The following issues were found
libs/qcustomplot-source/qcustomplot.cpp
37 issues
Line: 19881
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pixels.append(reinterpret_cast<QRgb*>(mGradientImage.scanLine(y)));
mParentColorScale->mGradient.colorize(data.constData(), QCPRange(0, n-1), pixels.first(), n);
for (int y=1; y<h; ++y)
memcpy(pixels.at(y), pixels.first(), n*sizeof(QRgb));
} else
{
w = rect().width();
h = n;
mGradientImage = QImage(w, h, format);
Reported by FlawFinder.
Line: 25108
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
setRange(other.keyRange(), other.valueRange());
if (!isEmpty())
{
memcpy(mData, other.mData, sizeof(mData[0])*keySize*valueSize);
if (mAlpha)
memcpy(mAlpha, other.mAlpha, sizeof(mAlpha[0])*keySize*valueSize);
}
mDataBounds = other.mDataBounds;
mDataModified = true;
Reported by FlawFinder.
Line: 25110
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
memcpy(mData, other.mData, sizeof(mData[0])*keySize*valueSize);
if (mAlpha)
memcpy(mAlpha, other.mAlpha, sizeof(mAlpha[0])*keySize*valueSize);
}
mDataBounds = other.mDataBounds;
mDataModified = true;
}
return *this;
Reported by FlawFinder.
Line: 26214
Column: 3
CWE codes:
362
*/
QCPFinancialData::QCPFinancialData() :
key(0),
open(0),
high(0),
low(0),
close(0)
{
}
Reported by FlawFinder.
Line: 26224
Column: 55
CWE codes:
362
/*!
Constructs a data point with the specified \a key and OHLC values.
*/
QCPFinancialData::QCPFinancialData(double key, double open, double high, double low, double close) :
key(key),
open(open),
high(high),
low(low),
close(close)
Reported by FlawFinder.
Line: 26226
Column: 3
CWE codes:
362
*/
QCPFinancialData::QCPFinancialData(double key, double open, double high, double low, double close) :
key(key),
open(open),
high(high),
low(low),
close(close)
{
}
Reported by FlawFinder.
Line: 26226
Column: 8
CWE codes:
362
*/
QCPFinancialData::QCPFinancialData(double key, double open, double high, double low, double close) :
key(key),
open(open),
high(high),
low(low),
close(close)
{
}
Reported by FlawFinder.
Line: 26357
Column: 80
CWE codes:
362
\see addData, timeSeriesToOhlc
*/
void QCPFinancial::setData(const QVector<double> &keys, const QVector<double> &open, const QVector<double> &high, const QVector<double> &low, const QVector<double> &close, bool alreadySorted)
{
mDataContainer->clear();
addData(keys, open, high, low, close, alreadySorted);
}
Reported by FlawFinder.
Line: 26360
Column: 17
CWE codes:
362
void QCPFinancial::setData(const QVector<double> &keys, const QVector<double> &open, const QVector<double> &high, const QVector<double> &low, const QVector<double> &close, bool alreadySorted)
{
mDataContainer->clear();
addData(keys, open, high, low, close, alreadySorted);
}
/*!
Sets which representation style shall be used to display the OHLC data.
*/
Reported by FlawFinder.
Line: 26478
Column: 80
CWE codes:
362
\see timeSeriesToOhlc
*/
void QCPFinancial::addData(const QVector<double> &keys, const QVector<double> &open, const QVector<double> &high, const QVector<double> &low, const QVector<double> &close, bool alreadySorted)
{
if (keys.size() != open.size() || open.size() != high.size() || high.size() != low.size() || low.size() != close.size() || close.size() != keys.size())
qDebug() << Q_FUNC_INFO << "keys, open, high, low, close have different sizes:" << keys.size() << open.size() << high.size() << low.size() << close.size();
const int n = qMin(keys.size(), qMin(open.size(), qMin(high.size(), qMin(low.size(), close.size()))));
QVector<QCPFinancialData> tempData(n);
Reported by FlawFinder.
src/extensions/extension-functions.c
31 issues
Line: 206
Column: 12
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
static char *sqlite3StrDup( const char *z ) {
char *res = sqlite3_malloc( strlen(z)+1 );
return strcpy( res, z );
}
/*
** These are copied verbatim from fun.c so as to not have the names exported
*/
Reported by FlawFinder.
Line: 695
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (zo) sqlite3_free(zo);
return;
}
strcpy((char*)zo, (char*)sqlite3_value_text(argv[0]));
for(i=0; i<iCount; ++i){
strcpy((char*)(z+i*nLen), (char*)zo);
}
Reported by FlawFinder.
