Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/kwayland-server-5.19.5/autotests/server/test_tablet_interface.cpp Examining data/kwayland-server-5.19.5/autotests/server/surfaceextension_helper.cpp Examining data/kwayland-server-5.19.5/autotests/server/test_qt_surface_extension.cpp Examining data/kwayland-server-5.19.5/autotests/server/test_no_xdg_runtime_dir.cpp Examining data/kwayland-server-5.19.5/autotests/server/test_seat.cpp Examining data/kwayland-server-5.19.5/autotests/server/test_display.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_xdg_shell_v6.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_text_input.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_wayland_shell.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_xdg_shell_v5.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_wayland_outputdevice.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_wayland_connection_thread.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_xdg_foreign.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_wayland_filter.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_fake_input.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_pointer_constraints.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_drag_drop.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_wayland_blur.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_selection.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_xdg_shell.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_wayland_subsurface.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_server_side_decoration.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_wayland_surface.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_xdg_shell.h Examining data/kwayland-server-5.19.5/autotests/client/test_wayland_outputmanagement.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_xdg_output.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_plasma_virtual_desktop.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_compositor.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_wayland_fullscreen_shell.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_server_side_decoration_palette.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_shadow.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_xdg_decoration.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_wayland_region.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_shm_pool.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_wayland_seat.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_wayland_output.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_datadevice.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_idle.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_plasmashell.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_xdg_shell_stable.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_wayland_registry.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_remote_access.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_wayland_windowmanagement.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_error.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_wayland_appmenu.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_datasource.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_wayland_subcompositor.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_wayland_slide.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_wayland_contrast.cpp Examining data/kwayland-server-5.19.5/autotests/client/test_plasma_window_model.cpp Examining data/kwayland-server-5.19.5/tests/copyclient.cpp Examining data/kwayland-server-5.19.5/tests/subsurfacetest.cpp Examining data/kwayland-server-5.19.5/tests/qtwaylandintegrationtest.h Examining data/kwayland-server-5.19.5/tests/qtwaylandintegrationtest.cpp Examining data/kwayland-server-5.19.5/tests/touchclienttest.cpp Examining data/kwayland-server-5.19.5/tests/dpmstest.cpp Examining data/kwayland-server-5.19.5/tests/renderingservertest.cpp