Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libktorrent-2.2.0/examples/ktcli/ktcli.cpp Examining data/libktorrent-2.2.0/examples/ktcli/ktcli.h Examining data/libktorrent-2.2.0/examples/ktcli/main.cpp Examining data/libktorrent-2.2.0/src/bcodec/bdecoder.cpp Examining data/libktorrent-2.2.0/src/bcodec/bdecoder.h Examining data/libktorrent-2.2.0/src/bcodec/bencoder.cpp Examining data/libktorrent-2.2.0/src/bcodec/bencoder.h Examining data/libktorrent-2.2.0/src/bcodec/bnode.cpp Examining data/libktorrent-2.2.0/src/bcodec/bnode.h Examining data/libktorrent-2.2.0/src/bcodec/value.cpp Examining data/libktorrent-2.2.0/src/bcodec/value.h Examining data/libktorrent-2.2.0/src/datachecker/datachecker.cpp Examining data/libktorrent-2.2.0/src/datachecker/datachecker.h Examining data/libktorrent-2.2.0/src/datachecker/datacheckerjob.cpp Examining data/libktorrent-2.2.0/src/datachecker/datacheckerjob.h Examining data/libktorrent-2.2.0/src/datachecker/datacheckerthread.cpp Examining data/libktorrent-2.2.0/src/datachecker/datacheckerthread.h Examining data/libktorrent-2.2.0/src/datachecker/multidatachecker.cpp Examining data/libktorrent-2.2.0/src/datachecker/multidatachecker.h Examining data/libktorrent-2.2.0/src/datachecker/singledatachecker.cpp Examining data/libktorrent-2.2.0/src/datachecker/singledatachecker.h Examining data/libktorrent-2.2.0/src/datachecker/tests/datacheckertest.cpp Examining data/libktorrent-2.2.0/src/dht/announcereq.cpp Examining data/libktorrent-2.2.0/src/dht/announcereq.h Examining data/libktorrent-2.2.0/src/dht/announcersp.cpp Examining data/libktorrent-2.2.0/src/dht/announcersp.h Examining data/libktorrent-2.2.0/src/dht/announcetask.cpp Examining data/libktorrent-2.2.0/src/dht/announcetask.h Examining data/libktorrent-2.2.0/src/dht/database.cpp Examining data/libktorrent-2.2.0/src/dht/database.h Examining data/libktorrent-2.2.0/src/dht/dht.cpp Examining data/libktorrent-2.2.0/src/dht/dht.h Examining data/libktorrent-2.2.0/src/dht/dhtbase.cpp Examining data/libktorrent-2.2.0/src/dht/dhtbase.h Examining data/libktorrent-2.2.0/src/dht/dhtpeersource.cpp Examining data/libktorrent-2.2.0/src/dht/dhtpeersource.h Examining data/libktorrent-2.2.0/src/dht/errmsg.cpp Examining data/libktorrent-2.2.0/src/dht/errmsg.h Examining data/libktorrent-2.2.0/src/dht/findnodereq.cpp Examining data/libktorrent-2.2.0/src/dht/findnodereq.h Examining data/libktorrent-2.2.0/src/dht/findnodersp.cpp Examining data/libktorrent-2.2.0/src/dht/findnodersp.h Examining data/libktorrent-2.2.0/src/dht/getpeersreq.cpp Examining data/libktorrent-2.2.0/src/dht/getpeersreq.h Examining data/libktorrent-2.2.0/src/dht/getpeersrsp.cpp Examining data/libktorrent-2.2.0/src/dht/getpeersrsp.h Examining data/libktorrent-2.2.0/src/dht/kbucket.cpp Examining data/libktorrent-2.2.0/src/dht/kbucket.h Examining data/libktorrent-2.2.0/src/dht/kbucketentry.cpp Examining data/libktorrent-2.2.0/src/dht/kbucketentry.h Examining data/libktorrent-2.2.0/src/dht/kbuckettable.cpp Examining data/libktorrent-2.2.0/src/dht/kbuckettable.h Examining data/libktorrent-2.2.0/src/dht/kclosestnodessearch.cpp Examining data/libktorrent-2.2.0/src/dht/kclosestnodessearch.h Examining data/libktorrent-2.2.0/src/dht/key.cpp Examining data/libktorrent-2.2.0/src/dht/key.h Examining data/libktorrent-2.2.0/src/dht/node.cpp Examining data/libktorrent-2.2.0/src/dht/node.h Examining data/libktorrent-2.2.0/src/dht/nodelookup.cpp Examining data/libktorrent-2.2.0/src/dht/nodelookup.h Examining data/libktorrent-2.2.0/src/dht/pack.cpp Examining data/libktorrent-2.2.0/src/dht/pack.h Examining data/libktorrent-2.2.0/src/dht/packednodecontainer.cpp Examining data/libktorrent-2.2.0/src/dht/packednodecontainer.h Examining data/libktorrent-2.2.0/src/dht/pingreq.cpp Examining data/libktorrent-2.2.0/src/dht/pingreq.h Examining data/libktorrent-2.2.0/src/dht/pingrsp.cpp Examining data/libktorrent-2.2.0/src/dht/pingrsp.h Examining data/libktorrent-2.2.0/src/dht/rpccall.cpp Examining data/libktorrent-2.2.0/src/dht/rpccall.h Examining data/libktorrent-2.2.0/src/dht/rpcmsg.cpp Examining data/libktorrent-2.2.0/src/dht/rpcmsg.h Examining data/libktorrent-2.2.0/src/dht/rpcmsgfactory.cpp Examining data/libktorrent-2.2.0/src/dht/rpcmsgfactory.h Examining data/libktorrent-2.2.0/src/dht/rpcserver.cpp Examining data/libktorrent-2.2.0/src/dht/rpcserver.h Examining data/libktorrent-2.2.0/src/dht/rpcserverinterface.cpp Examining data/libktorrent-2.2.0/src/dht/rpcserverinterface.h Examining data/libktorrent-2.2.0/src/dht/task.cpp Examining data/libktorrent-2.2.0/src/dht/task.h Examining data/libktorrent-2.2.0/src/dht/taskmanager.cpp Examining data/libktorrent-2.2.0/src/dht/taskmanager.h Examining data/libktorrent-2.2.0/src/dht/tests/keytest.cpp Examining data/libktorrent-2.2.0/src/dht/tests/rpcmsgtest.cpp Examining data/libktorrent-2.2.0/src/diskio/cache.cpp Examining data/libktorrent-2.2.0/src/diskio/cache.h Examining data/libktorrent-2.2.0/src/diskio/cachefile.cpp Examining data/libktorrent-2.2.0/src/diskio/cachefile.h Examining data/libktorrent-2.2.0/src/diskio/chunk.cpp Examining data/libktorrent-2.2.0/src/diskio/chunk.h Examining data/libktorrent-2.2.0/src/diskio/chunkmanager.cpp Examining data/libktorrent-2.2.0/src/diskio/chunkmanager.h Examining data/libktorrent-2.2.0/src/diskio/deletedatafilesjob.cpp Examining data/libktorrent-2.2.0/src/diskio/deletedatafilesjob.h Examining data/libktorrent-2.2.0/src/diskio/dndfile.cpp Examining data/libktorrent-2.2.0/src/diskio/dndfile.h Examining data/libktorrent-2.2.0/src/diskio/movedatafilesjob.cpp Examining data/libktorrent-2.2.0/src/diskio/movedatafilesjob.h Examining data/libktorrent-2.2.0/src/diskio/multifilecache.cpp Examining data/libktorrent-2.2.0/src/diskio/multifilecache.h Examining data/libktorrent-2.2.0/src/diskio/piecedata.cpp Examining data/libktorrent-2.2.0/src/diskio/piecedata.h Examining data/libktorrent-2.2.0/src/diskio/preallocationjob.cpp Examining data/libktorrent-2.2.0/src/diskio/preallocationjob.h Examining data/libktorrent-2.2.0/src/diskio/preallocationthread.cpp Examining data/libktorrent-2.2.0/src/diskio/preallocationthread.h Examining data/libktorrent-2.2.0/src/diskio/singlefilecache.cpp Examining data/libktorrent-2.2.0/src/diskio/singlefilecache.h Examining data/libktorrent-2.2.0/src/diskio/tests/chunkmanagertest.cpp Examining data/libktorrent-2.2.0/src/diskio/tests/preallocationtest.cpp Examining data/libktorrent-2.2.0/src/download/chunkdownload.cpp Examining data/libktorrent-2.2.0/src/download/chunkdownload.h Examining data/libktorrent-2.2.0/src/download/chunkselector.cpp Examining data/libktorrent-2.2.0/src/download/chunkselector.h Examining data/libktorrent-2.2.0/src/download/downloader.cpp Examining data/libktorrent-2.2.0/src/download/downloader.h Examining data/libktorrent-2.2.0/src/download/httpconnection.cpp Examining data/libktorrent-2.2.0/src/download/httpconnection.h Examining data/libktorrent-2.2.0/src/download/httpresponseheader.cpp Examining data/libktorrent-2.2.0/src/download/httpresponseheader.h Examining data/libktorrent-2.2.0/src/download/packet.cpp Examining data/libktorrent-2.2.0/src/download/packet.h Examining data/libktorrent-2.2.0/src/download/piece.cpp Examining data/libktorrent-2.2.0/src/download/piece.h Examining data/libktorrent-2.2.0/src/download/request.cpp Examining data/libktorrent-2.2.0/src/download/request.h Examining data/libktorrent-2.2.0/src/download/streamingchunkselector.cpp Examining data/libktorrent-2.2.0/src/download/streamingchunkselector.h Examining data/libktorrent-2.2.0/src/download/tests/streamingchunkselectortest.cpp Examining data/libktorrent-2.2.0/src/download/webseed.cpp Examining data/libktorrent-2.2.0/src/download/webseed.h Examining data/libktorrent-2.2.0/src/interfaces/blocklistinterface.cpp Examining data/libktorrent-2.2.0/src/interfaces/blocklistinterface.h Examining data/libktorrent-2.2.0/src/interfaces/cachefactory.cpp Examining data/libktorrent-2.2.0/src/interfaces/cachefactory.h Examining data/libktorrent-2.2.0/src/interfaces/chunkdownloadinterface.cpp Examining data/libktorrent-2.2.0/src/interfaces/chunkdownloadinterface.h Examining data/libktorrent-2.2.0/src/interfaces/chunkselectorinterface.cpp Examining data/libktorrent-2.2.0/src/interfaces/chunkselectorinterface.h Examining data/libktorrent-2.2.0/src/interfaces/exitoperation.cpp Examining data/libktorrent-2.2.0/src/interfaces/exitoperation.h Examining data/libktorrent-2.2.0/src/interfaces/logmonitorinterface.cpp Examining data/libktorrent-2.2.0/src/interfaces/logmonitorinterface.h Examining data/libktorrent-2.2.0/src/interfaces/monitorinterface.cpp Examining data/libktorrent-2.2.0/src/interfaces/monitorinterface.h Examining data/libktorrent-2.2.0/src/interfaces/peerinterface.cpp Examining data/libktorrent-2.2.0/src/interfaces/peerinterface.h Examining data/libktorrent-2.2.0/src/interfaces/peersource.cpp Examining data/libktorrent-2.2.0/src/interfaces/peersource.h Examining data/libktorrent-2.2.0/src/interfaces/piecedownloader.cpp Examining data/libktorrent-2.2.0/src/interfaces/piecedownloader.h Examining data/libktorrent-2.2.0/src/interfaces/queuemanagerinterface.cpp Examining data/libktorrent-2.2.0/src/interfaces/queuemanagerinterface.h Examining data/libktorrent-2.2.0/src/interfaces/serverinterface.cpp Examining data/libktorrent-2.2.0/src/interfaces/serverinterface.h