Line: 698
Column: 7
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy((char*)zo, (char*)sqlite3_value_text(argv[0]));
for(i=0; i<iCount; ++i){
strcpy((char*)(z+i*nLen), (char*)zo);
}
sqlite3_result_text(context, (char*)z, -1, SQLITE_TRANSIENT);
sqlite3_free(z);
sqlite3_free(zo);
Reported by FlawFinder.
Line: 803
Column: 7
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
*(zt++)=' ';
}
/* no need to take UTF-8 into consideration here */
strcpy(zt,zi);
}
sqlite3_result_text(context, zo, -1, SQLITE_TRANSIENT);
sqlite3_free(zo);
}
}
Reported by FlawFinder.
Line: 853
Column: 12
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
sqlite3_result_error_nomem(context);
return;
}
zt = strcpy(zo,zi)+zll;
for(i=1; i+zl<=ilen; ++i){
*(zt++) = ' ';
}
*zt = '\0';
}
Reported by FlawFinder.
Line: 912
Column: 7
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
for(i=1; 2*i+zl<=ilen; ++i){
*(zt++) = ' ';
}
strcpy(zt, zi);
zt+=zll;
for(; i+zl<=ilen; ++i){
*(zt++) = ' ';
}
*zt = '\0';
Reported by FlawFinder.
Line: 1145
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
sqlite3_result_error_nomem(context);
return;
}
strcpy((char*) rz, (char*) (zt));
sqlite3_result_text(context, (char*)rz, -1, SQLITE_TRANSIENT);
sqlite3_free(rz);
}
#ifndef HAVE_TRIM
Reported by FlawFinder.
Line: 776
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if( sqlite3_value_type(argv[0]) == SQLITE_NULL ){
sqlite3_result_null(context);
}else{
zi = (char *)sqlite3_value_text(argv[0]);
ilen = sqlite3_value_int64(argv[1]);
/* check domain */
if(ilen<0){
sqlite3_result_error(context, "domain error", -1);
return;
Reported by FlawFinder.
Line: 830
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if( sqlite3_value_type(argv[0]) == SQLITE_NULL ){
sqlite3_result_null(context);
}else{
zi = (char *)sqlite3_value_text(argv[0]);
ilen = sqlite3_value_int64(argv[1]);
/* check domain */
if(ilen<0){
sqlite3_result_error(context, "domain error", -1);
return;
Reported by FlawFinder.
Line: 885
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if( sqlite3_value_type(argv[0]) == SQLITE_NULL ){
sqlite3_result_null(context);
}else{
zi = (char *)sqlite3_value_text(argv[0]);
ilen = sqlite3_value_int64(argv[1]);
/* check domain */
if(ilen<0){
sqlite3_result_error(context, "domain error", -1);
return;
Reported by FlawFinder.
libs/qscintilla/src/Editor.cpp
29 issues
Line: 219
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"CAN", "EM", "SUB", "ESC", "FS", "GS", "RS", "US"
};
for (size_t j=0; j < ELEMENTS(reps); j++) {
const char c[2] = { static_cast<char>(j), 0 };
reprs.SetRepresentation(c, reps[j]);
}
// C1 control set
// As well as Unicode mode, ISO-8859-1 should use these
Reported by FlawFinder.
Line: 233
Column: 10
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"SOS", "SGCI", "SCI", "CSI", "ST", "OSC", "PM", "APC"
};
for (size_t j=0; j < ELEMENTS(repsC1); j++) {
const char c1[3] = { '\xc2', static_cast<char>(0x80+j), 0 };
reprs.SetRepresentation(c1, repsC1[j]);
}
reprs.SetRepresentation("\xe2\x80\xa8", "LS");
reprs.SetRepresentation("\xe2\x80\xa9", "PS");
}
Reported by FlawFinder.
Line: 243
Column: 10
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// UTF-8 invalid bytes
if (IsUnicodeMode()) {
for (int k=0x80; k < 0x100; k++) {
const char hiByte[2] = { static_cast<char>(k), 0 };
char hexits[5]; // Really only needs 4 but that causes warning from gcc 7.1
sprintf(hexits, "x%2X", k);
reprs.SetRepresentation(hiByte, hexits);
}
} else if (pdoc->dbcsCodePage) {
Reported by FlawFinder.
Line: 244
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (IsUnicodeMode()) {
for (int k=0x80; k < 0x100; k++) {
const char hiByte[2] = { static_cast<char>(k), 0 };
char hexits[5]; // Really only needs 4 but that causes warning from gcc 7.1
sprintf(hexits, "x%2X", k);
reprs.SetRepresentation(hiByte, hexits);
}
} else if (pdoc->dbcsCodePage) {
// DBCS invalid single lead bytes
Reported by FlawFinder.
