Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/qtserialbus-everywhere-src-5.15.2/config.tests/socketcan/main.cpp Examining data/qtserialbus-everywhere-src-5.15.2/config.tests/socketcan_fd/main.cpp Examining data/qtserialbus-everywhere-src-5.15.2/examples/serialbus/can/bitratebox.cpp Examining data/qtserialbus-everywhere-src-5.15.2/examples/serialbus/can/bitratebox.h Examining data/qtserialbus-everywhere-src-5.15.2/examples/serialbus/can/connectdialog.cpp Examining data/qtserialbus-everywhere-src-5.15.2/examples/serialbus/can/connectdialog.h Examining data/qtserialbus-everywhere-src-5.15.2/examples/serialbus/can/main.cpp Examining data/qtserialbus-everywhere-src-5.15.2/examples/serialbus/can/mainwindow.cpp Examining data/qtserialbus-everywhere-src-5.15.2/examples/serialbus/can/mainwindow.h Examining data/qtserialbus-everywhere-src-5.15.2/examples/serialbus/can/sendframebox.cpp Examining data/qtserialbus-everywhere-src-5.15.2/examples/serialbus/can/sendframebox.h Examining data/qtserialbus-everywhere-src-5.15.2/examples/serialbus/modbus/adueditor/main.cpp Examining data/qtserialbus-everywhere-src-5.15.2/examples/serialbus/modbus/adueditor/mainwindow.cpp Examining data/qtserialbus-everywhere-src-5.15.2/examples/serialbus/modbus/adueditor/mainwindow.h Examining data/qtserialbus-everywhere-src-5.15.2/examples/serialbus/modbus/adueditor/modbustcpclient.cpp Examining data/qtserialbus-everywhere-src-5.15.2/examples/serialbus/modbus/adueditor/modbustcpclient.h Examining data/qtserialbus-everywhere-src-5.15.2/examples/serialbus/modbus/adueditor/modbustcpclient_p.h Examining data/qtserialbus-everywhere-src-5.15.2/examples/serialbus/modbus/adueditor/plaintextedit.h Examining data/qtserialbus-everywhere-src-5.15.2/examples/serialbus/modbus/master/main.cpp Examining data/qtserialbus-everywhere-src-5.15.2/examples/serialbus/modbus/master/mainwindow.cpp Examining data/qtserialbus-everywhere-src-5.15.2/examples/serialbus/modbus/master/mainwindow.h Examining data/qtserialbus-everywhere-src-5.15.2/examples/serialbus/modbus/master/settingsdialog.cpp Examining data/qtserialbus-everywhere-src-5.15.2/examples/serialbus/modbus/master/settingsdialog.h Examining data/qtserialbus-everywhere-src-5.15.2/examples/serialbus/modbus/master/writeregistermodel.cpp Examining data/qtserialbus-everywhere-src-5.15.2/examples/serialbus/modbus/master/writeregistermodel.h Examining data/qtserialbus-everywhere-src-5.15.2/examples/serialbus/modbus/slave/main.cpp Examining data/qtserialbus-everywhere-src-5.15.2/examples/serialbus/modbus/slave/mainwindow.cpp Examining data/qtserialbus-everywhere-src-5.15.2/examples/serialbus/modbus/slave/mainwindow.h Examining data/qtserialbus-everywhere-src-5.15.2/examples/serialbus/modbus/slave/settingsdialog.cpp Examining data/qtserialbus-everywhere-src-5.15.2/examples/serialbus/modbus/slave/settingsdialog.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/5.15.2/QtSerialBus/private/qcanbusdevice_p.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/5.15.2/QtSerialBus/private/qcanbusdeviceinfo_p.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/5.15.2/QtSerialBus/private/qmodbus_symbols_p.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/5.15.2/QtSerialBus/private/qmodbusadu_p.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/5.15.2/QtSerialBus/private/qmodbusclient_p.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/5.15.2/QtSerialBus/private/qmodbuscommevent_p.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/5.15.2/QtSerialBus/private/qmodbusdevice_p.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/5.15.2/QtSerialBus/private/qmodbusrtuserialmaster_p.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/5.15.2/QtSerialBus/private/qmodbusrtuserialslave_p.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/5.15.2/QtSerialBus/private/qmodbusserver_p.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/5.15.2/QtSerialBus/private/qmodbustcpclient_p.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/5.15.2/QtSerialBus/private/qmodbustcpserver_p.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/qcanbus.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/qcanbusdevice.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/qcanbusdeviceinfo.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/qcanbusfactory.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/qcanbusframe.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/qmodbusclient.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/qmodbusdataunit.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/qmodbusdevice.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/qmodbusdeviceidentification.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/qmodbuspdu.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/qmodbusreply.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/qmodbusrtuserialmaster.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/qmodbusrtuserialslave.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/qmodbusserver.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/qmodbustcpclient.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/qmodbustcpserver.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/qserialbusglobal.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/qtserialbusglobal.h Examining data/qtserialbus-everywhere-src-5.15.2/include/QtSerialBus/qtserialbusversion.h Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/passthrucan/j2534passthru.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/passthrucan/j2534passthru.h Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/passthrucan/main.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/passthrucan/passthrucanbackend.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/passthrucan/passthrucanbackend.h Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/passthrucan/passthrucanio.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/passthrucan/passthrucanio.h Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/peakcan/main.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/peakcan/peakcan_symbols_p.h Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/peakcan/peakcanbackend.