Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/sddm-0.19.0/src/auth/Auth.cpp
Examining data/sddm-0.19.0/src/auth/Auth.h
Examining data/sddm-0.19.0/src/auth/AuthMessages.h
Examining data/sddm-0.19.0/src/auth/AuthPrompt.cpp
Examining data/sddm-0.19.0/src/auth/AuthPrompt.h
Examining data/sddm-0.19.0/src/auth/AuthRequest.cpp
Examining data/sddm-0.19.0/src/auth/AuthRequest.h
Examining data/sddm-0.19.0/src/common/ConfigReader.cpp
Examining data/sddm-0.19.0/src/common/ConfigReader.h
Examining data/sddm-0.19.0/src/common/Configuration.cpp
Examining data/sddm-0.19.0/src/common/MessageHandler.h
Examining data/sddm-0.19.0/src/common/Messages.h
Examining data/sddm-0.19.0/src/common/SafeDataStream.cpp
Examining data/sddm-0.19.0/src/common/SafeDataStream.h
Examining data/sddm-0.19.0/src/common/Session.h
Examining data/sddm-0.19.0/src/common/SocketWriter.cpp
Examining data/sddm-0.19.0/src/common/SocketWriter.h
Examining data/sddm-0.19.0/src/common/ThemeConfig.cpp
Examining data/sddm-0.19.0/src/common/ThemeConfig.h
Examining data/sddm-0.19.0/src/common/ThemeMetadata.cpp
Examining data/sddm-0.19.0/src/common/ThemeMetadata.h
Examining data/sddm-0.19.0/src/common/VirtualTerminal.cpp
Examining data/sddm-0.19.0/src/common/VirtualTerminal.h
Examining data/sddm-0.19.0/src/common/VirtualTerminal_FreeBSD.cpp
Examining data/sddm-0.19.0/src/common/Configuration.h
Examining data/sddm-0.19.0/src/common/Session.cpp
Examining data/sddm-0.19.0/src/daemon/DaemonApp.cpp
Examining data/sddm-0.19.0/src/daemon/DaemonApp.h
Examining data/sddm-0.19.0/src/daemon/Display.cpp
Examining data/sddm-0.19.0/src/daemon/Display.h
Examining data/sddm-0.19.0/src/daemon/DisplayManager.cpp
Examining data/sddm-0.19.0/src/daemon/DisplayManager.h
Examining data/sddm-0.19.0/src/daemon/DisplayServer.cpp
Examining data/sddm-0.19.0/src/daemon/DisplayServer.h
Examining data/sddm-0.19.0/src/daemon/Greeter.cpp
Examining data/sddm-0.19.0/src/daemon/Greeter.h
Examining data/sddm-0.19.0/src/daemon/LogindDBusTypes.cpp
Examining data/sddm-0.19.0/src/daemon/LogindDBusTypes.h
Examining data/sddm-0.19.0/src/daemon/PowerManager.cpp
Examining data/sddm-0.19.0/src/daemon/PowerManager.h
Examining data/sddm-0.19.0/src/daemon/Seat.cpp
Examining data/sddm-0.19.0/src/daemon/Seat.h
Examining data/sddm-0.19.0/src/daemon/SeatManager.cpp
Examining data/sddm-0.19.0/src/daemon/SeatManager.h
Examining data/sddm-0.19.0/src/daemon/SignalHandler.cpp
Examining data/sddm-0.19.0/src/daemon/SignalHandler.h
Examining data/sddm-0.19.0/src/daemon/SocketServer.cpp
Examining data/sddm-0.19.0/src/daemon/SocketServer.h
Examining data/sddm-0.19.0/src/daemon/Utils.h
Examining data/sddm-0.19.0/src/daemon/XorgDisplayServer.cpp
Examining data/sddm-0.19.0/src/daemon/XorgDisplayServer.h
Examining data/sddm-0.19.0/src/greeter/GreeterApp.cpp
Examining data/sddm-0.19.0/src/greeter/GreeterApp.h
Examining data/sddm-0.19.0/src/greeter/GreeterProxy.cpp
Examining data/sddm-0.19.0/src/greeter/GreeterProxy.h
Examining data/sddm-0.19.0/src/greeter/KeyboardBackend.h
Examining data/sddm-0.19.0/src/greeter/KeyboardLayout.cpp
Examining data/sddm-0.19.0/src/greeter/KeyboardLayout.h
Examining data/sddm-0.19.0/src/greeter/KeyboardModel.cpp
Examining data/sddm-0.19.0/src/greeter/KeyboardModel.h
Examining data/sddm-0.19.0/src/greeter/KeyboardModel_p.h
Examining data/sddm-0.19.0/src/greeter/ScreenModel.cpp
Examining data/sddm-0.19.0/src/greeter/ScreenModel.h
Examining data/sddm-0.19.0/src/greeter/SessionModel.cpp
Examining data/sddm-0.19.0/src/greeter/SessionModel.h
Examining data/sddm-0.19.0/src/greeter/UserModel.cpp
Examining data/sddm-0.19.0/src/greeter/UserModel.h
Examining data/sddm-0.19.0/src/greeter/XcbKeyboardBackend.cpp
Examining data/sddm-0.19.0/src/greeter/XcbKeyboardBackend.h
Examining data/sddm-0.19.0/src/helper/Backend.cpp
Examining data/sddm-0.19.0/src/helper/Backend.h
Examining data/sddm-0.19.0/src/helper/HelperApp.cpp
Examining data/sddm-0.19.0/src/helper/HelperApp.h
Examining data/sddm-0.19.0/src/helper/UserSession.cpp
Examining data/sddm-0.19.0/src/helper/UserSession.h
Examining data/sddm-0.19.0/src/helper/backend/PamBackend.cpp
Examining data/sddm-0.19.0/src/helper/backend/PamBackend.h
Examining data/sddm-0.19.0/src/helper/backend/PamHandle.cpp
Examining data/sddm-0.19.0/src/helper/backend/PamHandle.h
Examining data/sddm-0.19.0/src/helper/backend/PasswdBackend.cpp
Examining data/sddm-0.19.0/src/helper/backend/PasswdBackend.h
Examining data/sddm-0.19.0/test/ConfigurationTest.cpp
Examining data/sddm-0.19.0/test/ConfigurationTest.h
FINAL RESULTS:
