Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/konversation-1.7.7/src/statusbar.h
Examining data/konversation-1.7.7/src/scriptlauncher.cpp
Examining data/konversation-1.7.7/src/queuetuner.h
Examining data/konversation-1.7.7/src/konsolepanel.h
Examining data/konversation-1.7.7/src/ssllabel.h
Examining data/konversation-1.7.7/src/decoder.h
Examining data/konversation-1.7.7/src/common.h
Examining data/konversation-1.7.7/src/identitydialog.h
Examining data/konversation-1.7.7/src/dcc/whiteboardfontchooser.h
Examining data/konversation-1.7.7/src/dcc/recipientdialog.h
Examining data/konversation-1.7.7/src/dcc/whiteboardtoolbar.h
Examining data/konversation-1.7.7/src/dcc/transferview.cpp
Examining data/konversation-1.7.7/src/dcc/transferpanel.cpp
Examining data/konversation-1.7.7/src/dcc/whiteboardpaintarea.h
Examining data/konversation-1.7.7/src/dcc/transferdetailedinfopanel.h
Examining data/konversation-1.7.7/src/dcc/transferdetailedinfopanel.cpp
Examining data/konversation-1.7.7/src/dcc/transferrecv.h
Examining data/konversation-1.7.7/src/dcc/resumedialog.h
Examining data/konversation-1.7.7/src/dcc/transferview.h
Examining data/konversation-1.7.7/src/dcc/chatcontainer.cpp
Examining data/konversation-1.7.7/src/dcc/dcccommon.cpp
Examining data/konversation-1.7.7/src/dcc/transfer.h
Examining data/konversation-1.7.7/src/dcc/dcccommon.h
Examining data/konversation-1.7.7/src/dcc/transferlistmodel.cpp
Examining data/konversation-1.7.7/src/dcc/whiteboardpaintarea.cpp
Examining data/konversation-1.7.7/src/dcc/whiteboard.cpp
Examining data/konversation-1.7.7/src/dcc/transfer.cpp
Examining data/konversation-1.7.7/src/dcc/chat.cpp
Examining data/konversation-1.7.7/src/dcc/chat.h
Examining data/konversation-1.7.7/src/dcc/transferrecv.cpp
Examining data/konversation-1.7.7/src/dcc/transfersend.h
Examining data/konversation-1.7.7/src/dcc/transfermanager.h
Examining data/konversation-1.7.7/src/dcc/resumedialog.cpp
Examining data/konversation-1.7.7/src/dcc/transfermanager.cpp
Examining data/konversation-1.7.7/src/dcc/whiteboardglobals.cpp
Examining data/konversation-1.7.7/src/dcc/recipientdialog.cpp
Examining data/konversation-1.7.7/src/dcc/whiteboardglobals.h
Examining data/konversation-1.7.7/src/dcc/whiteboardtoolbar.cpp
Examining data/konversation-1.7.7/src/dcc/chatcontainer.h
Examining data/konversation-1.7.7/src/dcc/whiteboardcolorchooser.cpp
Examining data/konversation-1.7.7/src/dcc/transfersend.cpp
Examining data/konversation-1.7.7/src/dcc/whiteboard.h
Examining data/konversation-1.7.7/src/dcc/whiteboardfontchooser.cpp
Examining data/konversation-1.7.7/src/dcc/whiteboardcolorchooser.h
Examining data/konversation-1.7.7/src/dcc/dccfiledialog.cpp
Examining data/konversation-1.7.7/src/dcc/transferlistmodel.h
Examining data/konversation-1.7.7/src/dcc/transferpanel.h
Examining data/konversation-1.7.7/src/dcc/dccfiledialog.h
Examining data/konversation-1.7.7/src/common.cpp
Examining data/konversation-1.7.7/src/queuetuner.cpp
Examining data/konversation-1.7.7/src/connectionmanager.h
Examining data/konversation-1.7.7/src/identity.cpp
Examining data/konversation-1.7.7/src/sound.h
Examining data/konversation-1.7.7/src/quickconnectdialog.cpp
Examining data/konversation-1.7.7/src/viewer/statuspanel.cpp
Examining data/konversation-1.7.7/src/viewer/rawlog.h
Examining data/konversation-1.7.7/src/viewer/ignorelistviewitem.cpp
Examining data/konversation-1.7.7/src/viewer/emoticons.cpp
Examining data/konversation-1.7.7/src/viewer/chatwindow.cpp
Examining data/konversation-1.7.7/src/viewer/highlightviewitem.cpp
Examining data/konversation-1.7.7/src/viewer/highlightviewitem.h
Examining data/konversation-1.7.7/src/viewer/topichistoryview.cpp
Examining data/konversation-1.7.7/src/viewer/viewtree.h
Examining data/konversation-1.7.7/src/viewer/channeloptionsdialog.cpp
Examining data/konversation-1.7.7/src/viewer/viewspringloader.cpp
