The following issues were found

libs/qscintilla/src/PerLine.cpp
5 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 379 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		pah->style = static_cast<short>(style);
		pah->length = static_cast<int>(strlen(text));
		pah->lines = static_cast<short>(NumberLines(text));
		memcpy(pa+sizeof(AnnotationHeader), text, pah->length);
	} else {
		if (annotations.Length() && (line >= 0) && (line < annotations.Length()) && annotations[line]) {
			annotations[line].reset();
		}
	}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 411 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              				AnnotationHeader *pahAlloc = reinterpret_cast<AnnotationHeader *>(allocation);
				pahAlloc->length = pahSource->length;
				pahAlloc->lines = pahSource->lines;
				memcpy(allocation + sizeof(AnnotationHeader), annotations[line].get() + sizeof(AnnotationHeader), pahSource->length);
				annotations[line].reset(allocation);
			}
		}
		AnnotationHeader *pah = reinterpret_cast<AnnotationHeader *>(annotations[line].get());
		pah->style = IndividualStyles;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 417 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		}
		AnnotationHeader *pah = reinterpret_cast<AnnotationHeader *>(annotations[line].get());
		pah->style = IndividualStyles;
		memcpy(annotations[line].get() + sizeof(AnnotationHeader) + pah->length, styles, pah->length);
	}
}

int LineAnnotation::Length(Sci::Line line) const {
	if (annotations.Length() && (line >= 0) && (line < annotations.Length()) && annotations[line])

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 372 Column: 63 CWE codes: 126 

              	if (text && (line >= 0)) {
		annotations.EnsureLength(line+1);
		const int style = Style(line);
		annotations[line].reset(AllocateAnnotation(static_cast<int>(strlen(text)), style));
		char *pa = annotations[line].get();
		assert(pa);
		AnnotationHeader *pah = reinterpret_cast<AnnotationHeader *>(pa);
		pah->style = static_cast<short>(style);
		pah->length = static_cast<int>(strlen(text));

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 377 Column: 34 CWE codes: 126 

              		assert(pa);
		AnnotationHeader *pah = reinterpret_cast<AnnotationHeader *>(pa);
		pah->style = static_cast<short>(style);
		pah->length = static_cast<int>(strlen(text));
		pah->lines = static_cast<short>(NumberLines(text));
		memcpy(pa+sizeof(AnnotationHeader), text, pah->length);
	} else {
		if (annotations.Length() && (line >= 0) && (line < annotations.Length()) && annotations[line]) {
			annotations[line].reset();

Reported by FlawFinder.

src/sqlitedb.cpp
4 issues
strcpy - Does not check for buffer overflows when copying to destination [MS-banned]
Security

Line: 95 Column: 10 CWE codes: 120
Suggestion: Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused) 

              
    std::string output = array.dump();
    char* output_str = new char[output.size()+1];
    std::strcpy(output_str, output.c_str());

    sqlite3_result_text(ctx, output_str, static_cast<int>(output.length()), [](void* ptr) {
        char* cptr = static_cast<char*>(ptr);
        delete cptr;
    });

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 187 Column: 19 CWE codes: 362 

                  return !savepointList.empty();
}

bool DBBrowserDB::open(const QString& db, bool readOnly)
{
    if (isOpen()) close();

    isEncrypted = false;
    disableStructureUpdateChecks = false;

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 705 Column: 16 CWE codes: 362 

                      // Close database and open it through the code for opening existing database files. This is slightly less efficient but saves us some duplicate
        // code.
        sqlite3_close(_db);
        return open(db);
    } else {
        return false;
    }
}

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 882 Column: 13 CWE codes: 362 

              
    // Open file
    QFile file(filePath);
    if(file.open(QIODevice::WriteOnly|QIODevice::Text))
    {
        QApplication::setOverrideCursor(Qt::WaitCursor);

        // Count the total number of all records in all tables for the progress dialog
        size_t numRecordsTotal = 0;

Reported by FlawFinder.

libs/qscintilla/src/ScintillaBase.cpp
4 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 446 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		if (item != -1) {
			const std::string selected = ac.GetValue(item);
			if (buffer)
				memcpy(buffer, selected.c_str(), selected.length()+1);
			return static_cast<int>(selected.length());
		}
	}
	if (buffer)
		*buffer = '\0';

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 250 Column: 22 CWE codes: 126 

              		if (list && !strchr(list, ac.GetSeparator())) {
			const char *typeSep = strchr(list, ac.GetTypesep());
			const Sci::Position lenInsert = typeSep ?
				(typeSep-list) : strlen(list);
			if (ac.ignoreCase) {
				// May need to convert the case before invocation, so remove lenEntered characters
				AutoCompleteInsert(sel.MainCaret() - lenEntered, lenEntered, list, lenInsert);
			} else {
				AutoCompleteInsert(sel.MainCaret(), 0, list + lenEntered, lenInsert - lenEntered);