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/peakcan/peakcanbackend.h Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/peakcan/peakcanbackend_p.h Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/socketcan/libsocketcan.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/socketcan/libsocketcan.h Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/socketcan/main.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/socketcan/socketcanbackend.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/socketcan/socketcanbackend.h Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/systeccan/main.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/systeccan/systeccan_symbols_p.h Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/systeccan/systeccanbackend.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/systeccan/systeccanbackend.h Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/systeccan/systeccanbackend_p.h Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/tinycan/main.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/tinycan/tinycan_symbols_p.h Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/tinycan/tinycanbackend.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/tinycan/tinycanbackend.h Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/tinycan/tinycanbackend_p.h Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/vectorcan/main.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/vectorcan/vectorcan_symbols_p.h Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/vectorcan/vectorcanbackend.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/vectorcan/vectorcanbackend.h Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/vectorcan/vectorcanbackend_p.h Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/virtualcan/main.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/virtualcan/virtualcanbackend.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/virtualcan/virtualcanbackend.h Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/doc/snippets/snippetmain.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qcanbus.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qcanbus.h Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qcanbusdevice.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qcanbusdevice.h Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qcanbusdevice_p.h Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qcanbusdeviceinfo.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qcanbusdeviceinfo.h Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qcanbusdeviceinfo_p.h Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qcanbusfactory.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qcanbusfactory.h Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qcanbusframe.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qcanbusframe.h Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbus_symbols_p.h Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusadu_p.h Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusclient.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusclient.h Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusclient_p.h Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbuscommevent_p.h Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusdataunit.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusdataunit.h Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusdevice.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusdevice.h Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusdevice_p.h Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusdeviceidentification.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusdeviceidentification.h Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbuspdu.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbuspdu.h Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusreply.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusreply.h Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusrtuserialmaster.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusrtuserialmaster.h Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusrtuserialmaster_p.h Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusrtuserialslave.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusrtuserialslave.h Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusrtuserialslave_p.h Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusserver.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusserver.h Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusserver_p.h Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbustcpclient.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbustcpclient.h Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbustcpclient_p.h Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbustcpserver.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbustcpserver.h Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbustcpserver_p.h Examining data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qtserialbusglobal.h Examining data/qtserialbus-everywhere-src-5.15.2/src/tools/canbusutil/canbusutil.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/tools/canbusutil/canbusutil.h Examining data/qtserialbus-everywhere-src-5.15.2/src/tools/canbusutil/main.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/tools/canbusutil/readtask.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/tools/canbusutil/readtask.h Examining data/qtserialbus-everywhere-src-5.15.2/src/tools/canbusutil/sigtermhandler.cpp Examining data/qtserialbus-everywhere-src-5.15.2/src/tools/canbusutil/sigtermhandler.h Examining data/qtserialbus-everywhere-src-5.15.2/tests/auto/plugins/genericcanbus/dummybackend.cpp Examining data/qtserialbus-everywhere-src-5.15.2/tests/auto/plugins/genericcanbus/dummybackend.h Examining data/qtserialbus-everywhere-src-5.15.2/tests/auto/plugins/genericcanbus/main.cpp Examining data/qtserialbus-everywhere-src-5.15.2/tests/auto/plugins/genericcanbusv1/dummybackendv1.cpp Examining data/qtserialbus-everywhere-src-5.15.2/tests/auto/plugins/genericcanbusv1/dummybackendv1.h Examining data/qtserialbus-everywhere-src-5.15.2/tests/auto/plugins/genericcanbusv1/main.cpp Examining data/qtserialbus-everywhere-src-5.15.2/tests/auto/qcanbus/tst_qcanbus.cpp Examining