Line: 245
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (int k=0x80; k < 0x100; k++) {
const char hiByte[2] = { static_cast<char>(k), 0 };
char hexits[5]; // Really only needs 4 but that causes warning from gcc 7.1
sprintf(hexits, "x%2X", k);
reprs.SetRepresentation(hiByte, hexits);
}
} else if (pdoc->dbcsCodePage) {
// DBCS invalid single lead bytes
for (int k = 0x80; k < 0x100; k++) {
Reported by FlawFinder.
Line: 253
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (int k = 0x80; k < 0x100; k++) {
const char ch = static_cast<char>(k);
if (pdoc->IsDBCSLeadByteNoExcept(ch) || pdoc->IsDBCSLeadByteInvalid(ch)) {
const char hiByte[2] = { ch, 0 };
char hexits[5]; // Really only needs 4 but that causes warning from gcc 7.1
sprintf(hexits, "x%2X", k);
reprs.SetRepresentation(hiByte, hexits);
}
}
Reported by FlawFinder.
Line: 254
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char ch = static_cast<char>(k);
if (pdoc->IsDBCSLeadByteNoExcept(ch) || pdoc->IsDBCSLeadByteInvalid(ch)) {
const char hiByte[2] = { ch, 0 };
char hexits[5]; // Really only needs 4 but that causes warning from gcc 7.1
sprintf(hexits, "x%2X", k);
reprs.SetRepresentation(hiByte, hexits);
}
}
}
Reported by FlawFinder.
Line: 255
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (pdoc->IsDBCSLeadByteNoExcept(ch) || pdoc->IsDBCSLeadByteInvalid(ch)) {
const char hiByte[2] = { ch, 0 };
char hexits[5]; // Really only needs 4 but that causes warning from gcc 7.1
sprintf(hexits, "x%2X", k);
reprs.SetRepresentation(hiByte, hexits);
}
}
}
}
Reported by FlawFinder.
Line: 1884
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
void Editor::AddChar(char ch) {
char s[2];
s[0] = ch;
s[1] = '\0';
AddCharUTF(s, 1);
}
Reported by FlawFinder.
Line: 3075
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
while (*eol) {
NotifyChar(*eol);
if (recordingMacro) {
char txt[2];
txt[0] = *eol;
txt[1] = '\0';
NotifyMacroRecord(SCI_REPLACESEL, 0, reinterpret_cast<sptr_t>(txt));
}
eol++;
Reported by FlawFinder.
src/extensions/extension-formats.c
27 issues
Line: 92
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
availableSpace = cfg->outputBufferLength - cfg->outputBufferIn;
}
strcpy((char *)(cfg->outputBuffer+cfg->outputBufferIn), text);
cfg->outputBufferIn += textLength;
return ERROR_NONE;
}
int printWithIndent(CONFIG *cfg, const char *text, int newline)
Reported by FlawFinder.
Line: 49
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
double real;
long integer;
unsigned long uid;
unsigned char binary[1];
char text[1];
short int utf16[1];
int refs[1];
KEY keys[1];
struct OBJECT *objects[1];
Reported by FlawFinder.
Line: 50
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
long integer;
unsigned long uid;
unsigned char binary[1];
char text[1];
short int utf16[1];
int refs[1];
KEY keys[1];
struct OBJECT *objects[1];
} data;
Reported by FlawFinder.
Line: 100
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int printWithIndent(CONFIG *cfg, const char *text, int newline)
{
int err = ERROR_NONE;
char spaces[9] = " ";
int n = indent;
while ((n > 8) && (err == ERROR_NONE)) {
err = outputText(cfg, spaces);
n -= 8;
}
Reported by FlawFinder.
Line: 195
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
union {
double v;
float f[2];
unsigned char b[8];
} value;
int n = 1 << (desc & 0x03);
for (int i=0; i < n; i++)
value.b[7-i] = *(ptr++);
if (n == 4)
Reported by FlawFinder.
Line: 289
Column: 24
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return err;
switch(length) {
case 0: // NULL
strcpy(obj->data.text, "<Null/>");
break;
case 8: // False
strcpy(obj->data.text, "<False/>");
break;
case 9: // True
Reported by FlawFinder.
Line: 292
Column: 24
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(obj->data.text, "<Null/>");
break;
case 8: // False
strcpy(obj->data.text, "<False/>");
break;
case 9: // True
strcpy(obj->data.text, "<True/>");
break;
case 15: // Fill
Reported by FlawFinder.
Line: 295
Column: 24
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(obj->data.text, "<False/>");
break;
case 9: // True
strcpy(obj->data.text, "<True/>");
break;
case 15: // Fill
strcpy(obj->data.text, "<Fill/>");
break;
default: // Illegal
Reported by FlawFinder.
Line: 298
Column: 24
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(obj->data.text, "<True/>");
break;
case 15: // Fill
strcpy(obj->data.text, "<Fill/>");
break;
default: // Illegal
strcpy(obj->data.text, "***Error***");
break;
}
Reported by FlawFinder.