Examining data/konversation-1.7.7/src/viewer/awaylabel.cpp
Examining data/konversation-1.7.7/src/viewer/quickbutton.h
Examining data/konversation-1.7.7/src/viewer/rawlog.cpp
Examining data/konversation-1.7.7/src/viewer/osd.h
Examining data/konversation-1.7.7/src/viewer/editnotifydialog.h
Examining data/konversation-1.7.7/src/viewer/emoticons.h
Examining data/konversation-1.7.7/src/viewer/ircviewbox.cpp
Examining data/konversation-1.7.7/src/viewer/topiclabel.h
Examining data/konversation-1.7.7/src/viewer/highlight.h
Examining data/konversation-1.7.7/src/viewer/irccolorchooser.cpp
Examining data/konversation-1.7.7/src/viewer/logfilereader.cpp
Examining data/konversation-1.7.7/src/viewer/ircviewbox.h
Examining data/konversation-1.7.7/src/viewer/insertchardialog.cpp
Examining data/konversation-1.7.7/src/viewer/quickbutton.cpp
Examining data/konversation-1.7.7/src/viewer/pasteeditor.h
Examining data/konversation-1.7.7/src/viewer/irccontextmenus.h
Examining data/konversation-1.7.7/src/viewer/ircinput.cpp
Examining data/konversation-1.7.7/src/viewer/topicedit.cpp
Examining data/konversation-1.7.7/src/viewer/viewspringloader.h
Examining data/konversation-1.7.7/src/viewer/irccolorchooser.h
Examining data/konversation-1.7.7/src/viewer/highlight.cpp
Examining data/konversation-1.7.7/src/viewer/trayicon.cpp
Examining data/konversation-1.7.7/src/viewer/pasteeditor.cpp
Examining data/konversation-1.7.7/src/viewer/topiclabel.cpp
Examining data/konversation-1.7.7/src/viewer/images.cpp
Examining data/konversation-1.7.7/src/viewer/searchbar.cpp
Examining data/konversation-1.7.7/src/viewer/ircinput.h
Examining data/konversation-1.7.7/src/viewer/topichistoryview.h
Examining data/konversation-1.7.7/src/viewer/ignore.h
Examining data/konversation-1.7.7/src/viewer/statuspanel.h
Examining data/konversation-1.7.7/src/viewer/irccontextmenus.cpp
Examining data/konversation-1.7.7/src/viewer/trayicon.h
Examining data/konversation-1.7.7/src/viewer/viewcontainer.cpp
Examining data/konversation-1.7.7/src/viewer/insertchardialog.h
Examining data/konversation-1.7.7/src/viewer/editnotifydialog.cpp
Examining data/konversation-1.7.7/src/viewer/ircview.cpp
Examining data/konversation-1.7.7/src/viewer/chatwindow.h
Examining data/konversation-1.7.7/src/viewer/images.h
Examining data/konversation-1.7.7/src/viewer/viewcontainer.h
Examining data/konversation-1.7.7/src/viewer/topicedit.h
Examining data/konversation-1.7.7/src/viewer/logfilereader.h
Examining data/konversation-1.7.7/src/viewer/osd.cpp
Examining data/konversation-1.7.7/src/viewer/nickiconset.h
Examining data/konversation-1.7.7/src/viewer/awaylabel.h
Examining data/konversation-1.7.7/src/viewer/searchbar.h
Examining data/konversation-1.7.7/src/viewer/ignore.cpp
Examining data/konversation-1.7.7/src/viewer/viewtree.cpp
Examining data/konversation-1.7.7/src/viewer/nickiconset.cpp
Examining data/konversation-1.7.7/src/viewer/ignorelistviewitem.h
Examining data/konversation-1.7.7/src/viewer/ircview.h
Examining data/konversation-1.7.7/src/viewer/channeloptionsdialog.h
Examining data/konversation-1.7.7/src/dbus.cpp
Examining data/konversation-1.7.7/src/mainwindow.cpp
Examining data/konversation-1.7.7/src/main.cpp
Examining data/konversation-1.7.7/src/konsolepanel.cpp
Examining data/konversation-1.7.7/src/dbus.h
Examining data/konversation-1.7.7/src/awaymanager.cpp
Examining data/konversation-1.7.7/src/mainwindow.h
Examining data/konversation-1.7.7/src/urlcatcher.cpp
Examining data/konversation-1.7.7/src/quickconnectdialog.h
Examining data/konversation-1.7.7/src/ssllabel.cpp
Examining data/konversation-1.7.7/src/connectionsettings.h
Examining data/konversation-1.7.7/src/bookmarkhandler.h
Examining data/konversation-1.7.7/src/scriptlauncher.h
Examining data/konversation-1.7.7/src/sound.cpp
Examining data/konversation-1.7.7/src/urlcatcher.h
