOnly ) ) data/kiten-20.08.3/radselect/radicalfile.cpp:62:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( ! f.open( QIODevice::ReadOnly ) ) data/kiten-20.08.3/xjdxgen.c:115:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(JDXname,"wb"); data/kiten-20.08.3/xjdxgen.c:153:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char currstr[TOKENLIM]; /* String that we're currently getting */ data/kiten-20.08.3/xjdxgen.c:280:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp=fopen(dictName,"rb"); data/kiten-20.08.3/lib/DictEdict/indexededictfile.cpp:79:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if( 4 == m_indexFile.read( reinterpret_cast<char*>( &indexVersionTest ), 4 ) ) data/kiten-20.08.3/xjdxgen.c:195:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen((const char*)currstr) <= 2) && (currstr[0] < 127)) data/kiten-20.08.3/xjdxgen.c:201:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen((const char*)currstr) == 2) && (currstr[1] <= '9')) data/kiten-20.08.3/xjdxgen.c:239:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for ( ; i < strlen((const char*)currstr); i+=2) ANALYSIS SUMMARY: Hits = 22 Lines analyzed = 13096 in approximately 4.25 seconds (3084 lines/second) Physical Source Lines of Code (SLOC) = 7624 Hits@level = [0] 17 [1] 4 [2] 17 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 39 [1+] 22 [2+] 18 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 5.11542 [1+] 2.88562 [2+] 2.36097 [3+] 0.131165 [4+] 0.131165 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.