Examining data/libktorrent-2.2.0/src/interfaces/torrentfileinterface.cpp Examining data/libktorrent-2.2.0/src/interfaces/torrentfileinterface.h Examining data/libktorrent-2.2.0/src/interfaces/torrentinterface.cpp Examining data/libktorrent-2.2.0/src/interfaces/torrentinterface.h Examining data/libktorrent-2.2.0/src/interfaces/trackerinterface.cpp Examining data/libktorrent-2.2.0/src/interfaces/trackerinterface.h Examining data/libktorrent-2.2.0/src/interfaces/trackerslist.cpp Examining data/libktorrent-2.2.0/src/interfaces/trackerslist.h Examining data/libktorrent-2.2.0/src/interfaces/webseedinterface.cpp Examining data/libktorrent-2.2.0/src/interfaces/webseedinterface.h Examining data/libktorrent-2.2.0/src/magnet/magnetdownloader.cpp Examining data/libktorrent-2.2.0/src/magnet/magnetdownloader.h Examining data/libktorrent-2.2.0/src/magnet/magnetlink.cpp Examining data/libktorrent-2.2.0/src/magnet/magnetlink.h Examining data/libktorrent-2.2.0/src/magnet/metadatadownload.cpp Examining data/libktorrent-2.2.0/src/magnet/metadatadownload.h Examining data/libktorrent-2.2.0/src/magnet/tests/magnetlinktest.cpp Examining data/libktorrent-2.2.0/src/migrate/cachemigrate.cpp Examining data/libktorrent-2.2.0/src/migrate/cachemigrate.h Examining data/libktorrent-2.2.0/src/migrate/ccmigrate.cpp Examining data/libktorrent-2.2.0/src/migrate/ccmigrate.h Examining data/libktorrent-2.2.0/src/migrate/migrate.cpp Examining data/libktorrent-2.2.0/src/migrate/migrate.h Examining data/libktorrent-2.2.0/src/mse/bigint.cpp Examining data/libktorrent-2.2.0/src/mse/bigint.h Examining data/libktorrent-2.2.0/src/mse/encryptedauthenticate.cpp Examining data/libktorrent-2.2.0/src/mse/encryptedauthenticate.h Examining data/libktorrent-2.2.0/src/mse/encryptedpacketsocket.cpp Examining data/libktorrent-2.2.0/src/mse/encryptedpacketsocket.h Examining data/libktorrent-2.2.0/src/mse/encryptedserverauthenticate.cpp Examining data/libktorrent-2.2.0/src/mse/encryptedserverauthenticate.h Examining data/libktorrent-2.2.0/src/mse/functions.cpp Examining data/libktorrent-2.2.0/src/mse/functions.h Examining data/libktorrent-2.2.0/src/mse/rc4encryptor.cpp Examining data/libktorrent-2.2.0/src/mse/rc4encryptor.h Examining data/libktorrent-2.2.0/src/mse/tests/rc4encryptortest.cpp Examining data/libktorrent-2.2.0/src/net/address.cpp Examining data/libktorrent-2.2.0/src/net/address.h Examining data/libktorrent-2.2.0/src/net/addressresolver.cpp Examining data/libktorrent-2.2.0/src/net/addressresolver.h Examining data/libktorrent-2.2.0/src/net/downloadthread.cpp Examining data/libktorrent-2.2.0/src/net/downloadthread.h Examining data/libktorrent-2.2.0/src/net/networkthread.cpp Examining data/libktorrent-2.2.0/src/net/networkthread.h Examining data/libktorrent-2.2.0/src/net/packetsocket.cpp Examining data/libktorrent-2.2.0/src/net/packetsocket.h Examining data/libktorrent-2.2.0/src/net/poll.cpp Examining data/libktorrent-2.2.0/src/net/poll.h Examining data/libktorrent-2.2.0/src/net/portlist.cpp Examining data/libktorrent-2.2.0/src/net/portlist.h Examining data/libktorrent-2.2.0/src/net/reverseresolver.cpp Examining data/libktorrent-2.2.0/src/net/reverseresolver.h Examining data/libktorrent-2.2.0/src/net/serversocket.cpp Examining data/libktorrent-2.2.0/src/net/serversocket.h Examining data/libktorrent-2.2.0/src/net/socket.cpp Examining data/libktorrent-2.2.0/src/net/socket.h Examining data/libktorrent-2.2.0/src/net/socketdevice.cpp Examining data/libktorrent-2.2.0/src/net/socketdevice.h Examining data/libktorrent-2.2.0/src/net/socketgroup.cpp Examining data/libktorrent-2.2.0/src/net/socketgroup.h Examining data/libktorrent-2.2.0/src/net/socketmonitor.cpp Examining data/libktorrent-2.2.0/src/net/socketmonitor.h Examining data/libktorrent-2.2.0/src/net/socks.cpp Examining data/libktorrent-2.2.0/src/net/socks.h Examining data/libktorrent-2.2.0/src/net/speed.cpp Examining data/libktorrent-2.2.0/src/net/speed.h Examining data/libktorrent-2.2.0/src/net/streamsocket.cpp Examining data/libktorrent-2.2.0/src/net/streamsocket.h Examining data/libktorrent-2.2.0/src/net/tests/polltest.cpp Examining data/libktorrent-2.2.0/src/net/tests/wakeuppipetest.cpp Examining data/libktorrent-2.2.0/src/net/trafficshapedsocket.cpp Examining data/libktorrent-2.2.0/src/net/trafficshapedsocket.h Examining data/libktorrent-2.2.0/src/net/uploadthread.cpp Examining data/libktorrent-2.2.0/src/net/uploadthread.h Examining data/libktorrent-2.2.0/src/net/wakeuppipe.cpp Examining data/libktorrent-2.2.0/src/net/wakeuppipe.h Examining data/libktorrent-2.2.0/src/peer/accessmanager.cpp Examining data/libktorrent-2.2.0/src/peer/accessmanager.h Examining data/libktorrent-2.2.0/src/peer/authenticate.cpp Examining data/libktorrent-2.2.0/src/peer/authenticate.h Examining data/libktorrent-2.2.0/src/peer/authenticatebase.cpp Examining data/libktorrent-2.2.0/src/peer/authenticatebase.h Examining data/libktorrent-2.2.0/src/peer/authenticationmonitor.cpp Examining data/libktorrent-2.2.0/src/peer/authenticationmonitor.h Examining data/libktorrent-2.2.0/src/peer/badpeerslist.cpp Examining data/libktorrent-2.2.0/src/peer/badpeerslist.h Examining data/libktorrent-2.2.0/src/peer/chunkcounter.cpp Examining data/libktorrent-2.2.0/src/peer/chunkcounter.h Examining data/libktorrent-2.2.0/src/peer/connectionlimit.cpp Examining data/libktorrent-2.2.0/src/peer/connectionlimit.h Examining data/libktorrent-2.2.0/src/peer/packetreader.cpp Examining data/libktorrent-2.2.0/src/peer/packetreader.h Examining data/libktorrent-2.2.0/src/peer/peer.cpp Examining data/libktorrent-2.2.0/src/peer/peer.h Examining data/libktorrent-2.2.0/src/peer/peerconnector.cpp Examining data/libktorrent-2.2.0/src/peer/peerconnector.h Examining data/libktorrent-2.2.0/src/peer/peerdownloader.cpp Examining data/libktorrent-2.2.0/src/peer/peerdownloader.h Examining data/libktorrent-2.2.0/src/peer/peerid.cpp Examining data/libktorrent-2.2.0/src/peer/peerid.h Examining data/libktorrent-2.2.0/src/peer/peermanager.cpp Examining data/libktorrent-2.2.0/src/peer/peermanager.h Examining data/libktorrent-2.2.0/src/peer/peerprotocolextension.cpp Examining data/libktorrent-2.2.0/src/peer/peerprotocolextension.h Examining data/libktorrent-2.2.0/src/peer/peeruploader.cpp Examining data/libktorrent-2.2.0/src/peer/peeruploader.h Examining data/libktorrent-2.2.0/src/peer/serverauthenticate.cpp Examining data/libktorrent-2.2.0/src/peer/serverauthenticate.h Examining data/libktorrent-2.2.0/src/peer/superseeder.cpp Examining data/libktorrent-2.2.0/src/peer/superseeder.h Examining data/libktorrent-2.2.0/src/peer/tests/accessmanagertest.cpp Examining data/libktorrent-2.2.0/src/peer/tests/connectionlimittest.cpp Examining data/libktorrent-2.2.0/src/peer/tests/packetreadertest.cpp Examining data/libktorrent-2.2.0/src/peer/tests/superseedtest.cpp Examining data/libktorrent-2.2.0/src/peer/utmetadata.cpp Examining data/libktorrent-2.2.0/src/peer/utmetadata.h Examining data/libktorrent-2.2.0/src/peer/utpex.cpp Examining data/libktorrent-2.2.0/src/peer/utpex.h Examining data/libktorrent-2.2.0/src/torrent/advancedchokealgorithm.cpp Examining data/libktorrent-2.2.0/src/torrent/advancedchokealgorithm.h Examining data/libktorrent-2.2.0/src/torrent/choker.cpp Examining data/libktorrent-2.2.0/src/torrent/choker.h Examining data/libktorrent-2.2.0/src/torrent/globals.cpp Examining data/libktorrent-2.2.0/src/torrent/globals.h Examining data/libktorrent-2.2.0/src/torrent/job.cpp Examining data/libktorrent-2.2.0/src/torrent/job.h Examining data/libktorrent-2.2.0/src/torrent/jobqueue.cpp Examining data/libktorrent-2.2.0/src/torrent/jobqueue.h Examining data/libktorrent-2.2.0/src/torrent/peersourcemanager.cpp Examining data/libktorrent-2.2.0/src/torrent/peersourcemanager.h Examining data/libktorrent-2.2.0/src/torrent/server.cpp Examining data/libktorrent-2.2.0/src/torrent/server.h Examining data/libktorrent-2.2.0/src/torrent/statsfile.cpp Examining data/libktorrent-2.2.0/src/torrent/statsfile.h Examining data/libktorrent-2.2.0/src/torrent/tests/statsfiletest.cpp Examining data/libktorrent-2.2.0/src/torrent/tests/torrentfilestreammultitest.cpp Examining data/libktorrent-2.2.0/src/torrent/tests/torrentfilestreamtest.cpp Examining data/libktorrent-2.2.0/src/torrent/timeestimator.cpp Examining data/libktorrent-2.2.0/src/torrent/timeestimator.h Examining data/libktorrent-2.2.0/src/torrent/torrent.cpp Examining data/libktorrent-2.2.0/src/torrent/torrent.h Examining data/libktorrent-2.2.0/src/torrent/torrentcontrol.cpp Examining data/libktorrent-2.2.0/src/torrent/torrentcontrol.h Examining data/libktorrent-2.2.0/src/torrent/torrentcreator.cpp Examining data/libktorrent-2.2.0/src/torrent/torrentcreator.h Examining data/libktorrent-2.2.0/src/torrent/torrentfile.cpp Examining data/libktorrent-2.2.0/src/torrent/torrentfile.h Examining data/libktorrent-2.2.0/src/torrent/torrentfilestream.cpp Examining data/libktorrent-2.2.0/src/torrent/torrentfilestream.h Examining data/libktorrent-2.2.0/src/torrent/torrentstats.cpp Examining data/libktorrent-2.2.0/src/torrent/torrentstats.h Examining data/libktorrent-2.2.0/src/torrent/uploader.cpp Examining data/libktorrent-2.2.0/src/torrent/uploader.h Examining data/libktorrent-2.2.0/src/tracker/httpannouncejob.cpp Examining data/libktorrent-2.2.0/src/tracker/httpannouncejob.h Examining data/libktorrent-2.2.0/src/tracker/httptracker.cpp