Examining data/konversation-1.7.7/src/version.h
Examining data/konversation-1.7.7/src/identity.h
Examining data/konversation-1.7.7/src/cipher.h
Examining data/konversation-1.7.7/src/statusbar.cpp
Examining data/konversation-1.7.7/src/commit.h
Examining data/konversation-1.7.7/src/irc/serversettings.cpp
Examining data/konversation-1.7.7/src/irc/topichistorymodel.cpp
Examining data/konversation-1.7.7/src/irc/nicklistview.cpp
Examining data/konversation-1.7.7/src/irc/inputfilter.h
Examining data/konversation-1.7.7/src/irc/servergroupsettings.cpp
Examining data/konversation-1.7.7/src/irc/nicksonlineitem.cpp
Examining data/konversation-1.7.7/src/irc/servergroupdialog.cpp
Examining data/konversation-1.7.7/src/irc/nicksonline.cpp
Examining data/konversation-1.7.7/src/irc/serverison.cpp
Examining data/konversation-1.7.7/src/irc/nick.cpp
Examining data/konversation-1.7.7/src/irc/modebutton.cpp
Examining data/konversation-1.7.7/src/irc/nicklistview.h
Examining data/konversation-1.7.7/src/irc/serverlistdialog.cpp
Examining data/konversation-1.7.7/src/irc/replycodes.h
Examining data/konversation-1.7.7/src/irc/server.h
Examining data/konversation-1.7.7/src/irc/serverlistview.cpp
Examining data/konversation-1.7.7/src/irc/joinchanneldialog.cpp
Examining data/konversation-1.7.7/src/irc/channellistpanel.h
Examining data/konversation-1.7.7/src/irc/channel.cpp
Examining data/konversation-1.7.7/src/irc/ircqueue.cpp
Examining data/konversation-1.7.7/src/irc/outputfilter.cpp
Examining data/konversation-1.7.7/src/irc/query.h
Examining data/konversation-1.7.7/src/irc/channellistpanel.cpp
Examining data/konversation-1.7.7/src/irc/server.cpp
Examining data/konversation-1.7.7/src/irc/nickinfo.h
Examining data/konversation-1.7.7/src/irc/serverlistview.h
Examining data/konversation-1.7.7/src/irc/nicksonlineitem.h
Examining data/konversation-1.7.7/src/irc/irccharsets.cpp
Examining data/konversation-1.7.7/src/irc/channelnick.cpp
Examining data/konversation-1.7.7/src/irc/serverison.h
Examining data/konversation-1.7.7/src/irc/channel.h
Examining data/konversation-1.7.7/src/irc/invitedialog.h
Examining data/konversation-1.7.7/src/irc/serversettings.h
Examining data/konversation-1.7.7/src/irc/topichistorymodel.h
Examining data/konversation-1.7.7/src/irc/servergroupsettings.h
Examining data/konversation-1.7.7/src/irc/modebutton.h
Examining data/konversation-1.7.7/src/irc/irccharsets.h
Examining data/konversation-1.7.7/src/irc/ircqueue.h
Examining data/konversation-1.7.7/src/irc/outputfilterresolvejob.cpp
Examining data/konversation-1.7.7/src/irc/invitedialog.cpp
Examining data/konversation-1.7.7/src/irc/outputfilterresolvejob.h
Examining data/konversation-1.7.7/src/irc/outputfilter.h
Examining data/konversation-1.7.7/src/irc/nick.h
Examining data/konversation-1.7.7/src/irc/joinchanneldialog.h
Examining data/konversation-1.7.7/src/irc/query.cpp
Examining data/konversation-1.7.7/src/irc/channelnick.h
Examining data/konversation-1.7.7/src/irc/servergroupdialog.h
Examining data/konversation-1.7.7/src/irc/nickinfo.cpp
Examining data/konversation-1.7.7/src/irc/serverlistdialog.h
Examining data/konversation-1.7.7/src/irc/nicksonline.h
Examining data/konversation-1.7.7/src/irc/inputfilter.cpp
Examining data/konversation-1.7.7/src/notificationhandler.h
Examining data/konversation-1.7.7/src/application.h
Examining data/konversation-1.7.7/src/upnp/upnpdescriptionparser.cpp
Examining data/konversation-1.7.7/src/upnp/upnpmcastsocket.cpp
Examining data/konversation-1.7.7/src/upnp/upnprouter.h
Examining data/konversation-1.7.7/src/upnp/upnprouter.cpp
Examining data/konversation-1.7.7/src/upnp/upnpmcastsocket.h
Examining data/konversation-1.7.7/src/upnp/soap.h
Examining data/konversation-1.7.7/src/upnp/soap.cpp
Examining data/konversation-1.7.7/src/upnp/upnpdescriptionparser.h
Examining data/konversation-1.7.7/src/guess_ja.h