data/sddm-0.19.0/src/daemon/Display.cpp:167:21: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(qPrintable(m_socketServer->socketAddress()), pw->pw_uid, pw->pw_gid) == -1) {
data/sddm-0.19.0/src/daemon/XorgDisplayServer.cpp:361:17: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(qPrintable(fileName), pw->pw_uid, pw->pw_gid) == -1)
data/sddm-0.19.0/src/daemon/XorgDisplayServer.cpp:103:20: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE *fp = popen(qPrintable(cmd), "w");
data/sddm-0.19.0/src/greeter/GreeterApp.cpp:60:51: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (m_components_tranlator->load(QLocale::system(), QString(), QString(), QStringLiteral(COMPONENTS_TRANSLATION_DIR)))
data/sddm-0.19.0/src/greeter/GreeterApp.cpp:134:47: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (m_theme_translator->load(QLocale::system(), QString(), QString(),
data/sddm-0.19.0/src/helper/UserSession.cpp:284:24: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE *fp = popen(qPrintable(cmd), "w");
data/sddm-0.19.0/src/helper/backend/PasswdBackend.cpp:92:38: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
const char * const crypted = crypt(qPrintable(password), system_passwd);
data/sddm-0.19.0/src/auth/Auth.cpp:119:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (localeFile.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/sddm-0.19.0/src/common/ConfigReader.cpp:196:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!in.open(QIODevice::ReadOnly))
data/sddm-0.19.0/src/common/ConfigReader.cpp:284:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::ReadOnly); // first just for reading
data/sddm-0.19.0/src/common/ConfigReader.cpp:353:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::WriteOnly | QIODevice::Truncate);
data/sddm-0.19.0/src/common/MessageHandler.h:57:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileBuffer[PATH_MAX + sizeof("CODE_FILE=")];
data/sddm-0.19.0/src/common/MessageHandler.h:60:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lineBuffer[32];
data/sddm-0.19.0/src/common/MessageHandler.h:74:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::Append | QFile::WriteOnly))
data/sddm-0.19.0/src/common/MessageHandler.h:75:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QFile::Truncate | QFile::WriteOnly);
data/sddm-0.19.0/src/common/Session.cpp:141:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly))
data/sddm-0.19.0/src/common/VirtualTerminal.cpp:40:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open("/dev/tty0", O_RDWR | O_NOCTTY);
data/sddm-0.19.0/src/common/VirtualTerminal.cpp:46:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open("/dev/tty0", O_RDWR | O_NOCTTY);
data/sddm-0.19.0/src/common/VirtualTerminal.cpp:120:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open("/dev/tty0", O_RDWR | O_NOCTTY);
data/sddm-0.19.0/src/common/VirtualTerminal.cpp:156:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int activeVtFd = open("/dev/tty0", O_RDWR | O_NOCTTY);
data/sddm-0.19.0/src/common/VirtualTerminal.cpp:159:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int vtFd = open(qPrintable(ttyString), O_RDWR | O_NOCTTY);
data/sddm-0.19.0/src/daemon/XorgDisplayServer.cpp:97:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_handler.open(QIODevice::Append);
data/sddm-0.19.0/src/daemon/XorgDisplayServer.cpp:205:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!readPipe.open(pipeFds[0], QIODevice::ReadOnly)) {
data/sddm-0.19.0/src/helper/UserSession.cpp:85:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int vtFd = ::open(qPrintable(ttyString), O_RDWR | O_NOCTTY);
data/sddm-0.19.0/src/helper/UserSession.cpp:95:33: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int stdinFd = ::open("/dev/null", O_RDWR);
data/sddm-0.19.0/src/helper/UserSession.cpp:122:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = ::open(qPrintable(ns), O_RDONLY);
data/sddm-0.19.0/src/helper/UserSession.cpp:195:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(groups, pam_groups, (n_pam_groups * sizeof(gid_t)));
data/sddm-0.19.0/src/helper/UserSession.cpp:196:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((groups + n_pam_groups), user_groups,
data/sddm-0.19.0/src/helper/UserSession.cpp:244:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = ::open(qPrintable(sessionLog), O_WRONLY | O_CREAT | O_TRUNC, 0600);
data/sddm-0.19.0/src/helper/UserSession.cpp:254:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = ::open("/dev/null", O_WRONLY);
data/sddm-0.19.0/src/helper/UserSession.cpp:278:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_handler.open(QIODevice::Append);