Examining data/kwayland-server-5.19.5/tests/paneltest.cpp Examining data/kwayland-server-5.19.5/tests/touchclienttest.h Examining data/kwayland-server-5.19.5/tests/pasteclient.cpp Examining data/kwayland-server-5.19.5/tests/shadowtest.cpp Examining data/kwayland-server-5.19.5/tests/waylandservertest.cpp Examining data/kwayland-server-5.19.5/tests/plasmasurfacetest.cpp Examining data/kwayland-server-5.19.5/tests/xdgtest.cpp Examining data/kwayland-server-5.19.5/tests/xdgforeigntest.cpp Examining data/kwayland-server-5.19.5/src/compat/wayland-xdg-shell-v5-client-protocol.h Examining data/kwayland-server-5.19.5/src/compat/wayland-xdg-shell-v5-protocol.c Examining data/kwayland-server-5.19.5/src/compat/wayland-xdg-shell-v5-server-protocol.h Examining data/kwayland-server-5.19.5/src/server/server_decoration_palette_interface.cpp Examining data/kwayland-server-5.19.5/src/server/idle_interface.cpp Examining data/kwayland-server-5.19.5/src/server/textinput_interface_v0.cpp Examining data/kwayland-server-5.19.5/src/server/compositor_interface.cpp Examining data/kwayland-server-5.19.5/src/server/textinput_interface_v2.cpp Examining data/kwayland-server-5.19.5/src/server/pointerconstraints_interface_p.h Examining data/kwayland-server-5.19.5/src/server/slide_interface.h Examining data/kwayland-server-5.19.5/src/server/xdgshell_v5_interface_p.h Examining data/kwayland-server-5.19.5/src/server/filtered_display.h Examining data/kwayland-server-5.19.5/src/server/server_decoration_interface.h Examining data/kwayland-server-5.19.5/src/server/surface_interface.h Examining data/kwayland-server-5.19.5/src/server/pointerconstraints_interface_v1.cpp Examining data/kwayland-server-5.19.5/src/server/contrast_interface.cpp Examining data/kwayland-server-5.19.5/src/server/surface_interface_p.h Examining data/kwayland-server-5.19.5/src/server/datadevice_interface.h Examining data/kwayland-server-5.19.5/src/server/linuxdmabuf_v1_interface.cpp Examining data/kwayland-server-5.19.5/src/server/xdgshell_stable_interface_p.h Examining data/kwayland-server-5.19.5/src/server/xdgforeign_interface.cpp Examining data/kwayland-server-5.19.5/src/server/pointerconstraints_interface.h Examining data/kwayland-server-5.19.5/src/server/global_p.h Examining data/kwayland-server-5.19.5/src/server/outputconfiguration_interface.cpp Examining data/kwayland-server-5.19.5/src/server/outputmanagement_interface.cpp Examining data/kwayland-server-5.19.5/src/server/seat_interface.h Examining data/kwayland-server-5.19.5/src/server/outputdevice_interface.h Examining data/kwayland-server-5.19.5/src/server/dataoffer_interface.cpp Examining data/kwayland-server-5.19.5/src/server/relativepointer_interface.cpp Examining data/kwayland-server-5.19.5/src/server/xdgshell_v6_interface.cpp Examining data/kwayland-server-5.19.5/src/server/contrast_interface.h Examining data/kwayland-server-5.19.5/src/server/plasmashell_interface.cpp Examining data/kwayland-server-5.19.5/src/server/plasmawindowmanagement_interface.h Examining data/kwayland-server-5.19.5/src/server/datasource_interface.h Examining data/kwayland-server-5.19.5/src/server/xdgshell_v6_interface_p.h Examining data/kwayland-server-5.19.5/src/server/remote_access_interface.cpp Examining data/kwayland-server-5.19.5/src/server/output_interface.h Examining data/kwayland-server-5.19.5/src/server/textinput_interface.h Examining data/kwayland-server-5.19.5/src/server/plasmavirtualdesktop_interface.h Examining data/kwayland-server-5.19.5/src/server/blur_interface.h Examining data/kwayland-server-5.19.5/src/server/relativepointer_interface_p.h Examining data/kwayland-server-5.19.5/src/server/dpms_interface.cpp Examining data/kwayland-server-5.19.5/src/server/dpms_interface_p.h Examining data/kwayland-server-5.19.5/src/server/keystate_interface.cpp Examining data/kwayland-server-5.19.5/src/server/outputchangeset.h Examining data/kwayland-server-5.19.5/src/server/filtered_display.cpp Examining data/kwayland-server-5.19.5/src/server/region_interface.cpp Examining