Line: 301
Column: 24
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(obj->data.text, "<Fill/>");
break;
default: // Illegal
strcpy(obj->data.text, "***Error***");
break;
}
break;
case 0x01: // Integer
err = createObject(type, length, 0, &obj);
Reported by FlawFinder.
libs/json/json.hpp
16 issues
Line: 1053
Column: 86
CWE codes:
134
Suggestion:
Use a constant for the format specification
(JSON_HEDLEY_TI_VERSION_CHECK(7,3,0) && defined(__TI_GNU_ATTRIBUTE_SUPPORT__))
#define JSON_HEDLEY_PRINTF_FORMAT(string_idx,first_to_check) __attribute__((__format__(__printf__, string_idx, first_to_check)))
#elif JSON_HEDLEY_PELLES_VERSION_CHECK(6,0,0)
#define JSON_HEDLEY_PRINTF_FORMAT(string_idx,first_to_check) __declspec(vaformat(printf,string_idx,first_to_check))
#else
#define JSON_HEDLEY_PRINTF_FORMAT(string_idx,first_to_check)
#endif
#if defined(JSON_HEDLEY_CONSTEXPR)
Reported by FlawFinder.
Line: 5413
Column: 23
CWE codes:
134
Suggestion:
Use a constant for the format specification
default: // anything else not supported (yet)
{
std::array<char, 3> cr{{}};
(std::snprintf)(cr.data(), cr.size(), "%.2hhX", static_cast<unsigned char>(element_type));
return sax->parse_error(element_type_parse_position, std::string(cr.data()), parse_error::create(114, element_type_parse_position, "Unsupported BSON record type 0x" + std::string(cr.data())));
}
}
}
Reported by FlawFinder.
Line: 7065
Column: 15
CWE codes:
134
Suggestion:
Use a constant for the format specification
std::string get_token_string() const
{
std::array<char, 3> cr{{}};
(std::snprintf)(cr.data(), cr.size(), "%.2hhX", static_cast<unsigned char>(current));
return std::string{cr.data()};
}
/*!
@param[in] format the current format
Reported by FlawFinder.
Line: 8498
Column: 23
CWE codes:
134
Suggestion:
Use a constant for the format specification
{
// escape control characters
std::array<char, 9> cs{{}};
(std::snprintf)(cs.data(), cs.size(), "<U+%.4X>", static_cast<unsigned char>(c));
result += cs.data();
}
else
{
// add character as is
Reported by FlawFinder.
Line: 14124
Column: 43
CWE codes:
134
Suggestion:
Use a constant for the format specification
{
if (codepoint <= 0xFFFF)
{
(std::snprintf)(string_buffer.data() + bytes, 7, "\\u%04x",
static_cast<std::uint16_t>(codepoint));
bytes += 6;
}
else
{
Reported by FlawFinder.
Line: 14130
Column: 43
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
else
{
(std::snprintf)(string_buffer.data() + bytes, 13, "\\u%04x\\u%04x",
static_cast<std::uint16_t>(0xD7C0u + (codepoint >> 10u)),
static_cast<std::uint16_t>(0xDC00u + (codepoint & 0x3FFu)));
bytes += 12;
}
}
Reported by FlawFinder.
Line: 14168
Column: 35
CWE codes:
134
Suggestion:
Use a constant for the format specification
case error_handler_t::strict:
{
std::string sn(3, '\0');
(std::snprintf)(&sn[0], sn.size(), "%.2X", byte);
JSON_THROW(type_error::create(316, "invalid UTF-8 byte at index " + std::to_string(i) + ": 0x" + sn));
}
case error_handler_t::ignore:
case error_handler_t::replace:
Reported by FlawFinder.
Line: 14262
Column: 27
CWE codes:
134
Suggestion:
Use a constant for the format specification
case error_handler_t::strict:
{
std::string sn(3, '\0');
(std::snprintf)(&sn[0], sn.size(), "%.2X", static_cast<std::uint8_t>(s.back()));
JSON_THROW(type_error::create(316, "incomplete UTF-8 string; last byte: 0x" + sn));
}
case error_handler_t::ignore:
{
Reported by FlawFinder.
Line: 14463
Column: 36
CWE codes:
134
Suggestion:
Use a constant for the format specification
static constexpr auto d = std::numeric_limits<number_float_t>::max_digits10;
// the actual conversion
std::ptrdiff_t len = (std::snprintf)(number_buffer.data(), number_buffer.size(), "%.*g", d, x);
// negative value indicates an error
assert(len > 0);
// check if buffer was large enough
assert(static_cast<std::size_t>(len) < number_buffer.size());
Reported by FlawFinder.
