The following issues were found
libs/qscintilla/lexers/LexHTML.cpp
2 issues
Line: 96
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
script_type segIsScriptingIndicator(Accessor &styler, Sci_PositionU start, Sci_PositionU end, script_type prevValue) {
char s[100];
GetTextSegment(styler, start, end, s, sizeof(s));
//Platform::DebugPrintf("Scripting indicator [%s]\n", s);
if (strstr(s, "src")) // External script
return eScriptNone;
if (strstr(s, "vbs"))
Reported by FlawFinder.
Line: 320
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void classifyWordHTJS(Sci_PositionU start, Sci_PositionU end,
const WordList &keywords, Accessor &styler, script_mode inScriptType) {
char s[30 + 1];
Sci_PositionU i = 0;
for (; i < end - start + 1 && i < 30; i++) {
s[i] = styler[start + i];
}
s[i] = '\0';
Reported by FlawFinder.
libs/qscintilla/Qt4Qt5/PlatQt.cpp
2 issues
Line: 972
Column: 5
CWE codes:
134
Suggestion:
Make format string constant
va_list pArguments;
va_start(pArguments, format);
vsprintf(buffer, format, pArguments);
va_end(pArguments);
DebugDisplay(buffer);
}
#else
Reported by FlawFinder.
Line: 968
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef TRACE
void Platform::DebugPrintf(const char *format, ...)
{
char buffer[2000];
va_list pArguments;
va_start(pArguments, format);
vsprintf(buffer, format, pArguments);
va_end(pArguments);
Reported by FlawFinder.
src/ExtendedTableWidget.cpp
2 issues
Line: 668
Column: 24
CWE codes:
362
{
QByteArray ba;
QBuffer buffer(&ba);
buffer.open(QIODevice::WriteOnly);
img.save(&buffer, "PNG");
buffer.close();
QString imageBase64 = ba.toBase64();
htmlResult.append("<img src=\"data:image/png;base64,");
Reported by FlawFinder.
Line: 739
Column: 16
CWE codes:
362
QImage img = qApp->clipboard()->image();
QByteArray ba;
QBuffer buffer(&ba);
buffer.open(QIODevice::WriteOnly);
img.save(&buffer, "PNG"); // We're always converting the image format to PNG here. TODO: Is that correct?
buffer.close();
m->setData(indices.first(), ba);
return;
Reported by FlawFinder.
libs/qscintilla/lexlib/PropSetSimple.cpp
2 issues
Line: 145
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ExpandAllInPlace(*this, val, 100, VarChain(key));
const int n = static_cast<int>(val.size());
if (result) {
memcpy(result, val.c_str(), n+1);
}
return n; // Not including NUL
}
int PropSetSimple::GetInt(const char *key, int defaultValue) const {
Reported by FlawFinder.
Line: 154
Column: 10
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
std::string val = Get(key);
ExpandAllInPlace(*this, val, 100, VarChain(key));
if (!val.empty()) {
return atoi(val.c_str());
}
return defaultValue;
}
Reported by FlawFinder.
libs/qscintilla/src/PositionCache.cpp
2 issues
Line: 573
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (other.positions) {
const size_t lenData = len + (len / sizeof(XYPOSITION)) + 1;
positions.reset(new XYPOSITION[lenData]);
memcpy(positions.get(), other.positions.get(), lenData * sizeof(XYPOSITION));
}
}
void PositionCacheEntry::Set(unsigned int styleNumber_, const char *s_,
unsigned int len_, XYPOSITION *positions_, unsigned int clock_) {
Reported by FlawFinder.
Line: 588
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (unsigned int i=0; i<len; i++) {
positions[i] = positions_[i];
}
memcpy(&positions[len], s_, len);
}
}
PositionCacheEntry::~PositionCacheEntry() {
Clear();
Reported by FlawFinder.
src/RemoteDock.cpp
2 issues
Line: 606
Column: 10
CWE codes:
362
// Save the downloaded data under the generated file name
QFile file(saveFileAs);
file.open(QIODevice::WriteOnly);
file.write(device->readAll());
// Set last modified data of the new file to the one provided by the server
// Before version 5.10, Qt didn't offer any option to set this attribute, so we're not setting it at the moment
#if QT_VERSION >= QT_VERSION_CHECK(5, 10, 0)
Reported by FlawFinder.
Line: 656
Column: 30
CWE codes:
362
if(QFileInfo(local_file).size() == it["size"])
{
QFile file(local_file);
if(!file.open(QFile::ReadOnly))
return;
QCryptographicHash hash(QCryptographicHash::Sha256);
hash.addData(&file);
if(hash.result().toHex().toStdString() == it["sha256"])
Reported by FlawFinder.
libs/qscintilla/src/RESearch.h
2 issues
Line: 57
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
Sci::Position bol;
Sci::Position tagstk[MAXTAG]; /* subpat tag stack */
char nfa[MAXNFA]; /* automaton */
int sta;
unsigned char bittab[BITBLK]; /* bit table for CCL pre-set bits */
int failure;
CharClassify *charClass;
bool iswordc(unsigned char x) const {
Reported by FlawFinder.
Line: 59
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
Sci::Position tagstk[MAXTAG]; /* subpat tag stack */
char nfa[MAXNFA]; /* automaton */
int sta;
unsigned char bittab[BITBLK]; /* bit table for CCL pre-set bits */
int failure;
CharClassify *charClass;
bool iswordc(unsigned char x) const {
return charClass->IsWord(x);
}
Reported by FlawFinder.
src/Settings.cpp
2 issues
Line: 240
Column: 25
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
// General/language?
if(group == "General" && name == "language")
return QLocale::system().name();
// General/appStyle
if(group == "General" && name == "appStyle")
return static_cast<int>(FollowDesktopStyle);
Reported by FlawFinder.
Line: 43
Column: 18
CWE codes:
362
QFile *file = new QFile;
file->setFileName(userSettingsFile);
if(file->open(QIODevice::ReadOnly | QIODevice::Text))
{
if(file->exists() &&
QString::compare(QString("[%General]\n"), file->readLine(), Qt::CaseInsensitive) != 0)
isNormalUserSettingsFile = false;
}
Reported by FlawFinder.
src/SqlExecutionArea.cpp
2 issues
Line: 243
Column: 7
CWE codes:
362
{
// Open file for reading
QFile f(filename);
f.open(QIODevice::ReadOnly);
if(!f.isOpen())
{
QMessageBox::warning(this, qApp->applicationName(), tr("Couldn't read file: %1.").arg(f.errorString()));
return;
}
Reported by FlawFinder.
Line: 273
Column: 7
CWE codes:
362
// Open file for writing
QFile f(filename);
f.open(QIODevice::WriteOnly);
if(!f.isOpen())
{
QMessageBox::warning(this, qApp->applicationName(), tr("Couldn't save file: %1.").arg(f.errorString()));
return;
}
Reported by FlawFinder.
src/tests/TestRowCache.cpp
1 issues
Line: 6
#include "TestRowCache.h"
#include "../RowCache.h"
QTEST_APPLESS_MAIN(TestRowCache)
TestRowCache::TestRowCache()
{
}
Reported by Cppcheck.