Examining data/libktorrent-2.2.0/src/tracker/httptracker.h Examining data/libktorrent-2.2.0/src/tracker/kioannouncejob.cpp Examining data/libktorrent-2.2.0/src/tracker/kioannouncejob.h Examining data/libktorrent-2.2.0/src/tracker/tracker.cpp Examining data/libktorrent-2.2.0/src/tracker/tracker.h Examining data/libktorrent-2.2.0/src/tracker/trackermanager.cpp Examining data/libktorrent-2.2.0/src/tracker/trackermanager.h Examining data/libktorrent-2.2.0/src/tracker/udptracker.cpp Examining data/libktorrent-2.2.0/src/tracker/udptracker.h Examining data/libktorrent-2.2.0/src/tracker/udptrackersocket.cpp Examining data/libktorrent-2.2.0/src/tracker/udptrackersocket.h Examining data/libktorrent-2.2.0/src/upnp/httprequest.cpp Examining data/libktorrent-2.2.0/src/upnp/httprequest.h Examining data/libktorrent-2.2.0/src/upnp/soap.cpp Examining data/libktorrent-2.2.0/src/upnp/soap.h Examining data/libktorrent-2.2.0/src/upnp/upnpdescriptionparser.cpp Examining data/libktorrent-2.2.0/src/upnp/upnpdescriptionparser.h Examining data/libktorrent-2.2.0/src/upnp/upnpmcastsocket.cpp Examining data/libktorrent-2.2.0/src/upnp/upnpmcastsocket.h Examining data/libktorrent-2.2.0/src/upnp/upnprouter.cpp Examining data/libktorrent-2.2.0/src/upnp/upnprouter.h Examining data/libktorrent-2.2.0/src/util/array.cpp Examining data/libktorrent-2.2.0/src/util/array.h Examining data/libktorrent-2.2.0/src/util/autorotatelogjob.cpp Examining data/libktorrent-2.2.0/src/util/autorotatelogjob.h Examining data/libktorrent-2.2.0/src/util/bitset.cpp Examining data/libktorrent-2.2.0/src/util/bitset.h Examining data/libktorrent-2.2.0/src/util/bufferpool.cpp Examining data/libktorrent-2.2.0/src/util/bufferpool.h Examining data/libktorrent-2.2.0/src/util/circularbuffer.cpp Examining data/libktorrent-2.2.0/src/util/circularbuffer.h Examining data/libktorrent-2.2.0/src/util/compressfilejob.cpp Examining data/libktorrent-2.2.0/src/util/compressfilejob.h Examining data/libktorrent-2.2.0/src/util/constants.h Examining data/libktorrent-2.2.0/src/util/decompressfilejob.cpp Examining data/libktorrent-2.2.0/src/util/decompressfilejob.h Examining data/libktorrent-2.2.0/src/util/error.cpp Examining data/libktorrent-2.2.0/src/util/error.h Examining data/libktorrent-2.2.0/src/util/extractfilejob.cpp Examining data/libktorrent-2.2.0/src/util/extractfilejob.h Examining data/libktorrent-2.2.0/src/util/file.cpp Examining data/libktorrent-2.2.0/src/util/file.h Examining data/libktorrent-2.2.0/src/util/fileops.h Examining data/libktorrent-2.2.0/src/util/functions.cpp Examining data/libktorrent-2.2.0/src/util/functions.h Examining data/libktorrent-2.2.0/src/util/log.cpp Examining data/libktorrent-2.2.0/src/util/log.h Examining data/libktorrent-2.2.0/src/util/logsystemmanager.cpp Examining data/libktorrent-2.2.0/src/util/logsystemmanager.h Examining data/libktorrent-2.2.0/src/util/pipe.cpp Examining data/libktorrent-2.2.0/src/util/pipe.h Examining data/libktorrent-2.2.0/src/util/ptrmap.cpp Examining data/libktorrent-2.2.0/src/util/ptrmap.h Examining data/libktorrent-2.2.0/src/util/resourcemanager.cpp Examining data/libktorrent-2.2.0/src/util/resourcemanager.h Examining data/libktorrent-2.2.0/src/util/sha1hash.cpp Examining data/libktorrent-2.2.0/src/util/sha1hash.h Examining data/libktorrent-2.2.0/src/util/sha1hashgen.cpp Examining data/libktorrent-2.2.0/src/util/sha1hashgen.h Examining data/libktorrent-2.2.0/src/util/signalcatcher.cpp Examining data/libktorrent-2.2.0/src/util/signalcatcher.h Examining data/libktorrent-2.2.0/src/util/tests/bufferpooltest.cpp Examining data/libktorrent-2.2.0/src/util/tests/circularbuffertest.cpp Examining data/libktorrent-2.2.0/src/util/tests/fileopstest.cpp Examining data/libktorrent-2.2.0/src/util/tests/resourcemanagertest.cpp Examining data/libktorrent-2.2.0/src/util/tests/signalcatchertest.cpp Examining data/libktorrent-2.2.0/src/util/timer.cpp Examining data/libktorrent-2.2.0/src/util/timer.h Examining data/libktorrent-2.2.0/src/util/urlencoder.cpp Examining data/libktorrent-2.2.0/src/util/urlencoder.h Examining data/libktorrent-2.2.0/src/util/waitjob.cpp Examining data/libktorrent-2.2.0/src/util/waitjob.h Examining data/libktorrent-2.2.0/src/util/win32.cpp Examining data/libktorrent-2.2.0/src/util/win32.h Examining data/libktorrent-2.2.0/src/util/fileops.cpp Examining data/libktorrent-2.2.0/src/utp/connection.cpp Examining data/libktorrent-2.2.0/src/utp/connection.h Examining data/libktorrent-2.2.0/src/utp/delaywindow.cpp Examining data/libktorrent-2.2.0/src/utp/delaywindow.h Examining data/libktorrent-2.2.0/src/utp/localwindow.cpp Examining data/libktorrent-2.2.0/src/utp/localwindow.h Examining data/libktorrent-2.2.0/src/utp/outputqueue.cpp Examining data/libktorrent-2.2.0/src/utp/outputqueue.h Examining data/libktorrent-2.2.0/src/utp/packetbuffer.cpp Examining data/libktorrent-2.2.0/src/utp/packetbuffer.h Examining data/libktorrent-2.2.0/src/utp/pollpipe.cpp Examining data/libktorrent-2.2.0/src/utp/pollpipe.h Examining data/libktorrent-2.2.0/src/utp/remotewindow.cpp Examining data/libktorrent-2.2.0/src/utp/remotewindow.h Examining data/libktorrent-2.2.0/src/utp/tests/congestiontest.cpp Examining data/libktorrent-2.2.0/src/utp/tests/connectiontest.cpp Examining data/libktorrent-2.2.0/src/utp/tests/connecttest.cpp Examining data/libktorrent-2.2.0/src/utp/tests/delaywindowtest.cpp Examining data/libktorrent-2.2.0/src/utp/tests/fintest.cpp Examining data/libktorrent-2.2.0/src/utp/tests/localwindowtest.cpp Examining data/libktorrent-2.2.0/src/utp/tests/packetbuffertest.cpp Examining data/libktorrent-2.2.0/src/utp/tests/packetlosstest.cpp Examining data/libktorrent-2.2.0/src/utp/tests/remotewindowtest.cpp Examining data/libktorrent-2.2.0/src/utp/tests/sendtest.cpp Examining data/libktorrent-2.2.0/src/utp/tests/sockettest.cpp Examining data/libktorrent-2.2.0/src/utp/tests/timevaluetest.cpp Examining data/libktorrent-2.2.0/src/utp/tests/transmittest.cpp Examining data/libktorrent-2.2.0/src/utp/tests/utppolltest.cpp Examining data/libktorrent-2.2.0/src/utp/timevalue.cpp Examining data/libktorrent-2.2.0/src/utp/timevalue.h Examining data/libktorrent-2.2.0/src/utp/utpprotocol.cpp Examining data/libktorrent-2.2.0/src/utp/utpprotocol.h Examining data/libktorrent-2.2.0/src/utp/utpserver.cpp Examining data/libktorrent-2.2.0/src/utp/utpserver.h Examining data/libktorrent-2.2.0/src/utp/utpserver_p.h Examining data/libktorrent-2.2.0/src/utp/utpserverthread.cpp Examining data/libktorrent-2.2.0/src/utp/utpserverthread.h Examining data/libktorrent-2.2.0/src/utp/utpsocket.cpp Examining data/libktorrent-2.2.0/src/utp/utpsocket.h Examining data/libktorrent-2.2.0/src/version.cpp Examining data/libktorrent-2.2.0/src/version.h Examining data/libktorrent-2.2.0/testlib/dummytorrentcreator.cpp Examining data/libktorrent-2.2.0/testlib/dummytorrentcreator.h Examining data/libktorrent-2.2.0/testlib/utils.cpp Examining data/libktorrent-2.2.0/testlib/utils.h FINAL RESULTS: data/libktorrent-2.2.0/src/util/sha1hash.cpp:83:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp,41,fmt, data/libktorrent-2.2.0/src/dht/key.cpp:148:11: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Key Key::random() data/libktorrent-2.2.0/src/dht/key.cpp:150:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(0)); data/libktorrent-2.2.0/src/dht/key.h:72:14: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. static Key random(); data/libktorrent-2.2.0/src/dht/node.cpp:76:28: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. dht::Key r = dht::Key::random(); data/libktorrent-2.2.0/src/dht/node.cpp:85:28: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. dht::Key r = dht::Key::random(); data/libktorrent-2.2.0/src/mse/bigint.cpp:68:17: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. BigInt BigInt::random() data/libktorrent-2.2.0/src/mse/bigint.cpp:74:4: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(now); data/libktorrent-2.2.0/src/mse/bigint.h:84:17: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. static BigInt random(); data/libktorrent-2.2.0/src/mse/functions.cpp:41:18: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. priv = BigInt::random(); data/libktorrent-2.2.0/src/peer/peerid.cpp:53:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(0)); data/libktorrent-2.2.0/src/torrent/advancedchokealgorithm.cpp:199:27: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Uint32 start = KRandom::random() % num_peers; data/libktorrent-2.2.0/src/tracker/tracker.cpp:46:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(0)); data/libktorrent-2.2.0/src/datachecker/multidatachecker.cpp:122:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). File::Ptr fptr = open(tor,tflist.first()); data/libktorrent-2.2.0/src/datachecker/multidatachecker.cpp:181:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). File::Ptr fptr = open(tor,tflist.at(i)); data/libktorrent-2.2.0/src/datachecker/multidatachecker.cpp:199:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). File::Ptr MultiDataChecker::open(const bt::Torrent& tor, Uint32 idx) data/libktorrent-2.2.0/src/datachecker/multidatachecker.cpp:207:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fptr->open(tf.getPathOnDisk(), "rb")) data/libktorrent-2.2.0/src/datachecker/multidatachecker.h:43:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). File::Ptr