data/kwayland-server-5.19.5/src/server/datadevice_interface.cpp Examining data/kwayland-server-5.19.5/src/server/display.cpp Examining data/kwayland-server-5.19.5/src/server/appmenu_interface.cpp Examining data/kwayland-server-5.19.5/src/server/dataoffer_interface.h Examining data/kwayland-server-5.19.5/src/server/plasmashell_interface.h Examining data/kwayland-server-5.19.5/src/server/plasmavirtualdesktop_interface.cpp Examining data/kwayland-server-5.19.5/src/server/resource_p.h Examining data/kwayland-server-5.19.5/src/server/xdgshell_interface.h Examining data/kwayland-server-5.19.5/src/server/output_interface.cpp Examining data/kwayland-server-5.19.5/src/server/seat_interface.cpp Examining data/kwayland-server-5.19.5/src/server/eglstream_controller_interface.h Examining data/kwayland-server-5.19.5/src/server/linuxdmabuf_v1_interface.h Examining data/kwayland-server-5.19.5/src/server/outputmanagement_interface.h Examining data/kwayland-server-5.19.5/src/server/xdgshell_v5_interface.cpp Examining data/kwayland-server-5.19.5/src/server/keyboard_interface.h Examining data/kwayland-server-5.19.5/src/server/xdgshell_interface.cpp Examining data/kwayland-server-5.19.5/src/server/xdgforeign_v2_interface.cpp Examining data/kwayland-server-5.19.5/src/server/dataoffer_interface_p.h Examining data/kwayland-server-5.19.5/src/server/pointer_interface.h Examining data/kwayland-server-5.19.5/src/server/fakeinput_interface.h Examining data/kwayland-server-5.19.5/src/server/pointerconstraints_interface.cpp Examining data/kwayland-server-5.19.5/src/server/compositor_interface.h Examining data/kwayland-server-5.19.5/src/server/slide_interface.cpp Examining data/kwayland-server-5.19.5/src/server/surface_interface.cpp Examining data/kwayland-server-5.19.5/src/server/pointergestures_interface.h Examining data/kwayland-server-5.19.5/src/server/relativepointer_interface_v1.cpp Examining data/kwayland-server-5.19.5/src/server/datasource_interface.cpp Examining data/kwayland-server-5.19.5/src/server/textinput_interface_p.h Examining data/kwayland-server-5.19.5/src/server/eglstream_controller_interface.cpp Examining data/kwayland-server-5.19.5/src/server/global.cpp Examining data/kwayland-server-5.19.5/src/server/touch_interface.cpp Examining data/kwayland-server-5.19.5/src/server/outputchangeset_p.h Examining data/kwayland-server-5.19.5/src/server/buffer_interface.h Examining data/kwayland-server-5.19.5/src/server/server_decoration_palette_interface.h Examining data/kwayland-server-5.19.5/src/server/appmenu_interface.h Examining data/kwayland-server-5.19.5/src/server/dpms_interface.h Examining data/kwayland-server-5.19.5/src/server/pointergestures_interface_p.h Examining data/kwayland-server-5.19.5/src/server/pointergestures_interface.cpp Examining data/kwayland-server-5.19.5/src/server/subsurface_interface_p.h Examining data/kwayland-server-5.19.5/src/server/idleinhibit_interface.h Examining data/kwayland-server-5.19.5/src/server/drm_fourcc.h Examining data/kwayland-server-5.19.5/src/server/blur_interface.cpp Examining data/kwayland-server-5.19.5/src/server/shadow_interface.cpp Examining data/kwayland-server-5.19.5/src/server/outputconfiguration_interface.h Examining data/kwayland-server-5.19.5/src/server/buffer_interface.cpp Examining data/kwayland-server-5.19.5/src/server/shell_interface.cpp Examining data/kwayland-server-5.19.5/src/server/xdgforeign_v2_interface_p.h Examining data/kwayland-server-5.19.5/src/server/xdgoutput_interface.h Examining data/kwayland-server-5.19.5/src/server/pointer_interface.cpp Examining data/kwayland-server-5.19.5/src/server/surfacerole_p.h Examining data/kwayland-server-5.19.5/src/server/qtsurfaceextension_interface.h Examining data/kwayland-server-5.19.5/src/server/global.h Examining data/kwayland-server-5.19.5/src/server/server_decoration_interface.cpp Examining data/kwayland-server-5.19.5/src/server/touch_interface.h Examining data/kwayland-server-5.19.5/src/server/keyboard_interface_p.h Examining data/kwayland-server-5.19.5/src/server/surfacerole.cpp