Examining data/konversation-1.7.7/src/cipher.cpp
Examining data/konversation-1.7.7/src/awaymanager.h
Examining data/konversation-1.7.7/src/application.cpp
Examining data/konversation-1.7.7/src/config/quickbuttons_config.h
Examining data/konversation-1.7.7/src/config/alias_config.h
Examining data/konversation-1.7.7/src/config/settingsdialog.cpp
Examining data/konversation-1.7.7/src/config/nicklistbehavior_config.h
Examining data/konversation-1.7.7/src/config/nicklistbehavior_config.cpp
Examining data/konversation-1.7.7/src/config/autoreplace_config.h
Examining data/konversation-1.7.7/src/config/quickbuttons_config.cpp
Examining data/konversation-1.7.7/src/config/tabs_config.h
Examining data/konversation-1.7.7/src/config/settingspage.h
Examining data/konversation-1.7.7/src/config/warnings_config.cpp
Examining data/konversation-1.7.7/src/config/osd_config.h
Examining data/konversation-1.7.7/src/config/ignore_config.cpp
Examining data/konversation-1.7.7/src/config/alias_config.cpp
Examining data/konversation-1.7.7/src/config/highlight_config.h
Examining data/konversation-1.7.7/src/config/connectionbehavior_config.cpp
Examining data/konversation-1.7.7/src/config/dcc_config.cpp
Examining data/konversation-1.7.7/src/config/highlighttreewidget.h
Examining data/konversation-1.7.7/src/config/tabs_config.cpp
Examining data/konversation-1.7.7/src/config/osd_config.cpp
Examining data/konversation-1.7.7/src/config/highlighttreewidget.cpp
Examining data/konversation-1.7.7/src/config/warnings_config.h
Examining data/konversation-1.7.7/src/config/configdialog.h
Examining data/konversation-1.7.7/src/config/theme_config.h
Examining data/konversation-1.7.7/src/config/connectionbehavior_config.h
Examining data/konversation-1.7.7/src/config/ignore_config.h
Examining data/konversation-1.7.7/src/config/highlight_config.cpp
Examining data/konversation-1.7.7/src/config/configdialog.cpp
Examining data/konversation-1.7.7/src/config/settingsdialog.h
Examining data/konversation-1.7.7/src/config/theme_config.cpp
Examining data/konversation-1.7.7/src/config/preferences.h
Examining data/konversation-1.7.7/src/config/autoreplace_config.cpp
Examining data/konversation-1.7.7/src/config/dcc_config.h
Examining data/konversation-1.7.7/src/config/preferences.cpp
Examining data/konversation-1.7.7/src/unicode.cpp
Examining data/konversation-1.7.7/src/guess_ja.cpp
Examining data/konversation-1.7.7/src/connectionmanager.cpp
Examining data/konversation-1.7.7/src/identitydialog.cpp
Examining data/konversation-1.7.7/src/connectionsettings.cpp
Examining data/konversation-1.7.7/src/notificationhandler.cpp
Examining data/konversation-1.7.7/src/bookmarkhandler.cpp
FINAL RESULTS:
data/konversation-1.7.7/src/config/configdialog.cpp:57:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
genericName.sprintf("SettingsDialog-%p", static_cast<void *>(q));
data/konversation-1.7.7/src/irc/irccharsets.cpp:100:22: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (QLocale::system().name() == QStringLiteral("ja_JP"))
data/konversation-1.7.7/src/config/theme_config.cpp:198:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpFile.open(); // create the file, and thus create tmpFile.fileName
data/konversation-1.7.7/src/config/theme_config.cpp:261:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
themeArchive->open(QIODevice::ReadOnly);
data/konversation-1.7.7/src/config/theme_config.cpp:353:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!themeRC.open(QIODevice::ReadOnly | QIODevice::WriteOnly))
data/konversation-1.7.7/src/config/warnings_config.cpp:215:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * const message(warningDialogDefinitions[i].message);
data/konversation-1.7.7/src/config/warnings_config.cpp:216:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * const ctx(warningDialogDefinitions[i].context);
