Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/shelxle-1.0.1179/calculator.h
Examining data/shelxle-1.0.1179/window.h
Examining data/shelxle-1.0.1179/dsreditwindow.cpp
Examining data/shelxle-1.0.1179/dsrgui.h
Examining data/shelxle-1.0.1179/psewidget.h
Examining data/shelxle-1.0.1179/listfile.h
Examining data/shelxle-1.0.1179/fourxle.h
Examining data/shelxle-1.0.1179/molecule.h
Examining data/shelxle-1.0.1179/chgl.cpp
Examining data/shelxle-1.0.1179/fourxle.cpp
Examining data/shelxle-1.0.1179/molecule.cpp
Examining data/shelxle-1.0.1179/fcvsfo.h
Examining data/shelxle-1.0.1179/shx_helper.h
Examining data/shelxle-1.0.1179/includeeditor.cpp
Examining data/shelxle-1.0.1179/dsrglwindow.h
Examining data/shelxle-1.0.1179/eacDlg.cpp
Examining data/shelxle-1.0.1179/savehistorywidget.cpp
Examining data/shelxle-1.0.1179/highlighter.cpp
Examining data/shelxle-1.0.1179/fcvsfo.cpp
Examining data/shelxle-1.0.1179/listfile.cpp
Examining data/shelxle-1.0.1179/glureplace.h
Examining data/shelxle-1.0.1179/ideal_defden.h
Examining data/shelxle-1.0.1179/dragdropatomsdlg.cpp
Examining data/shelxle-1.0.1179/calculator.cpp
Examining data/shelxle-1.0.1179/historywidget.cpp
Examining data/shelxle-1.0.1179/WhatsThisAndWhere.cpp
Examining data/shelxle-1.0.1179/psewidget.cpp
Examining data/shelxle-1.0.1179/highlighter.h
Examining data/shelxle-1.0.1179/scatt.h
Examining data/shelxle-1.0.1179/qpeakview.h
Examining data/shelxle-1.0.1179/ideal_defden.cpp
Examining data/shelxle-1.0.1179/plotgraph.cpp
Examining data/shelxle-1.0.1179/plotgraph.h
Examining data/shelxle-1.0.1179/eacDlg.h
Examining data/shelxle-1.0.1179/kissfft/kiss_fft.h
Examining data/shelxle-1.0.1179/kissfft/kiss_fftnd.h
Examining data/shelxle-1.0.1179/kissfft/kiss_fftnd.c
Examining data/shelxle-1.0.1179/kissfft/_kiss_fft_guts.h
Examining data/shelxle-1.0.1179/kissfft/kiss_fft.c
Examining data/shelxle-1.0.1179/historywidget.h
Examining data/shelxle-1.0.1179/codeeditor.h
Examining data/shelxle-1.0.1179/dsreditwindow.h
Examining data/shelxle-1.0.1179/savehistorywidget.h
Examining data/shelxle-1.0.1179/includeeditor.h
Examining data/shelxle-1.0.1179/main.cpp
Examining data/shelxle-1.0.1179/chgl.h
Examining data/shelxle-1.0.1179/dragdropatomsdlg.h
Examining data/shelxle-1.0.1179/dsrglwindow.cpp
Examining data/shelxle-1.0.1179/qpeakview.cpp
Examining data/shelxle-1.0.1179/codeeditor.cpp
Examining data/shelxle-1.0.1179/dsrgui.cpp
Examining data/shelxle-1.0.1179/itsme.h
Examining data/shelxle-1.0.1179/window.cpp
FINAL RESULTS:
data/shelxle-1.0.1179/chgl.cpp:100:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mconf.open(QIODevice::WriteOnly|QIODevice::Text);
data/shelxle-1.0.1179/chgl.cpp:113:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mconf.open(QIODevice::WriteOnly|QIODevice::Text);
data/shelxle-1.0.1179/chgl.cpp:126:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
miconf.open(QIODevice::ReadOnly|QIODevice::Text);
data/shelxle-1.0.1179/chgl.cpp:174:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
miconf.open(QIODevice::ReadOnly|QIODevice::Text);
data/shelxle-1.0.1179/codeeditor.cpp:389:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
kis.open(QIODevice::ReadOnly|QIODevice::Text);
data/shelxle-1.0.1179/codeeditor.cpp:933:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cc[10];
data/shelxle-1.0.1179/codeeditor.cpp:999:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cc[10];
data/shelxle-1.0.1179/codeeditor.cpp:1108:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cc[10];
data/shelxle-1.0.1179/codeeditor.cpp:1315:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cc[10];
data/shelxle-1.0.1179/dsreditwindow.cpp:1202:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QFile::ReadOnly | QFile::Text)) {
data/shelxle-1.0.1179/dsreditwindow.cpp:1226:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QFile::ReadWrite | QFile::Text)) {
data/shelxle-1.0.1179/dsrgui.cpp:599:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
savehist.open(QIODevice::ReadOnly|QIODevice::Text);
data/shelxle-1.0.1179/dsrgui.cpp:609:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool success = f.open(QIODevice::WriteOnly|QIODevice::Text);
data/shelxle-1.0.1179/dsrgui.cpp:730:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QFile::ReadOnly | QFile::Text)) {
data/shelxle-1.0.1179/fcvsfo.cpp:171:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f.open(QIODevice::ReadOnly|QIODevice::Text);
data/shelxle-1.0.1179/fourxle.cpp:807:5: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(filename,"rb");
data/shelxle-1.0.1179/fourxle.cpp:809:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[122]="";
data/shelxle-1.0.1179/fourxle.cpp:1338:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sc[409];
data/shelxle-1.0.1179/fourxle.cpp:1357:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char foname[4096];
data/shelxle-1.0.1179/fourxle.cpp:1358:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fof1name[4096];