open(const Torrent & tor,Uint32 idx); data/libktorrent-2.2.0/src/datachecker/singledatachecker.cpp:47:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fptr.open(path,"rb")) data/libktorrent-2.2.0/src/dht/database.cpp:71:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, addr.toIPv6Address().c, 16); data/libktorrent-2.2.0/src/dht/database.cpp:153:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tdata, addr.toIPv6Address().c, 16); data/libktorrent-2.2.0/src/dht/database.cpp:193:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tdata, addr.toIPv6Address().c, 16); data/libktorrent-2.2.0/src/dht/getpeersrsp.cpp:137:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ip.c, d.data(), 16); data/libktorrent-2.2.0/src/dht/kbucket.cpp:319:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, e.getAddress().toIPv6Address().c, 16); data/libktorrent-2.2.0/src/dht/kbucket.cpp:354:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ip.c, addr.data(), 16); data/libktorrent-2.2.0/src/dht/kbuckettable.cpp:149:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!fptr.open(QIODevice::ReadOnly)) data/libktorrent-2.2.0/src/dht/kbuckettable.cpp:184:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!fptr.open(file, "wb")) data/libktorrent-2.2.0/src/dht/node.cpp:60:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fptr.open(key_file, "wb")) data/libktorrent-2.2.0/src/dht/node.cpp:73:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fptr.open(key_file, "rb")) data/libktorrent-2.2.0/src/dht/pack.cpp:43:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr,e.getID().getData(),20); data/libktorrent-2.2.0/src/dht/pack.cpp:54:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr,e.getID().getData(),20); data/libktorrent-2.2.0/src/dht/pack.cpp:55:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr + 20,addr.toIPv6Address().c,16); data/libktorrent-2.2.0/src/dht/pack.cpp:74:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(key,ptr,20); data/libktorrent-2.2.0/src/dht/pack.cpp:89:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(key,ptr,20); data/libktorrent-2.2.0/src/diskio/cache.cpp:169:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!fptr.open(QIODevice::WriteOnly)) data/libktorrent-2.2.0/src/diskio/cache.cpp:183:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!fptr.open(QIODevice::ReadOnly)) data/libktorrent-2.2.0/src/diskio/cache.h:141:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual void open() = 0; data/libktorrent-2.2.0/src/diskio/cachefile.cpp:82:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(ok = fptr->open(QIODevice::ReadWrite))) data/libktorrent-2.2.0/src/diskio/cachefile.cpp:85:36: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (mode == READ && (ok = fptr->open(QIODevice::ReadOnly))) data/libktorrent-2.2.0/src/diskio/cachefile.cpp:99:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void CacheFile::open(const QString & path,Uint64 size) data/libktorrent-2.2.0/src/diskio/cachefile.h:73:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(const QString & path,Uint64 size); data/libktorrent-2.2.0/src/diskio/chunkmanager.cpp:154:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fptr.open(d->index_file, "wb"); data/libktorrent-2.2.0/src/diskio/chunkmanager.cpp:195:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). d->cache->open(); data/libktorrent-2.2.0/src/diskio/chunkmanager.cpp:437:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fptr.open(file_priority_file, "wb")) data/libktorrent-2.2.0/src/diskio/chunkmanager.cpp:478:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fptr.open(file_priority_file, "rb")) data/libktorrent-2.2.0/src/diskio/chunkmanager.cpp:936:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fptr.open(index_file, "wb")) data/libktorrent-2.2.0/src/diskio/chunkmanager.cpp:955:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fptr.open(index_file, "r+b")) data/libktorrent-2.2.0/src/diskio/chunkmanager.cpp:961:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fptr.open(index_file, "r+b")) data/libktorrent-2.2.0/src/diskio/chunkmanager.cpp:979:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fptr.open(index_file, "rb")) data/libktorrent-2.2.0/src/diskio/chunkmanager.cpp:1017:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fptr.open(file_info_file, "wb")) data/libktorrent-2.2.0/src/diskio/chunkmanager.cpp:1048:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fptr.open(file_info_file, "rb")) data/libktorrent-2.2.0/src/diskio/dndfile.cpp:59:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!fptr.open(path, "rb")) data/libktorrent-2.2.0/src/diskio/dndfile.cpp:88:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!fptr.open(path, "wb")) data/libktorrent-2.2.0/src/diskio/dndfile.cpp:100:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!fptr.open(path, "rb")) data/libktorrent-2.2.0/src/diskio/dndfile.cpp:116:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!fptr.open(path, "rb")) data/libktorrent-2.2.0/src/diskio/dndfile.cpp:132:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!fptr.open(path, "r+b")) data/libktorrent-2.2.0/src/diskio/dndfile.cpp:135:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!fptr.open(path, "r+b")) data/libktorrent-2.2.0/src/diskio/dndfile.cpp:150:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!fptr.open(path, "r+b")) data/libktorrent-2.2.0/src/diskio/dndfile.cpp:153:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!fptr.open(path, "r+b")) data/libktorrent-2.2.0/src/diskio/multifilecache.cpp:90:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!fptr.open(QIODevice::ReadOnly)) data/libktorrent-2.2.0/src/diskio/multifilecache.cpp:117:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!fptr.open(QIODevice::WriteOnly)) data/libktorrent-2.2.0/src/diskio/multifilecache.cpp:151:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void MultiFileCache::open() data/libktorrent-2.2.0/src/diskio/multifilecache.cpp:168:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd->open(tf.getPathOnDisk(), tf.getSize()); data/libktorrent-2.2.0/src/diskio/multifilecache.cpp:400:3: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(); data/libktorrent-2.2.0/src/diskio/multifilecache.cpp:480:3: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(); data/libktorrent-2.2.0/src/diskio/multifilecache.cpp:572:3: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(); data/libktorrent-2.2.0/src/diskio/multifilecache.cpp:689:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd->open(tf->getPathOnDisk(), tf->getSize()); data/libktorrent-2.2.0/src/diskio/multifilecache.cpp:705:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!fptr.open(src_file, "rb")) data/libktorrent-2.2.0/src/diskio/multifilecache.cpp:744:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!fptr.open(output_file, "r+b")) data/libktorrent-2.2.0/src/diskio/multifilecache.cpp:900:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). cf->open(tf.getPathOnDisk(), tf.getSize()); data/libktorrent-2.2.0/src/diskio/multifilecache.h:51:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open() override; data/libktorrent-2.2.0/src/diskio/piecedata.cpp:74:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr + off, buf, buf_size); data/libktorrent-2.2.0/src/diskio/piecedata.cpp:87:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, ptr + off, to_read); data/libktorrent-2.2.0/src/diskio/singlefilecache.cpp:73:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!fptr.open(QIODevice::ReadOnly)) data/libktorrent-2.2.0/src/diskio/singlefilecache.cpp:84:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!fptr.open(QIODevice::WriteOnly)) data/libktorrent-2.2.0/src/diskio/singlefilecache.cpp:134:4: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(); data/libktorrent-2.2.0/src/diskio/singlefilecache.cpp:195:4: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(); data/libktorrent-2.2.0/src/diskio/singlefilecache.cpp:246:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void SingleFileCache::open() data/libktorrent-2.2.0/src/diskio/singlefilecache.cpp:252:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tmp->open(output_file, tor.getTotalSize()); data/libktorrent-2.2.0/src/diskio/singlefilecache.cpp:259:4: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(); data/libktorrent-2.2.0/src/diskio/singlefilecache.cpp:284:4: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(); data/libktorrent-2.2.0/src/diskio/singlefilecache.h:47:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open() override; data/libktorrent-2.2.0/src/diskio/tests/chunkmanagertest.cpp:95:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. QVERIFY(memcpy(tmp,ptr->data(),20)); data/libktorrent-2.2.0/src/diskio/tests/preallocationtest.cpp:97:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). cache.open(); data/libktorrent-2.2.0/src/diskio/tests/preallocationtest.cpp:122:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). cache.open(); data/libktorrent-2.2.0/src/download/downloader.cpp:558:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fptr.open(file,"wb")) data/libktorrent-2.2.0/src/download/downloader.cpp:595:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fptr.open(file,"rb")) data/libktorrent-2.2.0/src/download/downloader.cpp:662:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fptr.open(file,"rb")) data/libktorrent-2.2.0/src/download/downloader.cpp:877:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fptr.open(QIODevice::WriteOnly)) data/libktorrent-2.2.0/src/download/downloader.cpp:900:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fptr.open(QIODevice::ReadOnly)) data/libktorrent-2.2.0/src/download/packet.cpp:63:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data+5,bs.getData(),bs.getNumBytes()); data/libktorrent-2.2.0/src/download/packet.cpp:86:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + 6,ext_data.data(),ext_data.size()); data/libktorrent-2.2.0/src/interfaces/serverinterface.cpp:85:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf,"req2",4); data/libktorrent-2.2.0/src/interfaces/serverinterface.cpp:90:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+4,pm->getTorrent().getInfoHash().getData(),20); data/libktorrent-2.2.0/src/magnet/metadatadownload.cpp:79:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(metadata.data() + off,piece_data.data(),size); data/libktorrent-2.2.0/src/migrate/ccmigrate.cpp:39:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fptr.open(current_chunks,"rb")) data/libktorrent-2.2.0/src/mse/encryptedauthenticate.cpp:108:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp_buf,"req1",4); data/libktorrent-2.2.0/src/mse/encryptedauthenticate.cpp:114:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp_buf,"req2",4); data/libktorrent-2.2.0/src/mse/encryptedauthenticate.cpp:115:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp_buf+4,info_hash.getData(),20); data/libktorrent-2.2.0/src/mse/encryptedauthenticate.cpp:118:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp_buf,"req3",4); data/libktorrent-2.2.0/src/mse/encryptedauthenticate.cpp:152:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vc,rc4.encrypt(vc,8),8); data/libktorrent-2.2.0/src/mse/encryptedpacketsocket.cpp:156:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf,reinserted_data + reinserted_data_read,tr); data/libktorrent-2.2.0/src/mse/encryptedpacketsocket.cpp:167:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf,reinserted_data + reinserted_data_read,tr); data/libktorrent-2.2.0/src/mse/encryptedpacketsocket.cpp:272:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(reinserted_data + off,d,size); data/libktorrent-2.2.0/src/mse/encryptedserverauthenticate.cpp:83:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp,"req1",4); data/libktorrent-2.2.0/src/mse/encryptedserverauthenticate.cpp:112:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp,"req3",4); data/libktorrent-2.2.0/src/mse/functions.cpp:53:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf,"key",3); data/libktorrent-2.2.0/src/mse/functions.cpp:56:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + 100,skey.getData(),20); data/libktorrent-2.2.0/src/mse/tests/rc4encryptortest.cpp:68:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp,data,1024); data/libktorrent-2.2.0/src/net/address.cpp:100:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addr->sin6_addr, toIPv6Address().c, 16); data/libktorrent-2.2.0/src/net/reverseresolver.cpp:61:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host[200]; data/libktorrent-2.2.0/src/net/reverseresolver.cpp:62:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char service[200]; data/libktorrent-2.2.0/src/net/socks.cpp:207:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char user_id[100]; data/libktorrent-2.2.0/src/net/socks.cpp:295:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(req.ip,&ip,4); data/libktorrent-2.2.0/src/net/socks.cpp:296:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(req.user_id,"KTorrent"); data/libktorrent-2.2.0/src/net/socks.cpp:345:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + off,user.constData(),user.size()); data/libktorrent-2.2.0/src/net/socks.cpp:348:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + off,pwd.constData(),pwd.size()); data/libktorrent-2.2.0/src/net/socks.cpp:386:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(req.ipv4.ip,&ip,4); data/libktorrent-2.2.0/src/net/socks.cpp:394:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(req.ipv6.ip,ip.c,16); data/libktorrent-2.2.0/src/peer/authenticate.cpp:189:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[21]; data/libktorrent-2.2.0/src/peer/authenticate.cpp:191:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp,hs+48,20); data/libktorrent-2.2.0/src/peer/authenticatebase.cpp:71:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hs+1,pstr,19); data/libktorrent-2.2.0/src/peer/authenticatebase.cpp:77:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hs+28,info_hash.getData(),20); data/libktorrent-2.2.0/src/peer/authenticatebase.cpp:78:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hs+48,our_peer_id.data(),20); data/libktorrent-2.2.0/src/peer/packetreader.cpp:82:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(len + len_received, buf, size); data/libktorrent-2.2.0/src/peer/packetreader.cpp:88:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(len + len_received, buf, 4 - len_received); data/libktorrent-2.2.0/src/peer/packetreader.cpp:97:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(len, buf, size); data/libktorrent-2.2.0/src/peer/packetreader.cpp:132:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pck->data.data() + pck->read, buf, tr); data/libktorrent-2.2.0/src/peer/packetreader.cpp:140:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pck->data.data() + pck->read, buf, tr); data/libktorrent-2.2.0/src/peer/peerid.cpp:54:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(id, bt::PeerIDPrefix().toLatin1().constData(), 8); data/libktorrent-2.2.0/src/peer/peerid.cpp:63:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(id,pid,20); data/libktorrent-2.2.0/src/peer/peerid.cpp:71:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(id,pid.id,20); data/libktorrent-2.2.0/src/peer/peerid.cpp:82:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(id,pid.id,20); data/libktorrent-2.2.0/src/peer/peerid.h:34:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[20]; data/libktorrent-2.2.0/src/peer/peermanager.cpp:271:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!fptr.open(QIODevice::WriteOnly)) data/libktorrent-2.2.0/src/peer/peermanager.cpp:303:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!fptr.open(QIODevice::ReadOnly)) data/libktorrent-2.2.0/src/peer/serverauthenticate.cpp:84:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[21]; data/libktorrent-2.2.0/src/peer/serverauthenticate.cpp:86:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp,hs+48,20); data/libktorrent-2.2.0/src/peer/tests/packetreadertest.cpp:43:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(received_packet.data(), packet, size); data/libktorrent-2.2.0/src/peer/utpex.cpp:165:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + size,&ip,4); data/libktorrent-2.2.0/src/torrent/tests/statsfiletest.cpp:65:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(file.open()); data/libktorrent-2.2.0/src/torrent/tests/torrentfilestreammultitest.cpp:101:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(!stream->open(QIODevice::ReadWrite)); data/libktorrent-2.2.0/src/torrent/tests/torrentfilestreammultitest.cpp:102:29: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(stream->open(QIODevice::ReadOnly)); data/libktorrent-2.2.0/src/torrent/tests/torrentfilestreammultitest.cpp:116:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(fptr.open(QIODevice::ReadOnly)); data/libktorrent-2.2.0/src/torrent/tests/torrentfilestreammultitest.cpp:136:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(!stream->open(QIODevice::ReadWrite)); data/libktorrent-2.2.0/src/torrent/tests/torrentfilestreammultitest.cpp:137:29: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(stream->open(QIODevice::ReadOnly)); data/libktorrent-2.2.0/src/torrent/tests/torrentfilestreammultitest.cpp:141:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(fptr.open(QIODevice::ReadOnly)); data/libktorrent-2.2.0/src/torrent/tests/torrentfilestreamtest.cpp:89:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(!stream->open(QIODevice::ReadWrite)); data/libktorrent-2.2.0/src/torrent/tests/torrentfilestreamtest.cpp:90:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(stream->open(QIODevice::ReadOnly)); data/libktorrent-2.2.0/src/torrent/tests/torrentfilestreamtest.cpp:116:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(!stream->open(QIODevice::ReadWrite)); data/libktorrent-2.2.0/src/torrent/tests/torrentfilestreamtest.cpp:117:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(stream->open(QIODevice::ReadOnly)); data/libktorrent-2.2.0/src/torrent/tests/torrentfilestreamtest.cpp:163:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(!stream->open(QIODevice::ReadWrite)); data/libktorrent-2.2.0/src/torrent/tests/torrentfilestreamtest.cpp:164:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(stream->open(QIODevice::ReadOnly)); data/libktorrent-2.2.0/src/torrent/tests/torrentfilestreamtest.cpp:189:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(fptr.open(QIODevice::ReadOnly)); data/libktorrent-2.2.0/src/torrent/tests/torrentfilestreamtest.cpp:230:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(!stream->open(QIODevice::ReadWrite)); data/libktorrent-2.2.0/src/torrent/tests/torrentfilestreamtest.cpp:231:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(stream->open(QIODevice::ReadOnly)); data/libktorrent-2.2.0/src/torrent/tests/torrentfilestreamtest.cpp:234:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(fptr.open(QIODevice::ReadOnly)); data/libktorrent-2.2.0/src/torrent/torrent.cpp:256:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(h,hash_string.data()+i,20); data/libktorrent-2.2.0/src/torrent/torrentcontrol.cpp:552:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fptr.open(QIODevice::WriteOnly)) data/libktorrent-2.2.0/src/torrent/torrentcreator.cpp:123:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fptr.open(url, "wb")) data/libktorrent-2.2.0/src/torrent/torrentcreator.cpp:245:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(big_hash + (20 * i), hashes[i].getData(), 20); data/libktorrent-2.2.0/src/torrent/torrentcreator.cpp:254:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fptr.open(target, "rb")) data/libktorrent-2.2.0/src/torrent/torrentcreator.cpp:290:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fptr.open(target + f.getPath(), "rb")) data/libktorrent-2.2.0/src/torrent/torrentcreator.cpp:360:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fptr.open(dd + QLatin1String("index"), "wb")) data/libktorrent-2.2.0/src/torrent/torrentfilestream.cpp:107:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool TorrentFileStream::open(QIODevice::OpenMode mode) data/libktorrent-2.2.0/src/torrent/torrentfilestream.cpp:115:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QIODevice::open(mode|QIODevice::Unbuffered); data/libktorrent-2.2.0/src/torrent/torrentfilestream.h:52:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(QIODevice::OpenMode mode) override; data/libktorrent-2.2.0/src/tracker/httptracker.cpp:390:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ip.c, arr.data() + i, 16); data/libktorrent-2.2.0/src/tracker/trackermanager.cpp:392:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!file.open(QIODevice::WriteOnly)) data/libktorrent-2.2.0/src/tracker/trackermanager.cpp:404:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!file.open( QIODevice::ReadOnly)) data/libktorrent-2.2.0/src/tracker/trackermanager.cpp:420:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!file.open(QIODevice::WriteOnly)) data/libktorrent-2.2.0/src/tracker/trackermanager.cpp:439:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!file.open( QIODevice::ReadOnly)) data/libktorrent-2.2.0/src/tracker/udptracker.cpp:303:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+16,info_hash.getData(),20); data/libktorrent-2.2.0/src/tracker/udptracker.cpp:304:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+36,peer_id.data(),20); data/libktorrent-2.2.0/src/tracker/udptracker.cpp:349:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+16,info_hash.getData(),20); data/libktorrent-2.2.0/src/upnp/upnpdescriptionparser.cpp:73:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fptr.open(QIODevice::ReadOnly)) data/libktorrent-2.2.0/src/upnp/upnpmcastsocket.cpp:198:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fptr.open(QIODevice::WriteOnly)) data/libktorrent-2.2.0/src/upnp/upnpmcastsocket.cpp:217:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fptr.open(QIODevice::ReadOnly)) data/libktorrent-2.2.0/src/util/bitset.cpp:62:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data,d,num_bytes); data/libktorrent-2.2.0/src/util/circularbuffer.cpp:51:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr,r.first,to_read); data/libktorrent-2.2.0/src/util/circularbuffer.cpp:55:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr,r.first,s); data/libktorrent-2.2.0/src/util/circularbuffer.cpp:57:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr + s,r.first,to_read - s); data/libktorrent-2.2.0/src/util/circularbuffer.cpp:79:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + write_pos,ptr,w); data/libktorrent-2.2.0/src/util/circularbuffer.cpp:80:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data,ptr + w,to_write - w); data/libktorrent-2.2.0/src/util/circularbuffer.cpp:84:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + write_pos,ptr,to_write); data/libktorrent-2.2.0/src/util/compressfilejob.cpp:44:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!in.open(QIODevice::ReadOnly)) data/libktorrent-2.2.0/src/util/compressfilejob.cpp:53:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!dev.open(QIODevice::WriteOnly)) data/libktorrent-2.2.0/src/util/compressfilejob.cpp:61:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libktorrent-2.2.0/src/util/decompressfilejob.cpp:44:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!out.open(QIODevice::WriteOnly)) data/libktorrent-2.2.0/src/util/decompressfilejob.cpp:53:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!dev.open(QIODevice::ReadOnly)) data/libktorrent-2.2.0/src/util/decompressfilejob.cpp:61:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libktorrent-2.2.0/src/util/extractfilejob.cpp:42:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libktorrent-2.2.0/src/util/extractfilejob.cpp:107:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!out_dev->open(QIODevice::WriteOnly)) data/libktorrent-2.2.0/src/util/file.cpp:44:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool File::open(const QString & file,const QString & mode) data/libktorrent-2.2.0/src/util/file.cpp:53:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fptr = fopen(QFile::encodeName(file).constData(), mode.toUtf8().constData()); data/libktorrent-2.2.0/src/util/file.h:58:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(const QString & file,const QString & mode); data/libktorrent-2.2.0/src/util/fileops.cpp:311:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fptr.open(url, QStringLiteral("wb"))) data/libktorrent-2.2.0/src/util/fileops.cpp:373:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = ::open(QFile::encodeName(path).constData(), O_RDWR | O_LARGEFILE); data/libktorrent-2.2.0/src/util/fileops.cpp:418:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = ::open(QFile::encodeName(path).constData(), O_RDWR | O_LARGEFILE); data/libktorrent-2.2.0/src/util/fileops.cpp:652:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PATH_MAX]; data/libktorrent-2.2.0/src/util/fileops.cpp:696:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (fptr.open(QIODevice::ReadOnly)) data/libktorrent-2.2.0/src/util/log.cpp:115:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fptr->open(QIODevice::WriteOnly)) data/libktorrent-2.2.0/src/util/log.cpp:178:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fptr->open(QIODevice::WriteOnly); data/libktorrent-2.2.0/src/util/sha1hash.cpp:45:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hash,h,20); data/libktorrent-2.2.0/src/util/sha1hash.cpp:77:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[41]; data/libktorrent-2.2.0/src/util/sha1hash.cpp:78:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[81]; data/libktorrent-2.2.0/src/util/sha1hashgen.cpp:63:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result,h->final().constData(),20); data/libktorrent-2.2.0/src/util/tests/signalcatchertest.cpp:104:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(tmp.open()); data/libktorrent-2.2.0/src/util/tests/signalcatchertest.cpp:124:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr,"Testing",7); data/libktorrent-2.2.0/src/util/tests/signalcatchertest.cpp:137:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr,"Testing",7); data/libktorrent-2.2.0/src/util/win32.cpp:407:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(noslash, filename, len - 1); data/libktorrent-2.2.0/src/util/win32.cpp:420:2: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t message[1024]; data/libktorrent-2.2.0/src/util/win32.cpp:422:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[1024]; data/libktorrent-2.2.0/src/util/win32.cpp:424:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cmessage[1024]; data/libktorrent-2.2.0/src/utp/localwindow.cpp:54:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, packet->get() + bytes_read, to_read); data/libktorrent-2.2.0/src/utp/packetbuffer.cpp:97:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(payload, data, data_size); data/libktorrent-2.2.0/src/utp/tests/sendtest.cpp:104:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[20]; data/libktorrent-2.2.0/src/utp/tests/sendtest.cpp:134:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[20]; data/libktorrent-2.2.0/src/utp/tests/sendtest.cpp:154:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[20]; data/libktorrent-2.2.0/src/utp/tests/sockettest.cpp:100:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[20]; data/libktorrent-2.2.0/testlib/dummytorrentcreator.cpp:104:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::WriteOnly|QIODevice::Truncate)) data/libktorrent-2.2.0/testlib/dummytorrentcreator.cpp:114:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[4096]; data/libktorrent-2.2.0/src/bcodec/bencoder.cpp:140:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). QByteArray s = QStringLiteral("%1:%2").arg(strlen(str)).arg(QString::fromUtf8(str)).toUtf8(); data/libktorrent-2.2.0/src/datachecker/multidatachecker.cpp:127:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return