stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/krfb-20.08.2/events/xdp/xdpevents.cpp
Examining data/krfb-20.08.2/events/xdp/xdpeventsplugin.h
Examining data/krfb-20.08.2/events/xdp/xdpevents.h
Examining data/krfb-20.08.2/events/xdp/xdpeventsplugin.cpp
Examining data/krfb-20.08.2/events/x11/x11events.h
Examining data/krfb-20.08.2/events/x11/x11eventsplugin.h
Examining data/krfb-20.08.2/events/x11/x11events.cpp
Examining data/krfb-20.08.2/events/x11/x11eventsplugin.cpp
Examining data/krfb-20.08.2/krfb/framebuffermanager.cpp
Examining data/krfb-20.08.2/krfb/framebufferplugin.cpp
Examining data/krfb-20.08.2/krfb/rfbclient.cpp
Examining data/krfb-20.08.2/krfb/events.cpp
Examining data/krfb-20.08.2/krfb/mainwindow.h
Examining data/krfb-20.08.2/krfb/eventsplugin.h
Examining data/krfb-20.08.2/krfb/rfbserver.h
Examining data/krfb-20.08.2/krfb/eventsmanager.cpp
Examining data/krfb-20.08.2/krfb/sockethelpers.h
Examining data/krfb-20.08.2/krfb/trayicon.h
Examining data/krfb-20.08.2/krfb/rfb.h
Examining data/krfb-20.08.2/krfb/framebuffer.h
Examining data/krfb-20.08.2/krfb/framebuffermanager.h
Examining data/krfb-20.08.2/krfb/sockethelpers.cpp
Examining data/krfb-20.08.2/krfb/framebufferplugin.h
Examining data/krfb-20.08.2/krfb/eventsmanager.h
Examining data/krfb-20.08.2/krfb/mainwindow.cpp
Examining data/krfb-20.08.2/krfb/eventsplugin.cpp
Examining data/krfb-20.08.2/krfb/rfbservermanager.h
Examining data/krfb-20.08.2/krfb/events.h
Examining data/krfb-20.08.2/krfb/connectiondialog.h
Examining data/krfb-20.08.2/krfb/connectiondialog.cpp
Examining data/krfb-20.08.2/krfb/rfbserver.cpp
Examining data/krfb-20.08.2/krfb/main.cpp
Examining data/krfb-20.08.2/krfb/invitationsrfbserver.h
Examining data/krfb-20.08.2/krfb/rfbservermanager.cpp
Examining data/krfb-20.08.2/krfb/framebuffer.cpp
Examining data/krfb-20.08.2/krfb/invitationsrfbclient.cpp
Examining data/krfb-20.08.2/krfb/rfbclient.h
Examining data/krfb-20.08.2/krfb/invitationsrfbserver.cpp
Examining data/krfb-20.08.2/krfb/trayicon.cpp
Examining data/krfb-20.08.2/krfb/invitationsrfbclient.h
Examining data/krfb-20.08.2/framebuffers/qt/qtframebufferplugin.h
Examining data/krfb-20.08.2/framebuffers/qt/qtframebuffer.h
Examining data/krfb-20.08.2/framebuffers/qt/qtframebuffer.cpp
Examining data/krfb-20.08.2/framebuffers/qt/qtframebufferplugin.cpp
Examining data/krfb-20.08.2/framebuffers/xcb/xcb_framebufferplugin.cpp
Examining data/krfb-20.08.2/framebuffers/xcb/xcb_framebuffer.h
Examining data/krfb-20.08.2/framebuffers/xcb/xcb_framebuffer.cpp
Examining data/krfb-20.08.2/framebuffers/xcb/xcb_framebufferplugin.h
Examining data/krfb-20.08.2/framebuffers/pipewire/pw_framebuffer.cpp
Examining data/krfb-20.08.2/framebuffers/pipewire/pw_framebufferplugin.cpp
Examining data/krfb-20.08.2/framebuffers/pipewire/pw_framebuffer.h
Examining data/krfb-20.08.2/framebuffers/pipewire/pw_framebufferplugin.h

FINAL RESULTS:

data/krfb-20.08.2/events/x11/x11events.cpp:48:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    signed char modifiers[0x100];
data/krfb-20.08.2/framebuffers/pipewire/pw_framebuffer.cpp:780:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    std::memcpy(q->fb, src, maxSize);
data/krfb-20.08.2/framebuffers/qt/qtframebuffer.cpp:112:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(fb, img.bits(), static_cast<size_t>(img.sizeInBytes()));
data/krfb-20.08.2/framebuffers/qt/qtframebuffer.cpp:114:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(fb, img.bits(), img.byteCount());
data/krfb-20.08.2/framebuffers/xcb/xcb_framebuffer.cpp:588:29:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                            memcpy(dest, src, d->updateTile->stride);  // copy whole row of pixels
data/krfb-20.08.2/framebuffers/xcb/xcb_framebuffer.cpp:624:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(dest, src, damagedImage->stride);
data/krfb-20.08.2/krfb/rfbclient.cpp:220:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char passwd[MAXPWLEN+1]; // +1 to make sure there's a nullptr at the end
data/krfb-20.08.2/krfb/rfbclient.cpp:221:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char challenge[CHALLENGESIZE];
data/krfb-20.08.2/krfb/rfbclient.cpp:223:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(challenge, m_rfbClient->authChallenge, CHALLENGESIZE);
data/krfb-20.08.2/krfb/sockethelpers.cpp:43:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char inetbuf[ADDR_SIZE];
data/krfb-20.08.2/krfb/sockethelpers.cpp:82:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char inetbuf[ADDR_SIZE];
data/krfb-20.08.2/krfb/rfbclient.cpp:227:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(passwd, password.constData(),
data/krfb-20.08.2/krfb/rfbserver.cpp:112:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(d->screen->thisHost, listeningAddress().constData(), 254);

ANALYSIS SUMMARY:

Hits = 13
Lines analyzed = 6177 in approximately 0.95 seconds (6488 lines/second)
Physical Source Lines of Code (SLOC) = 3902
Hits@level = [0]   0 [1]   2 [2]  11 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  13 [1+]  13 [2+]  11 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 3.33162 [1+] 3.33162 [2+] 2.81907 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.