data/shelxle-1.0.1179/fourxle.cpp:1376:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(foname,"_fo_densitymap.cube");
data/shelxle-1.0.1179/fourxle.cpp:1377:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fo=fopen(foname,"w");
data/shelxle-1.0.1179/fourxle.cpp:1414:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(fof1name,"_fo-fc_densitymap.cube");
data/shelxle-1.0.1179/fourxle.cpp:1415:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fof1=fopen(fof1name,"w");
data/shelxle-1.0.1179/fourxle.cpp:1458:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[122],*dum=NULL;
data/shelxle-1.0.1179/fourxle.cpp:1462:5: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(filename,"r");
data/shelxle-1.0.1179/fourxle.cpp:1767:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fxfi.open(QIODevice::ReadOnly|QIODevice::Text);
data/shelxle-1.0.1179/fourxle.cpp:1776:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fxfi.open(QIODevice::WriteOnly|QIODevice::Text);
data/shelxle-1.0.1179/fourxle.cpp:2946:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(contEPSFile->text().toLocal8Bit(),"wt");
data/shelxle-1.0.1179/fourxle.h:237:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char titl[80];/*fcmax=0,f000=0,resmax=99999.0,*/
data/shelxle-1.0.1179/historywidget.cpp:48:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f.open(QIODevice::ReadOnly);
data/shelxle-1.0.1179/historywidget.cpp:71:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f.open(QIODevice::ReadOnly);
data/shelxle-1.0.1179/historywidget.cpp:273:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
alt.open(QIODevice::ReadOnly|QIODevice::Text);
data/shelxle-1.0.1179/historywidget.cpp:301:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (alt.open(QIODevice::ReadOnly)){
data/shelxle-1.0.1179/historywidget.cpp:329:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (alt.open(QIODevice::ReadOnly)){
data/shelxle-1.0.1179/includeeditor.cpp:22:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
p.open(QIODevice::ReadOnly|QIODevice::Text);
data/shelxle-1.0.1179/includeeditor.cpp:42:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool success = f.open(QIODevice::WriteOnly|QIODevice::Text);
data/shelxle-1.0.1179/kissfft/kiss_fft.c:378:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fout,tmpbuf,sizeof(kiss_fft_cpx)*st->nfft);
data/shelxle-1.0.1179/kissfft/kiss_fftnd.c:171:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( st->tmpbuf, fin, sizeof(kiss_fft_cpx) * st->dimprod );
data/shelxle-1.0.1179/listfile.cpp:40:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QFile::ReadOnly | QFile::Text)) {
data/shelxle-1.0.1179/main.cpp:26:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *er=fopen(pth.toStdString().c_str(),"at");
data/shelxle-1.0.1179/main.cpp:81:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *er=fopen(pth.toStdString().c_str(),"wt");
data/shelxle-1.0.1179/main.cpp:137:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x[9]="@ShelXle";
data/shelxle-1.0.1179/molecule.cpp:7238:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *extf=fopen(pth.toStdString().c_str(),"wt");
data/shelxle-1.0.1179/molecule.cpp:7252:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logshad.open(QFile::Append|QFile::Text);
data/shelxle-1.0.1179/savehistorywidget.cpp:25:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
p.open(QIODevice::ReadOnly|QIODevice::Text);
data/shelxle-1.0.1179/savehistorywidget.cpp:79:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
p.open(QIODevice::ReadOnly|QIODevice::Text);
data/shelxle-1.0.1179/savehistorywidget.cpp:97:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f.open(QIODevice::ReadOnly|QIODevice::Text);
data/shelxle-1.0.1179/savehistorywidget.cpp:102:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool success = f.open(QIODevice::WriteOnly|QIODevice::Text);
data/shelxle-1.0.1179/savehistorywidget.cpp:112:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sahi.open(QIODevice::Append|QIODevice::Text);
data/shelxle-1.0.1179/savehistorywidget.cpp:182:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sahi.open(QIODevice::ReadOnly|QIODevice::Text);
data/shelxle-1.0.1179/scatt.h:10:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char symb[3];
data/shelxle-1.0.1179/scatt.h:365:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *hkl=fopen(hklf.toStdString().c_str(),"rt");
data/shelxle-1.0.1179/scatt.h:368:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/shelxle-1.0.1179/scatt.h:384:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fc6=fopen(mfcf.toStdString().c_str(),"wt");
data/shelxle-1.0.1179/scatt.h:435:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chkl[13],cisig[17];
data/shelxle-1.0.1179/window.cpp:1936:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool success = f.open(QIODevice::WriteOnly|QIODevice::Text);
data/shelxle-1.0.1179/window.cpp:4217:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (lstf.open(QIODevice::ReadOnly|QIODevice::Text)){