Line: 1441
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
sizeof(*( \
1 ? \
((void*) ((expr) * 0L) ) : \
((struct { char v[sizeof(void) * 2]; } *) 1) \
) \
) \
)
# endif
#endif
Reported by FlawFinder.
libs/qscintilla/src/Document.cpp
13 issues
Line: 646
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (len > trailBytes)
// pos too far from lead
return false;
unsigned char charBytes[UTF8MaxBytes] = {leadByte,0,0,0};
for (Sci::Position b=1; b<widthCharBytes && ((start+b) < cb.Length()); b++)
charBytes[b] = cb.CharAt(start+b);
const int utf8status = UTF8Classify(charBytes, widthCharBytes);
if (utf8status & UTF8MaskInvalid)
return false;
Reported by FlawFinder.
Line: 747
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
pos++;
} else {
const int widthCharBytes = UTF8BytesOfLead[leadByte];
unsigned char charBytes[UTF8MaxBytes] = {leadByte,0,0,0};
for (int b=1; b<widthCharBytes; b++)
charBytes[b] = cb.CharAt(pos+b);
const int utf8status = UTF8Classify(charBytes, widthCharBytes);
if (utf8status & UTF8MaskInvalid)
pos++;
Reported by FlawFinder.
Line: 829
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
if (SC_CP_UTF8 == dbcsCodePage) {
const int widthCharBytes = UTF8BytesOfLead[leadByte];
unsigned char charBytes[UTF8MaxBytes] = { leadByte, 0, 0, 0 };
for (int b = 1; b<widthCharBytes; b++)
charBytes[b] = cb.UCharAt(position + b);
const int utf8status = UTF8Classify(charBytes, widthCharBytes);
if (utf8status & UTF8MaskInvalid) {
// Treat as invalid and use up just one byte
Reported by FlawFinder.
Line: 868
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
Sci::Position endUTF = position;
if (InGoodUTF8(position, startUTF, endUTF)) {
const int widthCharBytes = static_cast<int>(endUTF - startUTF);
unsigned char charBytes[UTF8MaxBytes] = { 0, 0, 0, 0 };
for (int b = 0; b<widthCharBytes; b++)
charBytes[b] = cb.UCharAt(startUTF + b);
const int utf8status = UTF8Classify(charBytes, widthCharBytes);
if (utf8status & UTF8MaskInvalid) {
// Treat as invalid and use up just one byte
Reported by FlawFinder.
Line: 941
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
character = leadByte;
} else {
const int widthCharBytes = UTF8BytesOfLead[leadByte];
unsigned char charBytes[UTF8MaxBytes] = {leadByte,0,0,0};
for (int b=1; b<widthCharBytes; b++)
charBytes[b] = cb.UCharAt(position+b);
const int utf8status = UTF8Classify(charBytes, widthCharBytes);
if (utf8status & UTF8MaskInvalid) {
// Report as singleton surrogate values which are invalid Unicode
Reported by FlawFinder.
Line: 1960
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return CharacterExtracted(leadByte, 1);
}
const int widthCharBytes = UTF8BytesOfLead[leadByte];
unsigned char charBytes[UTF8MaxBytes] = { leadByte, 0, 0, 0 };
for (int b=1; b<widthCharBytes; b++)
charBytes[b] = cb.UCharAt(position + b);
const int utf8status = UTF8Classify(charBytes, widthCharBytes);
if (utf8status & UTF8MaskInvalid) {
// Treat as invalid and use up just one byte
Reported by FlawFinder.
Line: 2029
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
std::vector<char> searchThing((lengthFind+1) * UTF8MaxBytes * maxFoldingExpansion + 1);
const size_t lenSearch =
pcf->Fold(&searchThing[0], searchThing.size(), search, lengthFind);
char bytes[UTF8MaxBytes + 1] = "";
char folded[UTF8MaxBytes * maxFoldingExpansion + 1] = "";
while (forward ? (pos < endPos) : (pos >= endPos)) {
int widthFirstCharacter = 0;
Sci::Position posIndexDocument = pos;
size_t indexSearch = 0;
Reported by FlawFinder.
Line: 2030
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const size_t lenSearch =
pcf->Fold(&searchThing[0], searchThing.size(), search, lengthFind);
char bytes[UTF8MaxBytes + 1] = "";
char folded[UTF8MaxBytes * maxFoldingExpansion + 1] = "";
while (forward ? (pos < endPos) : (pos >= endPos)) {
int widthFirstCharacter = 0;
Sci::Position posIndexDocument = pos;
size_t indexSearch = 0;
bool characterMatches = true;
Reported by FlawFinder.
