Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/krfb-20.08.2/events/xdp/xdpevents.cpp Examining data/krfb-20.08.2/events/xdp/xdpeventsplugin.h Examining data/krfb-20.08.2/events/xdp/xdpevents.h Examining data/krfb-20.08.2/events/xdp/xdpeventsplugin.cpp Examining data/krfb-20.08.2/events/x11/x11events.h Examining data/krfb-20.08.2/events/x11/x11eventsplugin.h Examining data/krfb-20.08.2/events/x11/x11events.cpp Examining data/krfb-20.08.2/events/x11/x11eventsplugin.cpp Examining data/krfb-20.08.2/krfb/framebuffermanager.cpp Examining data/krfb-20.08.2/krfb/framebufferplugin.cpp Examining data/krfb-20.08.2/krfb/rfbclient.cpp Examining data/krfb-20.08.2/krfb/events.cpp Examining data/krfb-20.08.2/krfb/mainwindow.h Examining data/krfb-20.08.2/krfb/eventsplugin.h Examining data/krfb-20.08.2/krfb/rfbserver.h Examining data/krfb-20.08.2/krfb/eventsmanager.cpp Examining data/krfb-20.08.2/krfb/sockethelpers.h Examining data/krfb-20.08.2/krfb/trayicon.h Examining data/krfb-20.08.2/krfb/rfb.h Examining data/krfb-20.08.2/krfb/framebuffer.h Examining data/krfb-20.08.2/krfb/framebuffermanager.h Examining data/krfb-20.08.2/krfb/sockethelpers.cpp Examining data/krfb-20.08.2/krfb/framebufferplugin.h Examining data/krfb-20.08.2/krfb/eventsmanager.h Examining data/krfb-20.08.2/krfb/mainwindow.cpp Examining data/krfb-20.08.2/krfb/eventsplugin.cpp Examining data/krfb-20.08.2/krfb/rfbservermanager.h Examining data/krfb-20.08.2/krfb/events.h Examining data/krfb-20.08.2/krfb/connectiondialog.h Examining data/krfb-20.08.2/krfb/connectiondialog.cpp Examining data/krfb-20.08.2/krfb/rfbserver.cpp Examining data/krfb-20.08.2/krfb/main.cpp Examining data/krfb-20.08.2/krfb/invitationsrfbserver.h Examining data/krfb-20.08.2/krfb/rfbservermanager.cpp Examining data/krfb-20.08.2/krfb/framebuffer.cpp Examining data/krfb-20.08.2/krfb/invitationsrfbclient.cpp Examining data/krfb-20.08.2/krfb/rfbclient.h Examining data/krfb-20.08.2/krfb/invitationsrfbserver.cpp Examining data/krfb-20.08.2/krfb/trayicon.cpp Examining data/krfb-20.08.2/krfb/invitationsrfbclient.h Examining data/krfb-20.08.2/framebuffers/qt/qtframebufferplugin.h Examining data/krfb-20.08.2/framebuffers/qt/qtframebuffer.h Examining data/krfb-20.08.2/framebuffers/qt/qtframebuffer.cpp Examining data/krfb-20.08.2/framebuffers/qt/qtframebufferplugin.cpp Examining data/krfb-20.08.2/framebuffers/xcb/xcb_framebufferplugin.cpp Examining data/krfb-20.08.2/framebuffers/xcb/xcb_framebuffer.h Examining data/krfb-20.08.2/framebuffers/xcb/xcb_framebuffer.cpp Examining data/krfb-20.08.2/framebuffers/xcb/xcb_framebufferplugin.h Examining data/krfb-20.08.2/framebuffers/pipewire/pw_framebuffer.cpp Examining data/krfb-20.08.2/framebuffers/pipewire/pw_framebufferplugin.cpp Examining data/krfb-20.08.2/framebuffers/pipewire/pw_framebuffer.h Examining data/krfb-20.08.2/framebuffers/pipewire/pw_framebufferplugin.h FINAL RESULTS: data/krfb-20.08.2/events/x11/x11events.cpp:48:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. signed char modifiers[0x100]; data/krfb-20.08.2/framebuffers/pipewire/pw_framebuffer.cpp:780:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(q->fb, src, maxSize); data/krfb-20.08.2/framebuffers/qt/qtframebuffer.cpp:112:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fb, img.bits(), static_cast<size_t>(img.sizeInBytes())); data/krfb-20.08.2/framebuffers/qt/qtframebuffer.cpp:114:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fb, img.bits(), img.byteCount()); data/krfb-20.08.2/framebuffers/xcb/xcb_framebuffer.cpp:588:29: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, src, d->updateTile->stride); // copy whole row of pixels data/krfb-20.08.2/framebuffers/xcb/xcb_framebuffer.cpp:624:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, src, damagedImage->stride); data/krfb-20.08.2/krfb/rfbclient.cpp:220:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char passwd[MAXPWLEN+1]; // +1 to make sure there's a nullptr at the end data/krfb-20.08.2/krfb/rfbclient.cpp:221:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char challenge[CHALLENGESIZE]; data/krfb-20.08.2/krfb/rfbclient.cpp:223:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(challenge, m_rfbClient->authChallenge, CHALLENGESIZE); data/krfb-20.08.2/krfb/sockethelpers.cpp:43:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inetbuf[ADDR_SIZE]; data/krfb-20.08.2/krfb/sockethelpers.cpp:82:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inetbuf[ADDR_SIZE]; data/krfb-20.08.2/krfb/rfbclient.cpp:227:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(passwd, password.constData(), data/krfb-20.08.2/krfb/rfbserver.cpp:112:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(d->screen->thisHost, listeningAddress().constData(), 254); ANALYSIS SUMMARY: Hits = 13 Lines analyzed = 6177 in approximately 0.95 seconds (6488 lines/second) Physical Source Lines of Code (SLOC) = 3902 Hits@level = [0] 0 [1] 2 [2] 11 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 13 [1+] 13 [2+] 11 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 3.33162 [1+] 3.33162 [2+] 2.81907 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.