Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/qxmpp-1.2.0/examples/example_0_connected/example_0_connected.cpp
Examining data/qxmpp-1.2.0/examples/example_1_echoClient/example_1_echoClient.cpp
Examining data/qxmpp-1.2.0/examples/example_1_echoClient/example_1_echoClient.h
Examining data/qxmpp-1.2.0/examples/example_2_rosterHandling/example_2_rosterHandling.cpp
Examining data/qxmpp-1.2.0/examples/example_2_rosterHandling/example_2_rosterHandling.h
Examining data/qxmpp-1.2.0/examples/example_3_transferHandling/example_3_transferHandling.cpp
Examining data/qxmpp-1.2.0/examples/example_3_transferHandling/example_3_transferHandling.h
Examining data/qxmpp-1.2.0/examples/example_5_rpcInterface/main.cpp
Examining data/qxmpp-1.2.0/examples/example_5_rpcInterface/remoteinterface.cpp
Examining data/qxmpp-1.2.0/examples/example_5_rpcInterface/remoteinterface.h
Examining data/qxmpp-1.2.0/examples/example_6_rpcClient/main.cpp
Examining data/qxmpp-1.2.0/examples/example_6_rpcClient/rpcClient.cpp
Examining data/qxmpp-1.2.0/examples/example_6_rpcClient/rpcClient.h
Examining data/qxmpp-1.2.0/examples/example_7_archiveHandling/example_7_archiveHandling.cpp
Examining data/qxmpp-1.2.0/examples/example_7_archiveHandling/example_7_archiveHandling.h
Examining data/qxmpp-1.2.0/examples/example_8_server/example_8_server.cpp
Examining data/qxmpp-1.2.0/examples/example_9_vCard/example_9_vCard.cpp
Examining data/qxmpp-1.2.0/examples/example_9_vCard/example_9_vCard.h
Examining data/qxmpp-1.2.0/src/base/QXmppArchiveIq.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppArchiveIq.h
Examining data/qxmpp-1.2.0/src/base/QXmppBindIq.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppBindIq.h
Examining data/qxmpp-1.2.0/src/base/QXmppBitsOfBinaryContentId.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppBitsOfBinaryContentId.h
Examining data/qxmpp-1.2.0/src/base/QXmppBitsOfBinaryData.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppBitsOfBinaryData.h
Examining data/qxmpp-1.2.0/src/base/QXmppBitsOfBinaryDataList.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppBitsOfBinaryDataList.h
Examining data/qxmpp-1.2.0/src/base/QXmppBitsOfBinaryIq.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppBitsOfBinaryIq.h
Examining data/qxmpp-1.2.0/src/base/QXmppBookmarkSet.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppBookmarkSet.h
Examining data/qxmpp-1.2.0/src/base/QXmppByteStreamIq.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppByteStreamIq.h
Examining data/qxmpp-1.2.0/src/base/QXmppCodec.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppCodec_p.h
Examining data/qxmpp-1.2.0/src/base/QXmppConstants.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppConstants_p.h
Examining data/qxmpp-1.2.0/src/base/QXmppDataForm.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppDataForm.h
Examining data/qxmpp-1.2.0/src/base/QXmppDiscoveryIq.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppDiscoveryIq.h
Examining data/qxmpp-1.2.0/src/base/QXmppElement.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppElement.h
Examining data/qxmpp-1.2.0/src/base/QXmppEntityTimeIq.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppEntityTimeIq.h
Examining data/qxmpp-1.2.0/src/base/QXmppHttpUploadIq.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppHttpUploadIq.h
Examining data/qxmpp-1.2.0/src/base/QXmppIbbIq.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppIbbIq.h