fptr->read(buf,cs) == cs; data/libktorrent-2.2.0/src/datachecker/multidatachecker.cpp:149:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). to_read = cs - read; data/libktorrent-2.2.0/src/datachecker/multidatachecker.cpp:166:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = dfd.readLastChunk(buf + read,0,to_read); data/libktorrent-2.2.0/src/datachecker/multidatachecker.cpp:168:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = dfd.readFirstChunk(buf + read,0,to_read); data/libktorrent-2.2.0/src/datachecker/multidatachecker.cpp:185:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (fptr->read(buf+read,to_read) != to_read) data/libktorrent-2.2.0/src/datachecker/multidatachecker.cpp:185:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (fptr->read(buf+read,to_read) != to_read) data/libktorrent-2.2.0/src/datachecker/singledatachecker.cpp:70:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fptr.read(buf,size); data/libktorrent-2.2.0/src/dht/node.cpp:83:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (fptr.read(data, 20) != 20) data/libktorrent-2.2.0/src/diskio/cachefile.cpp:365:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void CacheFile::read(Uint8* buf,Uint32 size,Uint64 off) data/libktorrent-2.2.0/src/diskio/cachefile.cpp:388:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((sz = fptr->read((char*)buf,size)) != size) data/libktorrent-2.2.0/src/diskio/cachefile.h:108:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void read(Uint8* buf,Uint32 size,Uint64 off); data/libktorrent-2.2.0/src/diskio/chunk.cpp:46:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return d->read(data,len) == len; data/libktorrent-2.2.0/src/diskio/chunkmanager.cpp:488:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (fptr.read(&num, sizeof(Uint32)) != sizeof(Uint32) || num > 2 * tor.getNumFiles()) data/libktorrent-2.2.0/src/diskio/chunkmanager.cpp:496:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (fptr.read(buf, sizeof(Uint32)*num) != sizeof(Uint32)*num) data/libktorrent-2.2.0/src/diskio/chunkmanager.cpp:995:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fptr.read(&hdr, sizeof(NewChunkHeader)); data/libktorrent-2.2.0/src/diskio/chunkmanager.cpp:1053:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (fptr.read(&num, sizeof(Uint32)) != sizeof(Uint32)) data/libktorrent-2.2.0/src/diskio/chunkmanager.cpp:1061:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (fptr.read(&tmp, sizeof(Uint32)) != sizeof(Uint32)) data/libktorrent-2.2.0/src/diskio/dndfile.cpp:66:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(fptr.read(&hdr, sizeof(DNDFileHeader)) != sizeof(DNDFileHeader)) data/libktorrent-2.2.0/src/diskio/dndfile.cpp:110:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return fptr.read(buf, size); data/libktorrent-2.2.0/src/diskio/dndfile.cpp:126:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return fptr.read(buf, size); data/libktorrent-2.2.0/src/diskio/multifilecache.cpp:502:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fd->read(piece->data(), length, piece_off); data/libktorrent-2.2.0/src/diskio/multifilecache.cpp:550:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fd->read(ptr, read_length, read_offset); data/libktorrent-2.2.0/src/diskio/multifilecache.cpp:713:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fptr.read(tmp, cs - tf->getFirstChunkOffset()); data/libktorrent-2.2.0/src/diskio/multifilecache.cpp:720:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fptr.read(tmp, tf->getLastChunkSize()); data/libktorrent-2.2.0/src/diskio/piecedata.cpp:79:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Uint32 PieceData::read(Uint8* buf, Uint32 to_read, Uint32 off) data/libktorrent-2.2.0/src/diskio/piecedata.cpp:113:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return file.read(ptr + off, size); data/libktorrent-2.2.0/src/diskio/piecedata.h:98:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Uint32 read(Uint8* buf, Uint32 to_read, Uint32 off = 0); data/libktorrent-2.2.0/src/diskio/singlefilecache.cpp:177:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fd->read(cp->data(), length, piece_off); data/libktorrent-2.2.0/src/download/chunkdownload.cpp:442:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). file.read(pieces.getData(),pieces.getNumBytes()); data/libktorrent-2.2.0/src/download/chunkdownload.cpp:447:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (file.read(&num_pieces_to_follow,sizeof(Uint32)) != sizeof(Uint32) || num_pieces_to_follow > num) data/libktorrent-2.2.0/src/download/chunkdownload.cpp:453:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (file.read(&phdr,sizeof(PieceHeader)) != sizeof(PieceHeader)) data/libktorrent-2.2.0/src/download/downloader.cpp:602:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fptr.read(&chdr,sizeof(CurrentChunksHeader)); data/libktorrent-2.2.0/src/download/downloader.cpp:614:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fptr.read(&hdr,sizeof(ChunkDownloadHeader)); data/libktorrent-2.2.0/src/download/downloader.cpp:667:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fptr.read(&chdr,sizeof(CurrentChunksHeader)); data/libktorrent-2.2.0/src/download/downloader.cpp:680:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fptr.read(&hdr,sizeof(ChunkDownloadHeader)); data/libktorrent-2.2.0/src/migrate/ccmigrate.cpp:43:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fptr.read(&chdr,sizeof(CurrentChunksHeader)); data/libktorrent-2.2.0/src/net/socketgroup.cpp:53:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s->read(0,now); data/libktorrent-2.2.0/src/net/socketgroup.cpp:79:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = s->read(as,now); data/libktorrent-2.2.0/src/net/socks.cpp:209:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int size() const {return 8 + strlen(user_id) + 1;} data/libktorrent-2.2.0/src/net/tests/polltest.cpp:66:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QVERIFY(pipe.read(tmp,20) == 4); data/libktorrent-2.2.0/src/net/tests/polltest.cpp:101:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QVERIFY(pipe.read(tmp,20) == 4); data/libktorrent-2.2.0/src/net/trafficshapedsocket.cpp:113:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Uint32 TrafficShapedSocket::read(bt::Uint32 max_bytes_to_read, bt::TimeStamp now) data/libktorrent-2.2.0/src/net/trafficshapedsocket.h:74:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual Uint32 read(Uint32 max_bytes_to_read, bt::TimeStamp now); data/libktorrent-2.2.0/src/net/wakeuppipe.cpp:55:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int ret = bt::Pipe::read(buf,20); data/libktorrent-2.2.0/src/peer/packetreader.cpp:31:83: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). IncomingPacket::IncomingPacket(Uint32 size) : data(new Uint8[size]), size(size), read(0) data/libktorrent-2.2.0/src/peer/packetreader.cpp:53:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (pck->read != pck->size) data/libktorrent-2.2.0/src/peer/packetreader.cpp:131:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Uint32 tr = pck->size - pck->read; data/libktorrent-2.2.0/src/peer/packetreader.cpp:132:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). memcpy(pck->data.data() + pck->read, buf, tr); data/libktorrent-2.2.0/src/peer/packetreader.cpp:140:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). memcpy(pck->data.data() + pck->read, buf, tr); data/libktorrent-2.2.0/src/peer/packetreader.h:37:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Uint32 read; data/libktorrent-2.2.0/src/torrent/tests/torrentfilestreammultitest.cpp:109:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). qint64 ret = stream->read(tmp.data(), stream->size()); data/libktorrent-2.2.0/src/torrent/tests/torrentfilestreammultitest.cpp:118:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QVERIFY(fptr.read(tmp2.data(), stream->size()) == stream->size()); data/libktorrent-2.2.0/src/torrent/tests/torrentfilestreammultitest.cpp:150:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QVERIFY(stream->read(sdata.data(), 256) == 256); data/libktorrent-2.2.0/src/torrent/tests/torrentfilestreammultitest.cpp:153:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QVERIFY(fptr.read(fdata.data(), 256) == 256); data/libktorrent-2.2.0/src/torrent/tests/torrentfilestreamtest.cpp:97:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). qint64 ret = stream->read(tmp.data(), tc.getStats().chunk_size); data/libktorrent-2.2.0/src/torrent/tests/torrentfilestreamtest.cpp:139:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). qint64 ret = stream->read(tmp.data() + split, chunk_size - split); data/libktorrent-2.2.0/src/torrent/tests/torrentfilestreamtest.cpp:144:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = stream->read(tmp.data(), split); data/libktorrent-2.2.0/src/torrent/tests/torrentfilestreamtest.cpp:180:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). qint64 ret = stream->read(range.data() + bytes_read, range_size - bytes_read); data/libktorrent-2.2.0/src/torrent/tests/torrentfilestreamtest.cpp:192:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QVERIFY(fptr.read(tmp.data(), range_size) == range_size); data/libktorrent-2.2.0/src/torrent/tests/torrentfilestreamtest.cpp:241:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QVERIFY(stream->read(tmp.data(), 