data/shelxle-1.0.1179/window.cpp:4284:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
test.open(QIODevice::ReadOnly|QIODevice::Text);
data/shelxle-1.0.1179/window.cpp:4294:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
test.open(QIODevice::ReadOnly|QIODevice::Text);
data/shelxle-1.0.1179/window.cpp:4303:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
test.open(QIODevice::ReadOnly|QIODevice::Text);
data/shelxle-1.0.1179/window.cpp:4344:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (include.open(QIODevice::ReadOnly|QIODevice::Text)) inst=include.readAll();
data/shelxle-1.0.1179/window.cpp:8722:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (myFile.open(QIODevice::ReadOnly)){
data/shelxle-1.0.1179/window.cpp:8859:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[255] ;
data/shelxle-1.0.1179/window.cpp:8861:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fname, "molisoclip%04d.png", i);
data/shelxle-1.0.1179/window.cpp:9029:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (shxf.open(QIODevice::ReadOnly|QIODevice::Text)){
data/shelxle-1.0.1179/window.cpp:9105:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f.open(QIODevice::ReadOnly|QIODevice::Text);
data/shelxle-1.0.1179/window.cpp:9116:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool success = f.open(QIODevice::WriteOnly|QIODevice::Text);
data/shelxle-1.0.1179/window.cpp:9126:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sahi.open(QIODevice::Append|QIODevice::Text);
data/shelxle-1.0.1179/window.cpp:9148:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool success = f.open(QIODevice::WriteOnly|QIODevice::Text);
data/shelxle-1.0.1179/window.cpp:11558:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (lstf.open(QIODevice::ReadOnly|QIODevice::Text)){
data/shelxle-1.0.1179/window.cpp:12223:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin.open(QIODevice::WriteOnly|QIODevice::Text);
data/shelxle-1.0.1179/window.cpp:12260:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
test.open(QIODevice::ReadOnly|QIODevice::Text);
data/shelxle-1.0.1179/window.cpp:12273:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
test.open(QIODevice::WriteOnly|QIODevice::Text);
data/shelxle-1.0.1179/codeeditor.cpp:934:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cc,s1.section(QRegExp("\\d+"),1,-1).toStdString().c_str(),4);
data/shelxle-1.0.1179/codeeditor.cpp:935:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (size_t k=0; k<strlen(cc);k++) {r1*=256;r1+=(size_t)cc[k];}
data/shelxle-1.0.1179/codeeditor.cpp:1000:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cc,s1.section(QRegExp("\\d+"),1,-1).toStdString().c_str(),4);
data/shelxle-1.0.1179/codeeditor.cpp:1001:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (size_t k=0; k<strlen(cc);k++) {r1*=256;r1+=(size_t)cc[k];}
data/shelxle-1.0.1179/codeeditor.cpp:1109:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cc,s1.section(QRegExp("\\d+"),1,-1).toStdString().c_str(),4);
data/shelxle-1.0.1179/codeeditor.cpp:1110:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (size_t k=0; k<strlen(cc);k++) {r1*=256;r1+=(size_t)cc[k];}
data/shelxle-1.0.1179/codeeditor.cpp:1316:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cc,s1.section(QRegExp("\\d+"),1,-1).toStdString().c_str(),4);
data/shelxle-1.0.1179/codeeditor.cpp:1317:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (size_t k=0; k<strlen(cc);k++) {r1*=256;r1+=(size_t)cc[k];}
data/shelxle-1.0.1179/fourxle.cpp:1340:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len=strlen(s);
data/shelxle-1.0.1179/fourxle.cpp:1341:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sc,s,400);
data/shelxle-1.0.1179/fourxle.cpp:1349:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((s==NULL)||(count <1)||((size_t)count>strlen(s))) return;
data/shelxle-1.0.1179/fourxle.cpp:1360:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len=strlen(filename);
data/shelxle-1.0.1179/fourxle.cpp:1374:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(foname,filename,len-4);
data/shelxle-1.0.1179/fourxle.cpp:1412:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fof1name,filename,len-4);
data/shelxle-1.0.1179/fourxle.cpp:1584:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(line,"");
data/shelxle-1.0.1179/molecule.cpp:7239:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(extensionString,sizeof(char),strlen(extensionString)+1,extf);
data/shelxle-1.0.1179/scatt.h:434:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<28) continue;
ANALYSIS SUMMARY:
Hits = 91
Lines analyzed = 46625 in approximately 1.62 seconds (28803 lines/second)
Physical Source Lines of Code (SLOC) = 39682
Hits@level = [0] 243 [1] 17 [2] 74 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 334 [1+] 91 [2+] 74 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 8.41691 [1+] 2.29323 [2+] 1.86483 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.