data/sddm-0.19.0/src/helper/backend/PamBackend.cpp:352:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resp[i]->resp, response.constData(), response.length());
data/sddm-0.19.0/test/ConfigurationTest.cpp:87:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
confFile.open(QIODevice::WriteOnly | QIODevice::Truncate);
data/sddm-0.19.0/test/ConfigurationTest.cpp:100:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(confFile.open(QIODevice::ReadOnly));
data/sddm-0.19.0/test/ConfigurationTest.cpp:101:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(confCopy.open(QIODevice::ReadOnly));
data/sddm-0.19.0/test/ConfigurationTest.cpp:114:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
confFile.open(QIODevice::WriteOnly | QIODevice::Truncate);
data/sddm-0.19.0/test/ConfigurationTest.cpp:130:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
confFile.open(QIODevice::WriteOnly | QIODevice::Truncate);
data/sddm-0.19.0/test/ConfigurationTest.cpp:138:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(confFile.open(QIODevice::ReadOnly));
data/sddm-0.19.0/test/ConfigurationTest.cpp:148:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
confFile.open(QIODevice::WriteOnly | QIODevice::Truncate);
data/sddm-0.19.0/test/ConfigurationTest.cpp:168:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
confFileA.open(QIODevice::WriteOnly | QIODevice::Truncate);
data/sddm-0.19.0/test/ConfigurationTest.cpp:174:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
confFileB.open(QIODevice::WriteOnly | QIODevice::Truncate);
data/sddm-0.19.0/test/ConfigurationTest.cpp:182:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
confFileC.open(QIODevice::WriteOnly | QIODevice::Truncate);
data/sddm-0.19.0/test/ConfigurationTest.cpp:188:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
confFileMain.open(QIODevice::WriteOnly | QIODevice::Truncate);
data/sddm-0.19.0/test/ConfigurationTest.cpp:209:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
confFile.open(QIODevice::WriteOnly | QIODevice::Truncate);
data/sddm-0.19.0/test/ConfigurationTest.cpp:220:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
confFile.open(QIODevice::WriteOnly | QIODevice::Truncate);
data/sddm-0.19.0/test/ConfigurationTest.cpp:231:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
confFileA.open(QIODevice::WriteOnly | QIODevice::Truncate);
data/sddm-0.19.0/test/ConfigurationTest.cpp:240:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
confFileA.open(QIODevice::WriteOnly | QIODevice::Truncate);
data/sddm-0.19.0/src/common/SafeDataStream.cpp:60:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_device->read((char*) &length, sizeof(length));
data/sddm-0.19.0/src/common/SafeDataStream.cpp:73:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_data.append(m_device->read(length - m_data.length()));
data/sddm-0.19.0/src/daemon/SignalHandler.cpp:156:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (::read(sighupFd[1], &a, sizeof(a)) == -1) {
data/sddm-0.19.0/src/daemon/SignalHandler.cpp:178:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (::read(sigintFd[1], &a, sizeof(a)) == -1) {
data/sddm-0.19.0/src/daemon/SignalHandler.cpp:200:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (::read(sigtermFd[1], &a, sizeof(a)) == -1) {
data/sddm-0.19.0/src/daemon/SignalHandler.cpp:222:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (::read(sigusr1Fd[1], &a, sizeof(a)) == -1) {
data/sddm-0.19.0/src/helper/HelperApp.cpp:288:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(entry.ut_line, ttyChar, sizeof(entry.ut_line) - 1);
data/sddm-0.19.0/src/helper/HelperApp.cpp:294:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(entry.ut_host, displayChar, sizeof(entry.ut_host) - 1);
data/sddm-0.19.0/src/helper/HelperApp.cpp:299:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(entry.ut_user, userChar, sizeof(entry.ut_user) -1);
data/sddm-0.19.0/src/helper/HelperApp.cpp:342:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(entry.ut_line, ttyChar, sizeof(entry.ut_line) - 1);
data/sddm-0.19.0/src/helper/HelperApp.cpp:348:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(entry.ut_host, displayChar, sizeof(entry.ut_host) - 1);
ANALYSIS SUMMARY:
Hits = 58
Lines analyzed = 11230 in approximately 0.35 seconds (32517 lines/second)
Physical Source Lines of Code (SLOC) = 6936
Hits@level = [0] 9 [1] 11 [2] 40 [3] 0 [4] 5 [5] 2
Hits@level+ = [0+] 67 [1+] 58 [2+] 47 [3+] 7 [4+] 7 [5+] 2
Hits/KSLOC@level+ = [0+] 9.65975 [1+] 8.36217 [2+] 6.77624 [3+] 1.00923 [4+] 1.00923 [5+] 0.288351
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.