data/qtserialbus-everywhere-src-5.15.2/tests/auto/qcanbusdevice/tst_qcanbusdevice.cpp Examining data/qtserialbus-everywhere-src-5.15.2/tests/auto/qcanbusframe/tst_qcanbusframe.cpp Examining data/qtserialbus-everywhere-src-5.15.2/tests/auto/qmodbusadu/tst_qmodbusadu.cpp Examining data/qtserialbus-everywhere-src-5.15.2/tests/auto/qmodbusclient/tst_qmodbusclient.cpp Examining data/qtserialbus-everywhere-src-5.15.2/tests/auto/qmodbuscommevent/tst_qmodbuscommevent.cpp Examining data/qtserialbus-everywhere-src-5.15.2/tests/auto/qmodbusdataunit/tst_qmodbusdataunit.cpp Examining data/qtserialbus-everywhere-src-5.15.2/tests/auto/qmodbusdevice/tst_qmodbusdevice.cpp Examining data/qtserialbus-everywhere-src-5.15.2/tests/auto/qmodbusdeviceidentification/tst_qmodbusdeviceidentification.cpp Examining data/qtserialbus-everywhere-src-5.15.2/tests/auto/qmodbuspdu/tst_qmodbuspdu.cpp Examining data/qtserialbus-everywhere-src-5.15.2/tests/auto/qmodbusreply/tst_qmodbusreply.cpp Examining data/qtserialbus-everywhere-src-5.15.2/tests/auto/qmodbusrtuserialmaster/tst_qmodbusrtuserialmaster.cpp Examining data/qtserialbus-everywhere-src-5.15.2/tests/auto/qmodbusserver/tst_qmodbusserver.cpp FINAL RESULTS: data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/passthrucan/j2534passthru.cpp:115:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). PassThru::Status PassThru::open(const QByteArray &name, Handle *deviceId) data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/passthrucan/j2534passthru.h:147:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_data[maxSize]; data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/passthrucan/j2534passthru.h:290:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). Status open(const QByteArray &name, Handle *deviceId); data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/passthrucan/passthrucanbackend.cpp:188:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool PassThruCanBackend::open() data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/passthrucan/passthrucanbackend.h:66:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open() override; data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/passthrucan/passthrucanio.cpp:54:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void PassThruCanIO::open(const QString &library, const QByteArray &subDev, uint bitRate) data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/passthrucan/passthrucanio.cpp:68:34: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). openStatus = m_passThru->open(subDev, &m_deviceId); data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/passthrucan/passthrucanio.cpp:240:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(msg.data() + 4, payload.data(), payloadSize); data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/passthrucan/passthrucanio.h:65:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). Q_INVOKABLE void open(const QString &library, const QByteArray &subDev, uint bitRate); data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/peakcan/peakcanbackend.cpp:81:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[6]; data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/peakcan/peakcanbackend.cpp:134:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char description[256] = {0}; data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/peakcan/peakcanbackend.cpp:319:29: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool PeakCanBackendPrivate::open() data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/peakcan/peakcanbackend.cpp:731:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool PeakCanBackend::open() data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/peakcan/peakcanbackend.cpp:736:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (Q_UNLIKELY(!d->open())) data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/peakcan/peakcanbackend.cpp:813:5: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(); data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/peakcan/peakcanbackend.h:62:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open() override; data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/peakcan/peakcanbackend_p.h:73:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(); data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/socketcan/socketcanbackend.cpp:87:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly)) data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/socketcan/socketcanbackend.cpp:206:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool SocketCanBackend::open() data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/socketcan/socketcanbackend.cpp:500:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(frame.data, newData.payload().constData(), frame.len); data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/socketcan/socketcanbackend.cpp:507:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(frame.data, newData.payload().constData(), frame.can_dlc); data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/socketcan/socketcanbackend.h:92:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open() override; data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/socketcan/socketcanbackend.h:120:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_ctrlmsg[CMSG_SPACE(sizeof(timeval)) + CMSG_SPACE(sizeof(__u32))]; data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/systeccan/systeccanbackend.cpp:192:31: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool SystecCanBackendPrivate::open() data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/systeccan/systeccanbackend.cpp:511:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool SystecCanBackend::open() data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/systeccan/systeccanbackend.cpp:515:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!d->open()) data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/systeccan/systeccanbackend.h:60:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open() override; data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/systeccan/systeccanbackend_p.h:86:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(); data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/tinycan/tinycan_symbols_p.h:116:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Chars[8]; data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/tinycan/tinycanbackend.cpp:184:29: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool TinyCanBackendPrivate::open() data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/tinycan/tinycanbackend.cpp:520:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool TinyCanBackend::open() data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/tinycan/tinycanbackend.cpp:525:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!d->open()) { data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/tinycan/tinycanbackend.h:62:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open() override; data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/tinycan/tinycanbackend_p.h:67:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(); data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/vectorcan/vectorcan_symbols_p.h:488:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[XL_MAX_LENGTH + 1]; data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/vectorcan/vectorcan_symbols_p.h:512:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char transceiverName[XL_MAX_LENGTH + 1]; // name for CANcab or another transceiver data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/vectorcan/vectorcan_symbols_p.h:562:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char reserved1[2]; data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/vectorcan/vectorcanbackend.cpp:168:31: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool VectorCanBackendPrivate::open() data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/vectorcan/vectorcanbackend.cpp:568:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool VectorCanBackend::open() data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/vectorcan/vectorcanbackend.cpp:572:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!d->open()) { data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/vectorcan/vectorcanbackend.h:61:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open() override; data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/vectorcan/vectorcanbackend_p.h:72:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(); data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/virtualcan/virtualcanbackend.cpp:200:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool VirtualCanBackend::open() data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/virtualcan/virtualcanbackend.h:83:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open() override; data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qcanbusdevice.cpp:907:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!open()) { data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qcanbusdevice.h:182:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual bool open() = 0; data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusdevice.cpp:253:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!open()) { data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusdevice.h:114:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual bool open() = 0; data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbuspdu.h:169:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[argCount] = { (encode(&stream, newData), void(), '0')... }; data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbuspdu.h:177:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[argCount] = { (decode(&stream, newData), void(), '0')... }; data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusrtuserialmaster.cpp:149:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool QModbusRtuSerialMaster::open() data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusrtuserialmaster.cpp:156:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (d->m_serialPort->open(QIODevice::ReadWrite)) { data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusrtuserialmaster.h:65:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open() override; data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusrtuserialslave.cpp:104:29: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool QModbusRtuSerialSlave::open() data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusrtuserialslave.cpp:111:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (d->m_serialPort->open(QIODevice::ReadWrite)) { data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusrtuserialslave.h:60:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open() override; data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbustcpclient.cpp:85:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool QModbusTcpClient::open() data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbustcpclient.h:58:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open() override; data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbustcpserver.cpp:93:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool QModbusTcpServer::open() data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbustcpserver.h:73:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open() override; data/qtserialbus-everywhere-src-5.15.2/tests/auto/plugins/genericcanbus/dummybackend.cpp:57:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool DummyBackend::open() data/qtserialbus-everywhere-src-5.15.2/tests/auto/plugins/genericcanbus/dummybackend.h:52:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open() override; data/qtserialbus-everywhere-src-5.15.2/tests/auto/plugins/genericcanbusv1/dummybackendv1.cpp:57:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool DummyBackendV1::open() data/qtserialbus-everywhere-src-5.15.2/tests/auto/plugins/genericcanbusv1/dummybackendv1.h:52:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open() override; data/qtserialbus-everywhere-src-5.15.2/tests/auto/qcanbusdevice/tst_qcanbusdevice.cpp:72:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open() data/qtserialbus-everywhere-src-5.15.2/tests/auto/qmodbusclient/tst_qmodbusclient.cpp:61:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open() override { data/qtserialbus-everywhere-src-5.15.2/tests/auto/qmodbusdevice/tst_qmodbusdevice.cpp:52:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open() override { return