Examining data/qxmpp-1.2.0/src/base/QXmppIq.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppIq.h
Examining data/qxmpp-1.2.0/src/base/QXmppJingleIq.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppJingleIq.h
Examining data/qxmpp-1.2.0/src/base/QXmppLogger.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppLogger.h
Examining data/qxmpp-1.2.0/src/base/QXmppMamIq.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppMamIq.h
Examining data/qxmpp-1.2.0/src/base/QXmppMessage.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppMessage.h
Examining data/qxmpp-1.2.0/src/base/QXmppMixIq.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppMixIq.h
Examining data/qxmpp-1.2.0/src/base/QXmppMixItem.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppMixItem.h
Examining data/qxmpp-1.2.0/src/base/QXmppMucIq.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppMucIq.h
Examining data/qxmpp-1.2.0/src/base/QXmppNonSASLAuth.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppNonSASLAuth.h
Examining data/qxmpp-1.2.0/src/base/QXmppPingIq.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppPingIq.h
Examining data/qxmpp-1.2.0/src/base/QXmppPresence.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppPresence.h
Examining data/qxmpp-1.2.0/src/base/QXmppPubSubIq.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppPubSubIq.h
Examining data/qxmpp-1.2.0/src/base/QXmppPubSubItem.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppPubSubItem.h
Examining data/qxmpp-1.2.0/src/base/QXmppRegisterIq.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppRegisterIq.h
Examining data/qxmpp-1.2.0/src/base/QXmppResultSet.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppResultSet.h
Examining data/qxmpp-1.2.0/src/base/QXmppRosterIq.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppRosterIq.h
Examining data/qxmpp-1.2.0/src/base/QXmppRpcIq.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppRpcIq.h
Examining data/qxmpp-1.2.0/src/base/QXmppRtcpPacket.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppRtcpPacket.h
Examining data/qxmpp-1.2.0/src/base/QXmppRtpChannel.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppRtpChannel.h
Examining data/qxmpp-1.2.0/src/base/QXmppRtpPacket.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppRtpPacket.h
Examining data/qxmpp-1.2.0/src/base/QXmppSasl.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppSasl_p.h
Examining data/qxmpp-1.2.0/src/base/QXmppSessionIq.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppSessionIq.h
Examining data/qxmpp-1.2.0/src/base/QXmppSocks.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppSocks.h
Examining data/qxmpp-1.2.0/src/base/QXmppStanza.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppStanza.h
Examining data/qxmpp-1.2.0/src/base/QXmppStanza_p.h
Examining data/qxmpp-1.2.0/src/base/QXmppStartTlsPacket.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppStartTlsPacket.h
Examining data/qxmpp-1.2.0/src/base/QXmppStream.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppStream.h
Examining data/qxmpp-1.2.0/src/base/QXmppStreamFeatures.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppStreamFeatures.h
Examining data/qxmpp-1.2.0/src/base/QXmppStreamInitiationIq.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppStreamInitiationIq_p.h
Examining data/qxmpp-1.2.0/src/base/QXmppStreamManagement.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppStreamManagement_p.h