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 706 Column: 35 CWE codes: 126 

              }

void LexState::PropSet(const char *key, const char *val) {
	props.Set(key, val, strlen(key), strlen(val));
	if (instance) {
		const Sci_Position firstModification = instance->PropertySet(key, val);
		if (firstModification >= 0) {
			pdoc->ModifiedAt(firstModification);
		}

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 706 Column: 22 CWE codes: 126 

              }

void LexState::PropSet(const char *key, const char *val) {
	props.Set(key, val, strlen(key), strlen(val));
	if (instance) {
		const Sci_Position firstModification = instance->PropertySet(key, val);
		if (firstModification >= 0) {
			pdoc->ModifiedAt(firstModification);
		}

Reported by FlawFinder.

libs/qscintilla/Qt4Qt5/qsciapis.cpp
4 issues
getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 962 Column: 18 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

                      return filename;

    QString pdname;
    char *qsci = getenv("QSCIDIR");

    if (qsci)
        pdname = qsci;
    else
    {

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 274 Column: 12 CWE codes: 362 

              {
    QFile f(filename);

    if (!f.open(QIODevice::ReadOnly))
        return false;

    QTextStream ts(&f);

    for (;;)

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 852 Column: 13 CWE codes: 362 

                  // Read the prepared data and decompress it.
    QFile pf(pname);

    if (!pf.open(QIODevice::ReadOnly))
        return false;

    QByteArray cpdata = pf.readAll();

    pf.close();

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 933 Column: 13 CWE codes: 362 

                  // Compress the data and write it.
    QFile pf(pname);

    if (!pf.open(QIODevice::WriteOnly|QIODevice::Truncate))
        return false;

    if (pf.write(qCompress(pdata)) < 0)
    {
        pf.close();

Reported by FlawFinder.

src/EditDialog.cpp
4 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 424 Column: 21 CWE codes: 362 

                          updateCellInfoAndMode(fileNameBa);
        } else {
            QFile file(fileName);
            if(file.open(QIODevice::ReadOnly))
            {
                QByteArray d = file.readAll();
                loadData(d);
                file.close();

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 494 Column: 17 CWE codes: 362 

                  if(fileName.size() > 0)
    {
        QFile file(fileName);
        if(file.open(QIODevice::WriteOnly))
        {
          switch (dataSource) {
          case HexBuffer:
              // Data source is the hex buffer
              // If text option has been selected, the readable representation of the content is saved to file.

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 1242 Column: 15 CWE codes: 362 

                  }
    QTemporaryFile* file = new QTemporaryFile (QDir::tempPath() + QString("/DB4S-XXXXXX") + extension);

    if(!file->open()) {
        QMessageBox::warning(this, qApp->applicationName(),
                             tr("Couldn't save file: %1.").arg(file->fileName()));
        delete file;
    } else {
        switch (dataSource) {

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 1274 Column: 52 CWE codes: 362 

                           QMessageBox::Apply | QMessageBox::Cancel);

        QFile readFile(fileName);
        if(reply == QMessageBox::Apply && readFile.open(QIODevice::ReadOnly)){
            QByteArray d = readFile.readAll();
            loadData(d);
            readFile.close();
            accept();
        }

Reported by FlawFinder.

src/Data.cpp
4 issues
system - This causes a new program to execute and is difficult to use safely
Security

Line: 176 Column: 21 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available 

              
QString isoDateTimeStringToLocalDateTimeString(const QString& date_string)
{
    return QLocale::system().toString(QDateTime::fromString(date_string, Qt::ISODate).toLocalTime(), QLocale::ShortFormat);
}

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 66 Column: 14 CWE codes: 362 

              bool isTextOnlyFile(const QString& fileName)
{
    QFile file(fileName);
    if (file.open(QFile::ReadOnly)) {
        QByteArray data = file.read(512);
        return !data.isEmpty() && isTextOnly(data);
    } else {
        return false;
    }

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 67 Column: 32 CWE codes: 120 20 

              {
    QFile file(fileName);
    if (file.open(QFile::ReadOnly)) {
        QByteArray data = file.read(512);
        return !data.isEmpty() && isTextOnly(data);
    } else {
        return false;
    }
}

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 128 Column: 48 CWE codes: 120 20 

                  QBuffer imageBuffer(const_cast<QByteArray*>(&data));
    QImageReader readerBuffer(&imageBuffer);
    QString imageFormat = readerBuffer.format();
    if(readerBuffer.canRead() && !readerBuffer.read().isNull())
        return imageFormat;
    else
        return QString();
}

