Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/deepin-calculator-5.0.1/core/book.cpp
Examining data/deepin-calculator-5.0.1/core/book.h
Examining data/deepin-calculator-5.0.1/core/constants.cpp
Examining data/deepin-calculator-5.0.1/core/constants.h
Examining data/deepin-calculator-5.0.1/core/errors.h
Examining data/deepin-calculator-5.0.1/core/evaluator.cpp
Examining data/deepin-calculator-5.0.1/core/evaluator.h
Examining data/deepin-calculator-5.0.1/core/functions.cpp
Examining data/deepin-calculator-5.0.1/core/functions.h
Examining data/deepin-calculator-5.0.1/core/manualserver.cpp
Examining data/deepin-calculator-5.0.1/core/manualserver.h
Examining data/deepin-calculator-5.0.1/core/numberformatter.cpp
Examining data/deepin-calculator-5.0.1/core/numberformatter.h
Examining data/deepin-calculator-5.0.1/core/opcode.cpp
Examining data/deepin-calculator-5.0.1/core/opcode.h
Examining data/deepin-calculator-5.0.1/core/pageserver.cpp
Examining data/deepin-calculator-5.0.1/core/pageserver.h
Examining data/deepin-calculator-5.0.1/core/session.cpp
Examining data/deepin-calculator-5.0.1/core/session.h
Examining data/deepin-calculator-5.0.1/core/sessionhistory.cpp
Examining data/deepin-calculator-5.0.1/core/sessionhistory.h
Examining data/deepin-calculator-5.0.1/core/settings.cpp
Examining data/deepin-calculator-5.0.1/core/settings.h
Examining data/deepin-calculator-5.0.1/core/userfunction.cpp
Examining data/deepin-calculator-5.0.1/core/userfunction.h
Examining data/deepin-calculator-5.0.1/core/variable.cpp
Examining data/deepin-calculator-5.0.1/core/variable.h
Examining data/deepin-calculator-5.0.1/dsettings.cpp
Examining data/deepin-calculator-5.0.1/dsettings.h
Examining data/deepin-calculator-5.0.1/main.cpp
Examining data/deepin-calculator-5.0.1/mainwindow.cpp
Examining data/deepin-calculator-5.0.1/mainwindow.h
Examining data/deepin-calculator-5.0.1/math/cmath.cpp
Examining data/deepin-calculator-5.0.1/math/cmath.h
Examining data/deepin-calculator-5.0.1/math/cnumberparser.cpp
Examining data/deepin-calculator-5.0.1/math/cnumberparser.h
Examining data/deepin-calculator-5.0.1/math/floatcommon.c
Examining data/deepin-calculator-5.0.1/math/floatcommon.h
Examining data/deepin-calculator-5.0.1/math/floatconfig.h
Examining data/deepin-calculator-5.0.1/math/floatconst.c
Examining data/deepin-calculator-5.0.1/math/floatconst.h
Examining data/deepin-calculator-5.0.1/math/floatconvert.c
Examining data/deepin-calculator-5.0.1/math/floatconvert.h
Examining data/deepin-calculator-5.0.1/math/floaterf.c
Examining data/deepin-calculator-5.0.1/math/floaterf.h
Examining data/deepin-calculator-5.0.1/math/floatexp.c
Examining data/deepin-calculator-5.0.1/math/floatexp.h
Examining data/deepin-calculator-5.0.1/math/floatgamma.c
Examining data/deepin-calculator-5.0.1/math/floatgamma.h
Examining data/deepin-calculator-5.0.1/math/floathmath.c
Examining data/deepin-calculator-5.0.1/math/floathmath.h
Examining data/deepin-calculator-5.0.1/math/floatincgamma.c
Examining data/deepin-calculator-5.0.1/math/floatincgamma.h
Examining data/deepin-calculator-5.0.1/math/floatio.c
Examining data/deepin-calculator-5.0.1/math/floatio.h
Examining data/deepin-calculator-5.0.1/math/floatipower.c
Examining data/deepin-calculator-5.0.1/math/floatipower.h
Examining data/deepin-calculator-5.0.1/math/floatlog.c
Examining data/deepin-calculator-5.0.1/math/floatlog.h
Examining data/deepin-calculator-5.0.1/math/floatlogic.c
Examining data/deepin-calculator-5.0.1/math/floatlogic.h
Examining data/deepin-calculator-5.0.1/math/floatlong.c
Examining data/deepin-calculator-5.0.1/math/floatlong.h
Examining data/deepin-calculator-5.0.1/math/floatnum.c
Examining data/deepin-calculator-5.0.1/math/floatnum.h
Examining data/deepin-calculator-5.0.1/math/floatpower.c
Examining data/deepin-calculator-5.0.1/math/floatpower.h
Examining data/deepin-calculator-5.0.1/math/floatseries.c
Examining data/deepin-calculator-5.0.1/math/floatseries.h
Examining data/deepin-calculator-5.0.1/math/floattrig.c
Examining data/deepin-calculator-5.0.1/math/floattrig.h
Examining data/deepin-calculator-5.0.1/math/hmath.cpp
Examining data/deepin-calculator-5.0.1/math/hmath.h
Examining data/deepin-calculator-5.0.1/math/number.c
Examining data/deepin-calculator-5.0.1/math/number.h
Examining data/deepin-calculator-5.0.1/math/quantity.cpp
Examining data/deepin-calculator-5.0.1/math/quantity.h
Examining data/deepin-calculator-5.0.1/math/rational.cpp
Examining data/deepin-calculator-5.0.1/math/rational.h
Examining data/deepin-calculator-5.0.1/math/units.cpp
Examining data/deepin-calculator-5.0.1/math/units.h
Examining data/deepin-calculator-5.0.1/modules/basicmodule.cpp
Examining data/deepin-calculator-5.0.1/modules/basicmodule.h
Examining data/deepin-calculator-5.0.1/modules/expressionbar.cpp
Examining data/deepin-calculator-5.0.1/modules/expressionbar.h
Examining data/deepin-calculator-5.0.1/modules/simplelistdelegate.cpp
Examining data/deepin-calculator-5.0.1/modules/simplelistdelegate.h
Examining data/deepin-calculator-5.0.1/modules/simplelistmodel.cpp
Examining data/deepin-calculator-5.0.1/modules/simplelistmodel.h
Examining data/deepin-calculator-5.0.1/modules/simplelistview.cpp
Examining data/deepin-calculator-5.0.1/modules/simplelistview.h
Examining data/deepin-calculator-5.0.1/utils.cpp
Examining data/deepin-calculator-5.0.1/utils.h