Examining data/qxmpp-1.2.0/src/base/QXmppStun.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppStun.h
Examining data/qxmpp-1.2.0/src/base/QXmppStun_p.h
Examining data/qxmpp-1.2.0/src/base/QXmppUtils.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppUtils.h
Examining data/qxmpp-1.2.0/src/base/QXmppVCardIq.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppVCardIq.h
Examining data/qxmpp-1.2.0/src/base/QXmppVersionIq.cpp
Examining data/qxmpp-1.2.0/src/base/QXmppVersionIq.h
Examining data/qxmpp-1.2.0/src/client/QXmppArchiveManager.cpp
Examining data/qxmpp-1.2.0/src/client/QXmppArchiveManager.h
Examining data/qxmpp-1.2.0/src/client/QXmppBookmarkManager.cpp
Examining data/qxmpp-1.2.0/src/client/QXmppBookmarkManager.h
Examining data/qxmpp-1.2.0/src/client/QXmppCallManager.cpp
Examining data/qxmpp-1.2.0/src/client/QXmppCallManager.h
Examining data/qxmpp-1.2.0/src/client/QXmppCarbonManager.cpp
Examining data/qxmpp-1.2.0/src/client/QXmppCarbonManager.h
Examining data/qxmpp-1.2.0/src/client/QXmppClient.cpp
Examining data/qxmpp-1.2.0/src/client/QXmppClient.h
Examining data/qxmpp-1.2.0/src/client/QXmppClientExtension.cpp
Examining data/qxmpp-1.2.0/src/client/QXmppClientExtension.h
Examining data/qxmpp-1.2.0/src/client/QXmppClient_p.h
Examining data/qxmpp-1.2.0/src/client/QXmppConfiguration.cpp
Examining data/qxmpp-1.2.0/src/client/QXmppConfiguration.h
Examining data/qxmpp-1.2.0/src/client/QXmppDiscoveryManager.cpp
Examining data/qxmpp-1.2.0/src/client/QXmppDiscoveryManager.h
Examining data/qxmpp-1.2.0/src/client/QXmppEntityTimeManager.cpp
Examining data/qxmpp-1.2.0/src/client/QXmppEntityTimeManager.h
Examining data/qxmpp-1.2.0/src/client/QXmppInternalClientExtension.cpp
Examining data/qxmpp-1.2.0/src/client/QXmppInternalClientExtension_p.h
Examining data/qxmpp-1.2.0/src/client/QXmppInvokable.cpp
Examining data/qxmpp-1.2.0/src/client/QXmppInvokable.h
Examining data/qxmpp-1.2.0/src/client/QXmppMamManager.cpp
Examining data/qxmpp-1.2.0/src/client/QXmppMamManager.h
Examining data/qxmpp-1.2.0/src/client/QXmppMessageReceiptManager.cpp
Examining data/qxmpp-1.2.0/src/client/QXmppMessageReceiptManager.h
Examining data/qxmpp-1.2.0/src/client/QXmppMucManager.cpp
Examining data/qxmpp-1.2.0/src/client/QXmppMucManager.h
Examining data/qxmpp-1.2.0/src/client/QXmppOutgoingClient.cpp
Examining data/qxmpp-1.2.0/src/client/QXmppOutgoingClient.h
Examining data/qxmpp-1.2.0/src/client/QXmppRegistrationManager.cpp
Examining data/qxmpp-1.2.0/src/client/QXmppRegistrationManager.h
Examining data/qxmpp-1.2.0/src/client/QXmppRemoteMethod.cpp
Examining data/qxmpp-1.2.0/src/client/QXmppRemoteMethod.h
Examining data/qxmpp-1.2.0/src/client/QXmppRosterManager.cpp
Examining data/qxmpp-1.2.0/src/client/QXmppRosterManager.h
Examining data/qxmpp-1.2.0/src/client/QXmppRpcManager.cpp
Examining data/qxmpp-1.2.0/src/client/QXmppRpcManager.h
Examining data/qxmpp-1.2.0/src/client/QXmppTlsManager.cpp
Examining data/qxmpp-1.2.0/src/client/QXmppTlsManager_p.h
Examining data/qxmpp-1.2.0/src/client/QXmppTransferManager.cpp
Examining data/qxmpp-1.2.0/src/client/QXmppTransferManager.h
Examining data/qxmpp-1.2.0/src/client/QXmppTransferManager_p.h
Examining data/qxmpp-1.2.0/src/client/QXmppUploadRequestManager.cpp
Examining data/qxmpp-1.2.0/src/client/QXmppUploadRequestManager.h
Examining data/qxmpp-1.2.0/src/client/QXmppVCardManager.cpp
Examining data/qxmpp-1.2.0/src/client/QXmppVCardManager.h