Examining data/kwayland-server-5.19.5/src/server/xdgshell_stable_interface.cpp Examining data/kwayland-server-5.19.5/src/server/plasmawindowmanagement_interface.cpp Examining data/kwayland-server-5.19.5/src/server/region_interface.h Examining data/kwayland-server-5.19.5/src/server/xdgdecoration_interface.cpp Examining data/kwayland-server-5.19.5/src/server/tablet_interface.cpp Examining data/kwayland-server-5.19.5/src/server/remote_access_interface_p.h Examining data/kwayland-server-5.19.5/src/server/xdgforeign_interface.h Examining data/kwayland-server-5.19.5/src/server/datadevicemanager_interface.cpp Examining data/kwayland-server-5.19.5/src/server/outputdevice_interface.cpp Examining data/kwayland-server-5.19.5/src/server/resource.cpp Examining data/kwayland-server-5.19.5/src/server/subcompositor_interface.h Examining data/kwayland-server-5.19.5/src/server/pointer_interface_p.h Examining data/kwayland-server-5.19.5/src/server/xdgoutput_interface.cpp Examining data/kwayland-server-5.19.5/src/server/outputchangeset.cpp Examining data/kwayland-server-5.19.5/src/server/shadow_interface.h Examining data/kwayland-server-5.19.5/src/server/qtsurfaceextension_interface.cpp Examining data/kwayland-server-5.19.5/src/server/idleinhibit_interface.cpp Examining data/kwayland-server-5.19.5/src/server/datadevicemanager_interface.h Examining data/kwayland-server-5.19.5/src/server/idleinhibit_interface_v1.cpp Examining data/kwayland-server-5.19.5/src/server/tablet_interface.h Examining data/kwayland-server-5.19.5/src/server/resource.h Examining data/kwayland-server-5.19.5/src/server/relativepointer_interface.h Examining data/kwayland-server-5.19.5/src/server/seat_interface_p.h Examining data/kwayland-server-5.19.5/src/server/remote_access_interface.h Examining data/kwayland-server-5.19.5/src/server/xdgdecoration_interface.h Examining data/kwayland-server-5.19.5/src/server/keystate_interface.h Examining data/kwayland-server-5.19.5/src/server/display.h Examining data/kwayland-server-5.19.5/src/server/shell_interface.h Examining data/kwayland-server-5.19.5/src/server/keyboard_interface.cpp Examining data/kwayland-server-5.19.5/src/server/eglstream_controller_interface_p.h Examining data/kwayland-server-5.19.5/src/server/subcompositor_interface.cpp Examining data/kwayland-server-5.19.5/src/server/pointergestures_interface_v1.cpp Examining data/kwayland-server-5.19.5/src/server/clientconnection.h Examining data/kwayland-server-5.19.5/src/server/generic_shell_surface_p.h Examining data/kwayland-server-5.19.5/src/server/textinput_interface.cpp Examining data/kwayland-server-5.19.5/src/server/idleinhibit_interface_p.h Examining data/kwayland-server-5.19.5/src/server/clientconnection.cpp Examining data/kwayland-server-5.19.5/src/server/xdgshell_interface_p.h Examining data/kwayland-server-5.19.5/src/server/fakeinput_interface.cpp Examining data/kwayland-server-5.19.5/src/server/idle_interface.h FINAL RESULTS: data/kwayland-server-5.19.5/tests/renderingservertest.cpp:46:9: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execlp(process.constData(), process.constData(), "-displayfd", fdbuf, "-rootless", (char *)nullptr); data/kwayland-server-5.19.5/tests/waylandservertest.cpp:37:9: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execlp(process.constData(), process.constData(), "-displayfd", fdbuf, (char *)nullptr); data/kwayland-server-5.19.5/autotests/client/test_datasource.cpp:223:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(file.open()); data/kwayland-server-5.19.5/autotests/client/test_datasource.cpp:233:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(writeFile.open(sendRequestedSpy.first().last().value<qint32>(), QFile::WriteOnly, QFileDevice::AutoCloseHandle)); data/kwayland-server-5.19.5/autotests/client/test_remote_access.cpp:197:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tmpFile->open(); data/kwayland-server-5.19.5/autotests/client/test_remote_access.cpp:247:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tmpFile->open(); data/kwayland-server