Line: 2088
Column: 6
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
while (characterMatches &&
((pos + indexDocument) < limitPos) &&
(indexSearch < lenSearch)) {
char bytes[maxBytesCharacter + 1];
bytes[0] = cb.CharAt(pos + indexDocument);
const Sci::Position widthChar = IsDBCSLeadByteNoExcept(bytes[0]) ? 2 : 1;
if (widthChar == 2)
bytes[1] = cb.CharAt(pos + indexDocument + 1);
if ((pos + indexDocument + widthChar) > limitPos)
Reported by FlawFinder.
Line: 2095
Column: 6
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bytes[1] = cb.CharAt(pos + indexDocument + 1);
if ((pos + indexDocument + widthChar) > limitPos)
break;
char folded[maxBytesCharacter * maxFoldingExpansion + 1];
const size_t lenFlat = pcf->Fold(folded, sizeof(folded), bytes, widthChar);
// memcmp may examine lenFlat bytes in both arguments so assert it doesn't read past end of searchThing
assert((indexSearch + lenFlat) <= searchThing.size());
// Does folded match the buffer
characterMatches = 0 == memcmp(folded, &searchThing[0] + indexSearch, lenFlat);
Reported by FlawFinder.
src/sql/parser/sqlite3_parser.hpp
12 issues
Line: 410
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
union union_type
{
// columndef
char dummy1[sizeof (ColumndefData)];
// optional_if_not_exists
// optional_unique
// optional_temporary
// optional_withoutrowid
Reported by FlawFinder.
Line: 417
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// optional_temporary
// optional_withoutrowid
// optional_always_generated
char dummy2[sizeof (bool)];
// columnconstraint
// tableconstraint
char dummy3[sizeof (sqlb::ConstraintPtr)];
Reported by FlawFinder.
Line: 421
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// columnconstraint
// tableconstraint
char dummy3[sizeof (sqlb::ConstraintPtr)];
// columnconstraint_list
// tableconstraint_list
// optional_tableconstraint_list
char dummy4[sizeof (sqlb::ConstraintVector)];
Reported by FlawFinder.
Line: 426
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// columnconstraint_list
// tableconstraint_list
// optional_tableconstraint_list
char dummy4[sizeof (sqlb::ConstraintVector)];
// createindex_stmt
char dummy5[sizeof (sqlb::IndexPtr)];
// indexed_column
Reported by FlawFinder.
Line: 429
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char dummy4[sizeof (sqlb::ConstraintVector)];
// createindex_stmt
char dummy5[sizeof (sqlb::IndexPtr)];
// indexed_column
char dummy6[sizeof (sqlb::IndexedColumn)];
// indexed_column_list
Reported by FlawFinder.
Line: 432
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char dummy5[sizeof (sqlb::IndexPtr)];
// indexed_column
char dummy6[sizeof (sqlb::IndexedColumn)];
// indexed_column_list
char dummy7[sizeof (sqlb::IndexedColumnVector)];
// columnid_list
Reported by FlawFinder.
Line: 435
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char dummy6[sizeof (sqlb::IndexedColumn)];
// indexed_column_list
char dummy7[sizeof (sqlb::IndexedColumnVector)];
// columnid_list
// optional_columnid_with_paren_list
char dummy8[sizeof (sqlb::StringVector)];
Reported by FlawFinder.
Line: 439
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// columnid_list
// optional_columnid_with_paren_list
char dummy8[sizeof (sqlb::StringVector)];
// createvirtualtable_stmt
// createtable_stmt
char dummy9[sizeof (sqlb::TablePtr)];
Reported by FlawFinder.
Line: 443
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// createvirtualtable_stmt
// createtable_stmt
char dummy9[sizeof (sqlb::TablePtr)];
// "ABORT"
// "ACTION"
// "ALWAYS"
// "AND"
Reported by FlawFinder.
Line: 569
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// fk_clause_part
// fk_clause_part_list
// optional_fk_clause
char dummy10[sizeof (std::string)];
// columndef_list
char dummy11[sizeof (std::vector<ColumndefData>)];
};
Reported by FlawFinder.
src/MainWindow.cpp
10 issues
Line: 546
Column: 19
CWE codes:
362
return false;
// No project file; so it should be a database file
if(db.open(wFile, readOnly))
{
// Close all open but empty SQL tabs
for(int i=ui->tabSqlAreas->count()-1;i>=0;i--)
{
if(qobject_cast<SqlExecutionArea*>(ui->tabSqlAreas->widget(i))->getSql().trimmed().isEmpty())
Reported by FlawFinder.
Line: 614
Column: 8
CWE codes:
362
{
// Open an in-memory database. We use open() instead of create() here because the extra work create() does is not needed
// when no files are stored on disk.
db.open(":memory:");
setCurrentFile(tr("In-Memory database"));
statusEncodingLabel->setText(db.getPragma("encoding"));
statusEncryptionLabel->setVisible(false);
statusReadOnlyLabel->setVisible(false);
Reported by FlawFinder.