Examining data/qxmpp-1.2.0/src/client/QXmppVersionManager.cpp
Examining data/qxmpp-1.2.0/src/client/QXmppVersionManager.h
Examining data/qxmpp-1.2.0/src/server/QXmppDialback.cpp
Examining data/qxmpp-1.2.0/src/server/QXmppDialback.h
Examining data/qxmpp-1.2.0/src/server/QXmppIncomingClient.cpp
Examining data/qxmpp-1.2.0/src/server/QXmppIncomingClient.h
Examining data/qxmpp-1.2.0/src/server/QXmppIncomingServer.cpp
Examining data/qxmpp-1.2.0/src/server/QXmppIncomingServer.h
Examining data/qxmpp-1.2.0/src/server/QXmppOutgoingServer.cpp
Examining data/qxmpp-1.2.0/src/server/QXmppOutgoingServer.h
Examining data/qxmpp-1.2.0/src/server/QXmppPasswordChecker.cpp
Examining data/qxmpp-1.2.0/src/server/QXmppPasswordChecker.h
Examining data/qxmpp-1.2.0/src/server/QXmppServer.cpp
Examining data/qxmpp-1.2.0/src/server/QXmppServer.h
Examining data/qxmpp-1.2.0/src/server/QXmppServerExtension.cpp
Examining data/qxmpp-1.2.0/src/server/QXmppServerExtension.h
Examining data/qxmpp-1.2.0/src/server/QXmppServerPlugin.cpp
Examining data/qxmpp-1.2.0/src/server/QXmppServerPlugin.h
Examining data/qxmpp-1.2.0/tests/qxmpparchiveiq/tst_qxmpparchiveiq.cpp
Examining data/qxmpp-1.2.0/tests/qxmppbindiq/tst_qxmppbindiq.cpp
Examining data/qxmpp-1.2.0/tests/qxmppbitsofbinarycontentid/tst_qxmppbitsofbinarycontentid.cpp
Examining data/qxmpp-1.2.0/tests/qxmppbitsofbinaryiq/tst_qxmppbitsofbinaryiq.cpp
Examining data/qxmpp-1.2.0/tests/qxmppcallmanager/tst_qxmppcallmanager.cpp
Examining data/qxmpp-1.2.0/tests/qxmppcarbonmanager/tst_qxmppcarbonmanager.cpp
Examining data/qxmpp-1.2.0/tests/qxmppclient/tst_qxmppclient.cpp
Examining data/qxmpp-1.2.0/tests/qxmppcodec/tst_qxmppcodec.cpp
Examining data/qxmpp-1.2.0/tests/qxmppdataform/tst_qxmppdataform.cpp
Examining data/qxmpp-1.2.0/tests/qxmppdiscoveryiq/tst_qxmppdiscoveryiq.cpp
Examining data/qxmpp-1.2.0/tests/qxmppentitytimeiq/tst_qxmppentitytimeiq.cpp
Examining data/qxmpp-1.2.0/tests/qxmpphttpuploadiq/tst_qxmpphttpuploadiq.cpp
Examining data/qxmpp-1.2.0/tests/qxmppiceconnection/tst_qxmppiceconnection.cpp
Examining data/qxmpp-1.2.0/tests/qxmppiq/tst_qxmppiq.cpp
Examining data/qxmpp-1.2.0/tests/qxmppjingleiq/tst_qxmppjingleiq.cpp
Examining data/qxmpp-1.2.0/tests/qxmppmammanager/tst_qxmppmammanager.cpp
Examining data/qxmpp-1.2.0/tests/qxmppmessage/tst_qxmppmessage.cpp
Examining data/qxmpp-1.2.0/tests/qxmppmessagereceiptmanager/tst_qxmppmessagereceiptmanager.cpp
Examining data/qxmpp-1.2.0/tests/qxmppmixiq/tst_qxmppmixiq.cpp
Examining data/qxmpp-1.2.0/tests/qxmppmixitem/tst_qxmppmixitem.cpp
Examining data/qxmpp-1.2.0/tests/qxmppnonsaslauthiq/tst_qxmppnonsaslauthiq.cpp
Examining data/qxmpp-1.2.0/tests/qxmpppresence/tst_qxmpppresence.cpp
Examining data/qxmpp-1.2.0/tests/qxmpppubsubiq/tst_qxmpppubsubiq.cpp
Examining data/qxmpp-1.2.0/tests/qxmppregisteriq/tst_qxmppregisteriq.cpp
Examining data/qxmpp-1.2.0/tests/qxmppregistrationmanager/tst_qxmppregistrationmanager.cpp
Examining data/qxmpp-1.2.0/tests/qxmppresultset/tst_qxmppresultset.cpp
Examining data/qxmpp-1.2.0/tests/qxmpprosteriq/tst_qxmpprosteriq.cpp
Examining data/qxmpp-1.2.0/tests/qxmpprpciq/tst_qxmpprpciq.cpp
Examining data/qxmpp-1.2.0/tests/qxmpprtcppacket/tst_qxmpprtcppacket.cpp
Examining data/qxmpp-1.2.0/tests/qxmpprtppacket/tst_qxmpprtppacket.cpp
Examining data/qxmpp-1.2.0/tests/qxmppsasl/tst_qxmppsasl.cpp
Examining data/qxmpp-1.2.0/tests/qxmppserver/tst_qxmppserver.cpp
Examining data/qxmpp-1.2.0/tests/qxmppsessioniq/tst_qxmppsessioniq.cpp
