Codekhana

libs/qscintilla/src/UniqueString.h

1 issues

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)

Security

Line: 22 Column: 21 CWE codes: 126

              	if (!text) {
		return UniqueString();
	}
	const size_t len = strlen(text);
	char *sNew = new char[len + 1];
	std::copy(text, text + len + 1, sNew);
	return UniqueString(sNew);
}

Reported by FlawFinder.

libs/qscintilla/src/ViewStyle.cpp

1 issues

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 368 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              
	controlCharWidth = 0.0;
	if (controlCharSymbol >= 32) {
		const char cc[2] = { static_cast<char>(controlCharSymbol), '\0' };
		controlCharWidth = surface.WidthText(styles[STYLE_CONTROLCHAR].font, cc, 1);
	}

	CalculateMarginWidthAndMask();
	textStart = marginInside ? fixedColumnWidth : leftMarginWidth;

Reported by FlawFinder.

libs/qscintilla/Qt4Qt5/ScintillaQt.cpp

1 issues

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 416 Column: 17 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                          if (scn.text && (scn.modificationType & (SC_MOD_INSERTTEXT|SC_MOD_DELETETEXT)) != 0)
            {
                text = new char[scn.length + 1];
                memcpy(text, scn.text, scn.length);
                text[scn.length] = '\0';
            }
            else
            {
                text = 0;

Reported by FlawFinder.

src/Application.cpp

1 issues

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?

Security

Line: 302 Column: 25 CWE codes: 362

                          for(const QString& f : sqlToExecute)
            {
                QFile file(f);
                if(file.open(QIODevice::ReadOnly))
                {
                    m_mainWindow->getDb().executeMultiSQL(file.readAll(), false, true);
                    file.close();
                }
            }

Reported by FlawFinder.

src/ExtendedScintilla.cpp

1 issues

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?

Security

Line: 110 Column: 7 CWE codes: 362

                      return;

    QFile f(file);
    f.open(QIODevice::ReadOnly);
    setText(f.readAll());
    f.close();
}

void ExtendedScintilla::setupSyntaxHighlightingFormat(QsciLexer* lexer, const std::string& settings_name, int style)

Reported by FlawFinder.

libs/qscintilla/Qt4Qt5/SciAccessibility.cpp

1 issues

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 677 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              QFont QsciAccessibleScintillaBase::fontForStyle(int style) const
{
    QsciScintillaBase *sb = sciWidget();
    char fontName[64];
    int len = sb->SendScintilla(QsciScintillaBase::SCI_STYLEGETFONT, style,
            fontName);
    int size = sb->SendScintilla(QsciScintillaBase::SCI_STYLEGETSIZE, style);
    bool italic = sb->SendScintilla(QsciScintillaBase::SCI_STYLEGETITALIC,
            style);

Reported by FlawFinder.

src/PreferencesDialog.cpp

1 issues

system - This causes a new program to execute and is difficult to use safely

Security

Line: 435 Column: 37 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available

                  QDir translationsDir(QCoreApplication::applicationDirPath() + "/translations",
                         "sqlb_*.qm");

    QLocale systemLocale = QLocale::system();

    // Add default language
    if (systemLocale.name() == "en_US")
    {
        ui->languageComboBox->addItem(QIcon(":/flags/en_US"),

Reported by FlawFinder.

src/RemoteLocalFilesModel.cpp

1 issues

system - This causes a new program to execute and is difficult to use safely

Security

Line: 79 Column: 57 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available

                      file_node->setText(ColumnName, QString::fromStdString(file.name));
        file_node->setIcon(ColumnName, QIcon(":/icons/database"));
        file_node->setText(ColumnBranch, QString::fromStdString(file.branch));
        file_node->setText(ColumnLastModified, QLocale::system().toString(QFileInfo(file_info).lastModified().toLocalTime(), QLocale::ShortFormat));
        file_node->setText(ColumnSize, humanReadableSize(static_cast<unsigned long>(file_info.size())));
        file_node->setText(ColumnCommit, QString::fromStdString(file.commit_id));
        file_node->setText(ColumnFile, QString::fromStdString(file.file));
    }

Reported by FlawFinder.

libs/qscintilla/Qt4Qt5/InputMethod.cpp

1 issues

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 238 Column: 13 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              
        case Qt::ImFont:
        {
            char fontName[64];
            int style = SendScintilla(SCI_GETSTYLEAT, pos);
            int len = SendScintilla(SCI_STYLEGETFONT, style, (sptr_t)fontName);
            int size = SendScintilla(SCI_STYLEGETSIZE, style);
            bool italic = SendScintilla(SCI_STYLEGETITALIC, style);
            int weight = SendScintilla(SCI_STYLEGETBOLD, style) ? QFont::Bold : -1;

Reported by FlawFinder.

libs/qscintilla/Qt4Qt5/Qsci/qsciscintilla.h

1 issues

read - Check buffer boundaries if used in a loop including recursive loops

Security

Line: 1140 Column: 10 CWE codes: 120 20

                  //! there was no error.
    //!
    //! \sa write()
    bool read(QIODevice *io);

    //! Recolours the document between the \a start and \a end positions.
    //! \a start defaults to the start of the document and \a end defaults to
    //! the end of the document.
    virtual void recolor(int start = 0, int end = -1);

Reported by FlawFinder.

Modal title

The following issues were found

libs/qscintilla/src/UniqueString.h

1 issues

libs/qscintilla/src/ViewStyle.cpp

1 issues

libs/qscintilla/Qt4Qt5/ScintillaQt.cpp

1 issues

src/Application.cpp

1 issues

src/ExtendedScintilla.cpp

1 issues

libs/qscintilla/Qt4Qt5/SciAccessibility.cpp

1 issues

src/PreferencesDialog.cpp

1 issues

src/RemoteLocalFilesModel.cpp

1 issues

libs/qscintilla/Qt4Qt5/InputMethod.cpp

1 issues

libs/qscintilla/Qt4Qt5/Qsci/qsciscintilla.h

1 issues