Line: 1402
Column: 14
CWE codes:
362
// Save clipboard content to temporary file
QTemporaryFile temp("csv_clipboard");
temp.open();
QClipboard* clipboard = QGuiApplication::clipboard();
temp.write(clipboard->text().toUtf8());
temp.close();
validFiles.push_back(temp.fileName());
Reported by FlawFinder.
Line: 1552
Column: 7
CWE codes:
362
// Open, read, execute and close file
QApplication::setOverrideCursor(Qt::WaitCursor);
QFile f(fileName);
f.open(QIODevice::ReadOnly);
QByteArray filedata = f.readAll();
removeBom(filedata);
bool ok = db.executeMultiSQL(filedata, newDbFile.size() == 0);
// Restore cursor before asking the user to accept the message
QApplication::restoreOverrideCursor();
Reported by FlawFinder.
Line: 1841
Column: 37
CWE codes:
362
qApp->applicationName(),
tr("Select the action to apply to the dropped file(s). <br/>"
"Note: only 'Import' will process more than one file.", "", urls.count()),
{open, attach, import},
0,
false,
&ok);
if(ok) {
if (action == open) {
Reported by FlawFinder.
Line: 1846
Column: 27
CWE codes:
362
false,
&ok);
if(ok) {
if (action == open) {
fileOpen(fileName);
} else if (action == attach) {
fileAttach(fileName);
} else if (action == import) {
Reported by FlawFinder.
Line: 2311
Column: 15
CWE codes:
362
QMessageBox::warning(this, qApp->applicationName(),
tr("Could not find resource file: %1").arg(f.fileName()));
} else {
f.open(QFile::ReadOnly | QFile::Text);
QTextStream ts(&f);
qApp->setStyleSheet(ts.readAll());
}
break;
}
Reported by FlawFinder.
Line: 2642
Column: 14
CWE codes:
362
if(!filename.isEmpty())
{
QFile file(filename);
file.open(QFile::ReadOnly | QFile::Text);
QXmlStreamReader xml(&file);
xml.readNext(); // token == QXmlStreamReader::StartDocument
xml.readNext(); // name == sqlb_project
if(xml.name() != "sqlb_project")
Reported by FlawFinder.
Line: 3026
Column: 28
CWE codes:
362
filename.append(FILE_EXT_SQLPRJ_DEFAULT);
QFile file(filename);
bool opened = file.open(QFile::WriteOnly | QFile::Text);
if(!opened) {
QMessageBox::warning(this, qApp->applicationName(),
tr("Could not open project file for writing.\nReason: %1").arg(file.errorString()));
currentProjectFilename.clear();
return;
Reported by FlawFinder.
Line: 3217
Column: 18
CWE codes:
362
if(ok)
{
QFile file(temporalFile);
file.open(QFile::WriteOnly);
file.close();
}
CipherSettings cipherSettings = cipherDialog.getCipherSettings();
Reported by FlawFinder.
libs/qscintilla/lexlib/WordList.cpp
8 issues
Line: 41
Column: 24
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
words++;
prev = curr;
}
char **keywords = new char *[words + 1];
int wordsStore = 0;
const size_t slen = strlen(wordlist);
if (words) {
prev = '\0';
for (size_t k = 0; k < slen; k++) {
Reported by FlawFinder.
Line: 124
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
Clear();
const size_t lenS = strlen(s) + 1;
list = new char[lenS];
memcpy(list, s, lenS);
words = ArrayFromWordList(list, &len, onlyLineEnds);
#ifdef _MSC_VER
std::sort(words, words + len, cmpWords);
#else
SortWordList(words, len);
Reported by FlawFinder.
Line: 43
Column: 22
CWE codes:
126
}
char **keywords = new char *[words + 1];
int wordsStore = 0;
const size_t slen = strlen(wordlist);
if (words) {
prev = '\0';
for (size_t k = 0; k < slen; k++) {
if (!wordSeparator[static_cast<unsigned char>(wordlist[k])]) {
if (!prev) {
Reported by FlawFinder.
Line: 122
Column: 22
CWE codes:
126
void WordList::Set(const char *s) {
Clear();
const size_t lenS = strlen(s) + 1;
list = new char[lenS];
memcpy(list, s, lenS);
words = ArrayFromWordList(list, &len, onlyLineEnds);
#ifdef _MSC_VER
std::sort(words, words + len, cmpWords);
Reported by FlawFinder.
Line: 252
Column: 35
CWE codes:
126
a++;
if (*a == marker) {
a++;
const size_t suffixLengthA = strlen(a);
const size_t suffixLengthB = strlen(b);
if (suffixLengthA >= suffixLengthB)
break;
b = b + suffixLengthB - suffixLengthA - 1;
}
Reported by FlawFinder.