Examining data/qxmpp-1.2.0/tests/qxmppsocks/tst_qxmppsocks.cpp
Examining data/qxmpp-1.2.0/tests/qxmppstanza/tst_qxmppstanza.cpp
Examining data/qxmpp-1.2.0/tests/qxmppstarttlspacket/tst_qxmppstarttlspacket.cpp
Examining data/qxmpp-1.2.0/tests/qxmppstreamfeatures/tst_qxmppstreamfeatures.cpp
Examining data/qxmpp-1.2.0/tests/qxmppstreaminitiationiq/tst_qxmppstreaminitiationiq.cpp
Examining data/qxmpp-1.2.0/tests/qxmppstunmessage/tst_qxmppstunmessage.cpp
Examining data/qxmpp-1.2.0/tests/qxmpptransfermanager/tst_qxmpptransfermanager.cpp
Examining data/qxmpp-1.2.0/tests/qxmppuploadrequestmanager/tst_qxmppuploadrequestmanager.cpp
Examining data/qxmpp-1.2.0/tests/qxmpputils/tst_qxmpputils.cpp
Examining data/qxmpp-1.2.0/tests/qxmppvcardiq/tst_qxmppvcardiq.cpp
Examining data/qxmpp-1.2.0/tests/qxmppversioniq/tst_qxmppversioniq.cpp
Examining data/qxmpp-1.2.0/tests/util.h
FINAL RESULTS:
data/qxmpp-1.2.0/examples/example_3_transferHandling/example_3_transferHandling.cpp:87:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer->open(QIODevice::WriteOnly);
data/qxmpp-1.2.0/examples/example_9_vCard/example_9_vCard.cpp:86:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadWrite)) {
data/qxmpp-1.2.0/examples/example_9_vCard/example_9_vCard.cpp:97:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/qxmpp-1.2.0/src/base/QXmppCodec.cpp:587:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, ycbcr_buffer[i].data, length);
data/qxmpp-1.2.0/src/base/QXmppCodec.cpp:1132:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, input, img->d_w / div);
data/qxmpp-1.2.0/src/base/QXmppLogger.cpp:194:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
d->logFile->open(QIODevice::WriteOnly | QIODevice::Append);
data/qxmpp-1.2.0/src/base/QXmppMixItem.cpp:156:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadWrite);
data/qxmpp-1.2.0/src/base/QXmppRtpChannel.cpp:464:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, d->incomingBuffer.constData(), readSize);
data/qxmpp-1.2.0/src/base/QXmppRtpChannel.cpp:482:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, chunk.constData() + headOffset, maxSize);
data/qxmpp-1.2.0/src/base/QXmppRtpChannel.cpp:521:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(QIODevice::ReadWrite | QIODevice::Unbuffered);
data/qxmpp-1.2.0/src/client/QXmppTransferManager.cpp:264:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file->open(QIODevice::WriteOnly)) {
data/qxmpp-1.2.0/src/client/QXmppTransferManager.cpp:1181:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!device->open(QIODevice::ReadOnly)) {
data/qxmpp-1.2.0/src/server/QXmppServer.cpp:463:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
} else if (file.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/qxmpp-1.2.0/src/server/QXmppServer.cpp:499:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
} else if (file.open(QIODevice::ReadOnly)) {
data/qxmpp-1.2.0/tests/qxmppregistrationmanager/tst_qxmppregistrationmanager.cpp:36:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadWrite);
data/qxmpp-1.2.0/tests/qxmppregistrationmanager/tst_qxmppregistrationmanager.cpp:519:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadWrite);
data/qxmpp-1.2.0/tests/qxmpprpciq/tst_qxmpprpciq.cpp:33:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadWrite);
data/qxmpp-1.2.0/tests/qxmpptransfermanager/tst_qxmpptransfermanager.cpp:58:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