Reported by FlawFinder.

libs/qscintilla/Qt4Qt5/qsciscintilla.cpp
3 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 4112 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                          buf_size *= 2;
            char *new_buf = new char[buf_size * 2];

            memcpy(new_buf, buf, data_len);
            delete[] buf;
            buf = new_buf;
        }

        part = io->read(buf + data_len, buf_size - data_len - 1);

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 4090 Column: 21 CWE codes: 120 20 

              

// Read the text from a QIODevice.
bool QsciScintilla::read(QIODevice *io)
{
    const int min_size = 1024 * 8;

    int buf_size = min_size;
    char *buf = new char[buf_size];

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 4117 Column: 20 CWE codes: 120 20 

                          buf = new_buf;
        }

        part = io->read(buf + data_len, buf_size - data_len - 1);
        data_len += part;
    }
    while (part > 0);

    if (part < 0)

Reported by FlawFinder.

libs/qscintilla/src/MarginView.cpp
3 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 377 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              							sNumber = std::to_string(lineDoc + 1);
						}
						if (model.foldFlags & (SC_FOLDFLAG_LEVELNUMBERS | SC_FOLDFLAG_LINESTATE)) {
							char number[100] = "";
							if (model.foldFlags & SC_FOLDFLAG_LEVELNUMBERS) {
								const int lev = model.pdoc->GetLevel(lineDoc);
								sprintf(number, "%c%c %03X %03X",
									(lev & SC_FOLDLEVELHEADERFLAG) ? 'H' : '_',
									(lev & SC_FOLDLEVELWHITEFLAG) ? 'W' : '_',

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 380 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              							char number[100] = "";
							if (model.foldFlags & SC_FOLDFLAG_LEVELNUMBERS) {
								const int lev = model.pdoc->GetLevel(lineDoc);
								sprintf(number, "%c%c %03X %03X",
									(lev & SC_FOLDLEVELHEADERFLAG) ? 'H' : '_',
									(lev & SC_FOLDLEVELWHITEFLAG) ? 'W' : '_',
									LevelNumber(lev),
									lev >> 16
									);

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 388 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              									);
							} else {
								const int state = model.pdoc->GetLineState(lineDoc);
								sprintf(number, "%0X", state);
							}
							sNumber = number;
						}
						PRectangle rcNumber = rcMarker;
						// Right justify

Reported by FlawFinder.

libs/qscintilla/lexers/LexSQL.cpp
3 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 462 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              		case SCE_SQL_IDENTIFIER:
			if (!IsAWordChar(sc.ch, options.sqlAllowDottedWord)) {
				int nextState = SCE_SQL_DEFAULT;
				char s[1000];
				sc.GetCurrentLowered(s, sizeof(s));
				if (keywords1.InList(s)) {
					sc.ChangeState(SCE_SQL_WORD);
				} else if (keywords2.InList(s)) {
					sc.ChangeState(SCE_SQL_WORD2);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 528 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              				sc.Forward();
				sc.ForwardSetState(SCE_SQL_DEFAULT);
			} else if (!IsADoxygenChar(sc.ch)) {
				char s[100];
				sc.GetCurrentLowered(s, sizeof(s));
				if (!isspace(sc.ch) || !kw_pldoc.InList(s + 1)) {
					sc.ChangeState(SCE_SQL_COMMENTDOCKEYWORDERROR);
				}
				sc.SetState(styleBeforeDCKeyword);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 775 Column: 4 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              		// If new keyword (cannot trigger on elseif or nullif, does less tests)
		if (style == SCE_SQL_WORD && stylePrev != SCE_SQL_WORD) {
			const int MAX_KW_LEN = 9;	// Maximum length of folding keywords
			char s[MAX_KW_LEN + 2];
			unsigned int j = 0;
			for (; j < MAX_KW_LEN + 1; j++) {
				if (!iswordchar(styler[i + j])) {
					break;
				}

Reported by FlawFinder.

libs/qscintilla/src/PositionCache.cpp
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 573 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (other.positions) {
		const size_t lenData = len + (len / sizeof(XYPOSITION)) + 1;
		positions.reset(new XYPOSITION[lenData]);
		memcpy(positions.get(), other.positions.get(), lenData * sizeof(XYPOSITION));
	}
}

void PositionCacheEntry::Set(unsigned int styleNumber_, const char *s_,
	unsigned int len_, XYPOSITION *positions_, unsigned int clock_) {

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 588 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		for (unsigned int i=0; i<len; i++) {
			positions[i] = positions_[i];
		}
		memcpy(&positions[len], s_, len);
	}
}

PositionCacheEntry::~PositionCacheEntry() {
	Clear();

Reported by FlawFinder.