-5.19.5/autotests/client/test_remote_access.cpp:333:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tmpFile1->open(); data/kwayland-server-5.19.5/autotests/client/test_remote_access.cpp:337:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tmpFile2->open(); data/kwayland-server-5.19.5/autotests/client/test_remote_access.cpp:414:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tmpFile->open(); data/kwayland-server-5.19.5/autotests/client/test_remote_access.cpp:449:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tmpFile->open(); data/kwayland-server-5.19.5/autotests/client/test_wayland_seat.cpp:2415:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(file.open(fd, QIODevice::ReadOnly)); data/kwayland-server-5.19.5/autotests/client/test_wayland_seat.cpp:2428:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(file.open(fd, QIODevice::ReadWrite));address = reinterpret_cast<char*>(file.map(0, keymapChangedSpy.first().last().value<quint32>())); data/kwayland-server-5.19.5/autotests/client/test_wayland_seat.cpp:2449:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(serverFile.open()); data/kwayland-server-5.19.5/autotests/client/test_wayland_seat.cpp:2463:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(file.open(fd, QIODevice::ReadOnly)); data/kwayland-server-5.19.5/autotests/client/test_wayland_seat.cpp:2477:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(file2.open(fd2, QIODevice::ReadWrite)); data/kwayland-server-5.19.5/src/server/keyboard_interface.cpp:82:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!tmp->open()) { data/kwayland-server-5.19.5/src/server/outputdevice_interface.cpp:419:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, origin.data(), memLength); data/kwayland-server-5.19.5/src/server/plasmawindowmanagement_interface.cpp:173:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, stackingOrder.data(), memLength); data/kwayland-server-5.19.5/src/server/plasmawindowmanagement_interface.cpp:480:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(fd, QIODevice::WriteOnly, QFileDevice::AutoCloseHandle); data/kwayland-server-5.19.5/src/server/seat_interface.cpp:1161:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(fd, QIODevice::ReadOnly)) { data/kwayland-server-5.19.5/tests/copyclient.cpp:169:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (c.open(fd, QFile::WriteOnly, QFile::AutoCloseHandle)) { data/kwayland-server-5.19.5/tests/pasteclient.cpp:154:42: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (readPipe.open(pipeFds[0], QIODevice::ReadOnly)) { data/kwayland-server-5.19.5/tests/renderingservertest.cpp:44:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fdbuf[16]; data/kwayland-server-5.19.5/tests/renderingservertest.cpp:45:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fdbuf, "%d", pipeFds[1]); data/kwayland-server-5.19.5/tests/renderingservertest.cpp:59:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!readPipe.open(pipe, QIODevice::ReadOnly)) { data/kwayland-server-5.19.5/tests/waylandservertest.cpp:35:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fdbuf[16]; data/kwayland-server-5.19.5/tests/waylandservertest.cpp:36:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fdbuf, "%d", pipeFds[1]); data/kwayland-server-5.19.5/tests/waylandservertest.cpp:50:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!readPipe.open(pipe, QIODevice::ReadOnly)) { data/kwayland-server-5.19.5/src/server/filtered_display.cpp:27:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). auto name = QByteArray::fromRawData(interface->name, strlen(interface->name)); ANALYSIS SUMMARY: Hits = 29 Lines analyzed = 57391 in approximately 1.38 seconds (41592 lines/second) Physical Source Lines of Code (SLOC) = 41701 Hits@level = [0] 0 [1] 1 [2] 26 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 29 [1+] 29 [2+] 28 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 0.695427 [1+] 0.695427 [2+] 0.671447 [3+] 0.0479605 [4+] 0.0479605 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.