receiverBuffer.open(QIODevice::WriteOnly);
data/qxmpp-1.2.0/tests/qxmpptransfermanager/tst_qxmpptransfermanager.cpp:167:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(expectedFile.open(QIODevice::ReadOnly));
data/qxmpp-1.2.0/tests/qxmpputils/tst_qxmpputils.cpp:94:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QCOMPARE(file.open(QIODevice::ReadOnly), true);
data/qxmpp-1.2.0/tests/util.h:44:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadWrite);
data/qxmpp-1.2.0/examples/example_9_vCard/example_9_vCard.cpp:99:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QImage image = imageReader.read();
data/qxmpp-1.2.0/src/base/QXmppRtcpPacket.cpp:60:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(QDataStream &stream);
data/qxmpp-1.2.0/src/base/QXmppRtcpPacket.cpp:76:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(QDataStream &stream);
data/qxmpp-1.2.0/src/base/QXmppRtcpPacket.cpp:89:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(QDataStream &stream);
data/qxmpp-1.2.0/src/base/QXmppRtcpPacket.cpp:144:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(stream);
data/qxmpp-1.2.0/src/base/QXmppRtcpPacket.cpp:159:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool QXmppRtcpPacket::read(QDataStream &stream)
data/qxmpp-1.2.0/src/base/QXmppRtcpPacket.cpp:210:58: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (d->type == SenderReport && !d->senderInfo.d->read(s))
data/qxmpp-1.2.0/src/base/QXmppRtcpPacket.cpp:214:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!receiverReport.d->read(s))
data/qxmpp-1.2.0/src/base/QXmppRtcpPacket.cpp:221:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!desc.d->read(s))
data/qxmpp-1.2.0/src/base/QXmppRtcpPacket.cpp:441:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool QXmppRtcpReceiverReportPrivate::read(QDataStream &stream)
data/qxmpp-1.2.0/src/base/QXmppRtcpPacket.cpp:530:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool QXmppRtcpSenderInfoPrivate::read(QDataStream &stream)
data/qxmpp-1.2.0/src/base/QXmppRtcpPacket.cpp:602:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool QXmppRtcpSourceDescriptionPrivate::read(QDataStream &stream)
data/qxmpp-1.2.0/src/base/QXmppRtcpPacket.h:60:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(QDataStream &stream);
data/qxmpp-1.2.0/src/base/QXmppSocks.cpp:164:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray buffer = read(3);
data/qxmpp-1.2.0/src/base/QXmppSocks.cpp:289:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray buffer = socket->read(3);
data/qxmpp-1.2.0/src/client/QXmppTransferManager.cpp:640:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
qint64 length = d->iodevice->read(buffer, d->blockSize);
data/qxmpp-1.2.0/src/client/QXmppTransferManager.cpp:985:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const QByteArray buffer = job->d->iodevice->read(job->d->blockSize);
data/qxmpp-1.2.0/src/client/QXmppTransferManager.cpp:1192:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
buffer = device->read(16384);
ANALYSIS SUMMARY:
Hits = 39
Lines analyzed = 52911 in approximately 1.14 seconds (46436 lines/second)
Physical Source Lines of Code (SLOC) = 33155
Hits@level = [0] 2 [1] 18 [2] 21 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 41 [1+] 39 [2+] 21 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 1.23662 [1+] 1.17629 [2+] 0.633389 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.