openState; } data/qtserialbus-everywhere-src-5.15.2/tests/auto/qmodbusserver/tst_qmodbusserver.cpp:54:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open() override { data/qtserialbus-everywhere-src-5.15.2/tests/auto/qmodbusserver/tst_qmodbusserver.cpp:1161:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open() override { return true; } data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/socketcan/socketcanbackend.cpp:142:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const QString deviceName = dirEntry.mid(strlen(sysClassNetC)); data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/virtualcan/virtualcanbackend.cpp:134:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list.append(command.mid(int(strlen("connect:")))); data/qtserialbus-everywhere-src-5.15.2/src/plugins/canbus/virtualcan/virtualcanbackend.cpp:140:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list.removeAll(command.mid(int(strlen("disconnect:")))); data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusclient.cpp:91:69: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QModbusReply *QModbusClient::sendReadRequest(const QModbusDataUnit &read, int serverAddress) data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusclient.cpp:94:48: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return d->sendRequest(d->createReadRequest(read), serverAddress, &read); data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusclient.cpp:94:71: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return d->sendRequest(d->createReadRequest(read), serverAddress, &read); data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusclient.cpp:120:74: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QModbusReply *QModbusClient::sendReadWriteRequest(const QModbusDataUnit &read, data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusclient.cpp:124:46: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return d->sendRequest(d->createRWRequest(read, write), serverAddress, &read); data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusclient.cpp:124:76: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return d->sendRequest(d->createRWRequest(read, write), serverAddress, &read); data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusclient.cpp:337:77: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QModbusRequest QModbusClientPrivate::createRWRequest(const QModbusDataUnit &read, data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusclient.cpp:340:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((read.registerType() != QModbusDataUnit::HoldingRegisters) data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusclient.cpp:346:79: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return QModbusRequest(QModbusRequest::ReadWriteMultipleRegisters, quint16(read.startAddress()), data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusclient.cpp:347:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). quint16(read.valueCount()), quint16(write.startAddress()), data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusclient.h:60:58: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QModbusReply *sendReadRequest(const QModbusDataUnit &read, int serverAddress); data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusclient.h:62:63: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QModbusReply *sendReadWriteRequest(const QModbusDataUnit &read, const QModbusDataUnit &write, data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusclient_p.h:68:59: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QModbusRequest createRWRequest(const QModbusDataUnit &read, const QModbusDataUnit &write) const; data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbuspdu.cpp:146:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((read < 0) || (read != (size - offset))) { data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbuspdu.cpp:146:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((read < 0) || (read != (size - offset))) { data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbuspdu.cpp:151:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). offset += read; data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusrtuserialmaster_p.h:111:43: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_responseBuffer += m_serialPort->read(m_serialPort->bytesAvailable()); data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbusrtuserialslave_p.h:94:46: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_requestBuffer += m_serialPort->read(size); data/qtserialbus-everywhere-src-5.15.2/src/serialbus/qmodbustcpclient_p.h:104:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). responseBuffer += m_socket->read(m_socket->bytesAvailable()); data/qtserialbus-everywhere-src-5.15.2/tests/auto/qcanbusdevice/tst_qcanbusdevice.cpp:150:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void read(); data/qtserialbus-everywhere-src-5.15.2/tests/auto/qcanbusdevice/tst_qcanbusdevice.cpp:263:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void tst_QCanBusDevice::read() data/qtserialbus-everywhere-src-5.15.2/tests/auto/qmodbusclient/tst_qmodbusclient.cpp:357:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QModbusDataUnit read(rc, address, count); data/qtserialbus-everywhere-src-5.15.2/tests/auto/qmodbusclient/tst_qmodbusclient.cpp:358:69: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QModbusRequest request = client.d_func()->createReadRequest(read); data/qtserialbus-everywhere-src-5.15.2/tests/auto/qmodbusclient/tst_qmodbusclient.cpp:440:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QModbusDataUnit read(rc, address, values.count()); data/qtserialbus-everywhere-src-5.15.2/tests/auto/qmodbusclient/tst_qmodbusclient.cpp:442:67: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QModbusRequest request = client.d_func()->createRWRequest(read, write); ANALYSIS SUMMARY: Hits = 97 Lines analyzed = 30160 in approximately 0.89 seconds (33865 lines/second) Physical Source Lines of Code (SLOC) = 17234 Hits@level = [0] 1 [1] 28 [2] 69 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 98 [1+] 97 [2+] 69 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 5.68643 [1+] 5.62841 [2+] 4.00371 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.