100) == 100); data/libktorrent-2.2.0/src/torrent/tests/torrentfilestreamtest.cpp:246:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QVERIFY(fptr.read(tmp2.data(), 100) == 100); data/libktorrent-2.2.0/src/torrent/torrentcreator.cpp:260:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fptr.read(buf, s); data/libktorrent-2.2.0/src/torrent/torrentcreator.cpp:310:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). to_read = s - read; data/libktorrent-2.2.0/src/torrent/torrentcreator.cpp:316:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fptr.read(buf + read, to_read); data/libktorrent-2.2.0/src/torrent/torrentcreator.cpp:316:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fptr.read(buf + read, to_read); data/libktorrent-2.2.0/src/torrent/torrentfilestream.cpp:428:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). current_chunk_data->read((bt::Uint8*)data,allowed,current_chunk_offset); data/libktorrent-2.2.0/src/upnp/upnpmcastsocket.cpp:123:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writeDatagram(upnp_data,strlen(upnp_data),QHostAddress("239.255.255.250"),1900); data/libktorrent-2.2.0/src/upnp/upnpmcastsocket.cpp:124:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writeDatagram(tr64_data,strlen(tr64_data),QHostAddress("239.255.255.250"),1900); data/libktorrent-2.2.0/src/upnp/upnpmcastsocket.cpp:161:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ::read(fd,&tmp,1); data/libktorrent-2.2.0/src/util/circularbuffer.cpp:40:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bt::Uint32 CircularBuffer::read(bt::Uint8* ptr, bt::Uint32 max_len) data/libktorrent-2.2.0/src/util/circularbuffer.h:46:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual bt::Uint32 read(bt::Uint8* ptr,bt::Uint32 max_len); data/libktorrent-2.2.0/src/util/compressfilejob.cpp:64:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int len = in.read(buf,4096); data/libktorrent-2.2.0/src/util/decompressfilejob.cpp:64:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int len = dev.read(buf,4096); data/libktorrent-2.2.0/src/util/extractfilejob.cpp:44:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((ret = in_dev->read(buf,4096)) != 0 && !canceled) data/libktorrent-2.2.0/src/util/file.cpp:89:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Uint32 File::read(void* buf,Uint32 size) data/libktorrent-2.2.0/src/util/file.h:86:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Uint32 read(void* buf,Uint32 size); data/libktorrent-2.2.0/src/util/pipe.cpp:100:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int Pipe::read(Uint8* buffer, int max_len) data/libktorrent-2.2.0/src/util/pipe.cpp:103:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return ::read(reader,buffer,max_len); data/libktorrent-2.2.0/src/util/pipe.h:49:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int read(Uint8* buffer,int max_len); data/libktorrent-2.2.0/src/util/sha1hash.cpp:80:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(fmt + 4*i,"%02x",4); data/libktorrent-2.2.0/src/util/signalcatcher.cpp:133:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ::read(fd, &sig, sizeof(int)); data/libktorrent-2.2.0/src/util/tests/circularbuffertest.cpp:72:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QVERIFY(wnd.read(ret,19) == 19); data/libktorrent-2.2.0/src/util/tests/circularbuffertest.cpp:83:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QVERIFY(wnd.read(ret,19) == 19); data/libktorrent-2.2.0/src/util/tests/circularbuffertest.cpp:107:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QVERIFY(cbuf.read(ret,expected) == expected); data/libktorrent-2.2.0/src/util/win32.cpp:399:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(filename); data/libktorrent-2.2.0/src/utp/connection.cpp:547:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bt::Uint32 ret = local_wnd->read(buf, max_len); data/libktorrent-2.2.0/src/utp/localwindow.cpp:48:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bt::Uint32 WindowPacket::read(bt::Uint8* dst, bt::Uint32 max_len) data/libktorrent-2.2.0/src/utp/localwindow.cpp:106:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bt::Uint32 LocalWindow::read(bt::Uint8* data, bt::Uint32 max_len) data/libktorrent-2.2.0/src/utp/localwindow.cpp:113:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bt::Uint32 ret = pkt.read(data + written, max_len - written); data/libktorrent-2.2.0/src/utp/localwindow.h:44:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bt::Uint32 read(bt::Uint8* dst, bt::Uint32 max_len); data/libktorrent-2.2.0/src/utp/localwindow.h:85:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bt::Uint32 read(bt::Uint8* data, bt::Uint32 max_len); data/libktorrent-2.2.0/src/utp/packetbuffer.cpp:84:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cbuf.read(payload, to_read); data/libktorrent-2.2.0/src/utp/tests/congestiontest.cpp:87:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int ret = outgoing->send((const bt::Uint8*)test,strlen(test)); data/libktorrent-2.2.0/src/utp/tests/fintest.cpp:90:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). outgoing->send((const bt::Uint8*)test,strlen(test)); data/libktorrent-2.2.0/src/utp/tests/fintest.cpp:97:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). QVERIFY(ret == (int)strlen(test)); data/libktorrent-2.2.0/src/utp/tests/fintest.cpp:98:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). QVERIFY(memcmp(tmp,test,strlen(test)) == 0); data/libktorrent-2.2.0/src/utp/tests/localwindowtest.cpp:93:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QVERIFY(wnd.read(wdata,300) == 300); data/libktorrent-2.2.0/src/utp/tests/localwindowtest.cpp:122:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QVERIFY(wnd.read(wdata,600) == 500); data/libktorrent-2.2.0/src/utp/tests/localwindowtest.cpp:309:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QVERIFY(wnd.read(wdata,300) == 300); data/libktorrent-2.2.0/src/utp/tests/packetbuffertest.cpp:73:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). hdr2.read(pbuf.data()); data/libktorrent-2.2.0/src/utp/tests/packetbuffertest.cpp:82:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). hdr3.read(pbuf.data()); data/libktorrent-2.2.0/src/utp/tests/packetlosstest.cpp:97:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int ret = outgoing->send((const bt::Uint8*)test,strlen(test)); data/libktorrent-2.2.0/src/utp/tests/sendtest.cpp:101:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int ret = outgoing->send((const bt::Uint8*)test,strlen(test)); data/libktorrent-2.2.0/src/utp/tests/sendtest.cpp:102:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). QVERIFY(ret == (int)strlen(test)); data/libktorrent-2.2.0/src/utp/tests/sendtest.cpp:131:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). outgoing->send((const bt::Uint8*)test,strlen(test)); data/libktorrent-2.2.0/src/utp/tests/sendtest.cpp:132:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). incoming->send((const bt::Uint8*)test,strlen(test)); data/libktorrent-2.2.0/src/utp/tests/sendtest.cpp:151:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). outgoing->send((const bt::Uint8*)test,strlen(test)); data/libktorrent-2.2.0/src/utp/tests/sendtest.cpp:152:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). outgoing->send((const bt::Uint8*)test,strlen(test)); data/libktorrent-2.2.0/src/utp/tests/sockettest.cpp:97:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int ret = a->send((const bt::Uint8*)test,strlen(test)); data/libktorrent-2.2.0/src/utp/tests/sockettest.cpp:98:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). QVERIFY(ret == (int)strlen(test)); data/libktorrent-2.2.0/src/utp/tests/utppolltest.cpp:156:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int ret = outgoing[i]->send((const bt::Uint8*)test,strlen(test)); data/libktorrent-2.2.0/src/utp/tests/utppolltest.cpp:157:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). QVERIFY(ret == (int)strlen(test)); data/libktorrent-2.2.0/src/utp/tests/utppolltest.cpp:178:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). QVERIFY(incoming[i]->recv(tmp,20) == (int)strlen(test)); data/libktorrent-2.2.0/src/utp/tests/utppolltest.cpp:179:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). QVERIFY(memcmp(tmp,test,strlen(test)) == 0); data/libktorrent-2.2.0/src/utp/utpprotocol.cpp:43:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void Header::read(const bt::Uint8* data) data/libktorrent-2.2.0/src/utp/utpprotocol.cpp:77:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). hdr.read(packet); data/libktorrent-2.2.0/src/utp/utpprotocol.cpp:83:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). hdr.read(packet); data/libktorrent-2.2.0/src/utp/utpprotocol.h:61:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void read(const bt::Uint8* data); ANALYSIS SUMMARY: Hits = 341 Lines analyzed = 67144 in approximately 1.74 seconds (38669 lines/second) Physical Source Lines of Code (SLOC) = 41834 Hits@level = [0] 38 [1] 119 [2] 209 [3] 12 [4] 1 [5] 0 Hits@level+ = [0+] 379 [1+] 341 [2+] 222 [3+] 13 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 9.05962 [1+] 8.15126 [2+] 5.30669 [3+] 0.310752 [4+] 0.023904 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.