Line: 253
Column: 35
CWE codes:
126
if (*a == marker) {
a++;
const size_t suffixLengthA = strlen(a);
const size_t suffixLengthB = strlen(b);
if (suffixLengthA >= suffixLengthB)
break;
b = b + suffixLengthB - suffixLengthA - 1;
}
b++;
Reported by FlawFinder.
Line: 271
Column: 33
CWE codes:
126
while (words[j][0] == marker) {
const char *a = words[j] + 1;
const char *b = s;
const size_t suffixLengthA = strlen(a);
const size_t suffixLengthB = strlen(b);
if (suffixLengthA > suffixLengthB) {
j++;
continue;
}
Reported by FlawFinder.
Line: 272
Column: 33
CWE codes:
126
const char *a = words[j] + 1;
const char *b = s;
const size_t suffixLengthA = strlen(a);
const size_t suffixLengthB = strlen(b);
if (suffixLengthA > suffixLengthB) {
j++;
continue;
}
b = b + suffixLengthB - suffixLengthA;
Reported by FlawFinder.
libs/qscintilla/src/CaseConvert.cpp
8 issues
Line: 571
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// Maximum length of a case conversion result is 6 bytes in UTF-8
enum { maxConversionLength=6 };
struct ConversionString {
char conversion[maxConversionLength+1];
ConversionString() : conversion{} {
}
};
// Conversions are initially store in a vector of structs but then decomposed into
// parallel arrays as that is about 10% faster to search.
Reported by FlawFinder.
Line: 615
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t CaseConvertString(char *converted, size_t sizeConverted, const char *mixed, size_t lenMixed) override {
size_t lenConverted = 0;
size_t mixedPos = 0;
unsigned char bytes[UTF8MaxBytes + 1]{};
while (mixedPos < lenMixed) {
const unsigned char leadByte = mixed[mixedPos];
const char *caseConverted = nullptr;
size_t lenMixedChar = 1;
if (UTF8IsAscii(leadByte)) {
Reported by FlawFinder.
Line: 673
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
CaseConverter caseConvLow;
void AddSymmetric(enum CaseConversion conversion, int lower,int upper) {
char lowerUTF8[UTF8MaxBytes+1];
UTF8FromUTF32Character(lower, lowerUTF8);
char upperUTF8[UTF8MaxBytes+1];
UTF8FromUTF32Character(upper, upperUTF8);
switch (conversion) {
Reported by FlawFinder.
Line: 675
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void AddSymmetric(enum CaseConversion conversion, int lower,int upper) {
char lowerUTF8[UTF8MaxBytes+1];
UTF8FromUTF32Character(lower, lowerUTF8);
char upperUTF8[UTF8MaxBytes+1];
UTF8FromUTF32Character(upper, upperUTF8);
switch (conversion) {
case CaseConversionFold:
caseConvFold.Add(upper, lowerUTF8);
Reported by FlawFinder.
Line: 713
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
while (*sComplex) {
// Longest ligature is 3 character so 5 for safety
const size_t lenUTF8 = 5*UTF8MaxBytes+1;
unsigned char originUTF8[lenUTF8]{};
char foldedUTF8[lenUTF8]{};
char lowerUTF8[lenUTF8]{};
char upperUTF8[lenUTF8]{};
size_t i = 0;
while (*sComplex && *sComplex != '|') {
Reported by FlawFinder.
Line: 714
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// Longest ligature is 3 character so 5 for safety
const size_t lenUTF8 = 5*UTF8MaxBytes+1;
unsigned char originUTF8[lenUTF8]{};
char foldedUTF8[lenUTF8]{};
char lowerUTF8[lenUTF8]{};
char upperUTF8[lenUTF8]{};
size_t i = 0;
while (*sComplex && *sComplex != '|') {
originUTF8[i++] = *sComplex;
Reported by FlawFinder.
Line: 715
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const size_t lenUTF8 = 5*UTF8MaxBytes+1;
unsigned char originUTF8[lenUTF8]{};
char foldedUTF8[lenUTF8]{};
char lowerUTF8[lenUTF8]{};
char upperUTF8[lenUTF8]{};
size_t i = 0;
while (*sComplex && *sComplex != '|') {
originUTF8[i++] = *sComplex;
sComplex++;
Reported by FlawFinder.
Line: 716
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char originUTF8[lenUTF8]{};
char foldedUTF8[lenUTF8]{};
char lowerUTF8[lenUTF8]{};
char upperUTF8[lenUTF8]{};
size_t i = 0;
while (*sComplex && *sComplex != '|') {
originUTF8[i++] = *sComplex;
sComplex++;
}
Reported by FlawFinder.