data/konversation-1.7.7/src/dcc/dcccommon.cpp:126:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sock, &ifr.ifr_addr, sizeof(ifr.ifr_addr));
data/konversation-1.7.7/src/dcc/transferpanel.cpp:177:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open |= (type == Transfer::Send ||
data/konversation-1.7.7/src/dcc/transferpanel.cpp:198:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_open->setEnabled(open);
data/konversation-1.7.7/src/dcc/transfersend.cpp:224:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_tmpFile->open(); // create the file, and thus create m_tmpFile.fileName
data/konversation-1.7.7/src/dcc/transfersend.cpp:493:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (m_file.open(QIODevice::ReadOnly))
data/konversation-1.7.7/src/guess_ja.h:48:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef signed char dfa_table[256];
data/konversation-1.7.7/src/irc/channellistpanel.cpp:390:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
listFile.open(QIODevice::WriteOnly);
data/konversation-1.7.7/src/irc/inputfilter.cpp:1048:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode(modeString[index].toLatin1());
data/konversation-1.7.7/src/irc/inputfilter.cpp:2314:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mode(modestring[index].toLatin1());
data/konversation-1.7.7/src/irc/nicklistview.cpp:139:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::WriteOnly);
data/konversation-1.7.7/src/queuetuner.cpp:140:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void QueueTuner::open()
data/konversation-1.7.7/src/queuetuner.h:42:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual void open();
data/konversation-1.7.7/src/upnp/upnpdescriptionparser.cpp:66:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!fptr.open(QIODevice::ReadOnly))
data/konversation-1.7.7/src/urlcatcher.cpp:361:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::WriteOnly);
data/konversation-1.7.7/src/viewer/chatwindow.cpp:390:49: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((getType() != Status) && logfile.open(QIODevice::ReadOnly))
data/konversation-1.7.7/src/viewer/chatwindow.cpp:502:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(logfile.open(QIODevice::WriteOnly | QIODevice::Append))
data/konversation-1.7.7/src/viewer/logfilereader.cpp:113:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(file.open(QIODevice::ReadOnly))
data/konversation-1.7.7/src/viewer/rawlog.cpp:74:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexbuf[4]="%00";
data/konversation-1.7.7/src/viewer/viewcontainer.cpp:169:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_queueTuner->open();
data/konversation-1.7.7/src/dcc/dcccommon.cpp:120:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, address, IF_NAMESIZE);
data/konversation-1.7.7/src/dcc/transferrecv.cpp:755:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
qint64 actual = m_recvSocket->read(m_buffer, m_bufferSize);
data/konversation-1.7.7/src/dcc/transfersend.cpp:538:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
qint64 actual = m_file.read(m_buffer, m_bufferSize);
data/konversation-1.7.7/src/dcc/transfersend.cpp:557:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_sendSocket->read((char*)&pos, 4);
data/konversation-1.7.7/src/upnp/upnpmcastsocket.cpp:75:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
writeDatagram(data,strlen(data),QHostAddress("239.255.255.250"),1900);
ANALYSIS SUMMARY:
Hits = 31
Lines analyzed = 64453 in approximately 2.76 seconds (23346 lines/second)
Physical Source Lines of Code (SLOC) = 46250
Hits@level = [0] 0 [1] 5 [2] 24 [3] 0 [4] 2 [5] 0
Hits@level+ = [0+] 31 [1+] 31 [2+] 26 [3+] 2 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 0.67027 [1+] 0.67027 [2+] 0.562162 [3+] 0.0432432 [4+] 0.0432432 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.