Examining data/deepin-calculator-5.0.1/widgets/basickeypad.cpp
Examining data/deepin-calculator-5.0.1/widgets/basickeypad.h
Examining data/deepin-calculator-5.0.1/widgets/iconbutton.cpp
Examining data/deepin-calculator-5.0.1/widgets/iconbutton.h
Examining data/deepin-calculator-5.0.1/widgets/inputedit.cpp
Examining data/deepin-calculator-5.0.1/widgets/inputedit.h
Examining data/deepin-calculator-5.0.1/widgets/scientifickeypad.cpp
Examining data/deepin-calculator-5.0.1/widgets/scientifickeypad.h
Examining data/deepin-calculator-5.0.1/widgets/textbutton.cpp
Examining data/deepin-calculator-5.0.1/widgets/textbutton.h

FINAL RESULTS:

data/deepin-calculator-5.0.1/math/floatio.c:85:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(dest->buf, src);
data/deepin-calculator-5.0.1/math/floatio.c:894:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(buf, token);
data/deepin-calculator-5.0.1/math/floatio.c:1038:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(buf, expBuf.buf);
data/deepin-calculator-5.0.1/core/evaluator.cpp:829:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static unsigned char s_digitMap[DIGIT_MAP_COUNT] = { 0 };
data/deepin-calculator-5.0.1/core/evaluator.cpp:1212:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    debugFile.open(QIODevice::WriteOnly);
data/deepin-calculator-5.0.1/math/floatcommon.c:206:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[LOGMSB+1];
data/deepin-calculator-5.0.1/math/floatconvert.c:282:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[DECPRECISION];
data/deepin-calculator-5.0.1/math/floatio.c:546:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tmp[BITS_IN_EXP + 3];
data/deepin-calculator-5.0.1/math/floatio.c:915:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char cbuf[2];
data/deepin-calculator-5.0.1/math/floatio.c:926:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char exp[BITS_IN_BINEXP+2];
data/deepin-calculator-5.0.1/math/floatnum.c:291:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(f->value, "NaN", 4);
data/deepin-calculator-5.0.1/math/floatnum.c:611:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char b[42]; /* supports exponents encoded in up to 128 bits */
data/deepin-calculator-5.0.1/math/floatnum.c:619:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf, "NaN\0", 4);
data/deepin-calculator-5.0.1/math/floatnum.c:637:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(b, "%d", float_getexponent(f));
data/deepin-calculator-5.0.1/math/floatnum.c:659:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf+mlg+1, b, explg);
data/deepin-calculator-5.0.1/math/floatnum.c:949:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[BITS_IN_UNSIGNED/3 + 3];
data/deepin-calculator-5.0.1/math/floatnum.c:951:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(buf, "%d", value);
data/deepin-calculator-5.0.1/math/floatnum.c:999:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(mant->n_value, _valueof(source), scale+1);
data/deepin-calculator-5.0.1/math/floatnum.h:56:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char value[110];
data/deepin-calculator-5.0.1/math/hmath.cpp:741:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char intbuf[BINPRECISION+1];
data/deepin-calculator-5.0.1/math/hmath.cpp:742:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fracbuf[BINPRECISION+1];
data/deepin-calculator-5.0.1/math/number.c:931:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (result, num, size);
data/deepin-calculator-5.0.1/math/number.c:983:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy (qval->n_value, n1->n_value,
data/deepin-calculator-5.0.1/math/number.c:1006:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (num1+1, n1->n_value, n1->n_len+n1->n_scale);
data/deepin-calculator-5.0.1/math/number.c:1011:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (num2, n2->n_value, len2);
data/deepin-calculator-5.0.1/math/number.c:1464:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char digits[40];
data/deepin-calculator-5.0.1/math/number.c:1468:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (digits, "%ld", val);
data/deepin-calculator-5.0.1/math/number.c:1644:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[30];
data/deepin-calculator-5.0.1/utils.cpp:50:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (file.open(QIODevice::ReadOnly)) {
data/deepin-calculator-5.0.1/math/floatio.c:82:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if (dest->sz < (int)strlen(src) + 1)
data/deepin-calculator-5.0.1/math/floatio.c:101:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  lg = strlen(pattern);
data/deepin-calculator-5.0.1/math/floatio.c:935:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    fraclg = strlen(tokens->fracpart.buf) - 1;
data/deepin-calculator-5.0.1/math/floatio.c:995:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sz += strlen(basetag);
data/deepin-calculator-5.0.1/math/floatio.c:997:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sz += strlen(cmpltag);
data/deepin-calculator-5.0.1/math/floatio.c:1001:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sz += strlen(tokens->intpart.buf);
data/deepin-calculator-5.0.1/math/floatio.c:1013:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      sz += strlen(expbasetag);
data/deepin-calculator-5.0.1/math/floatio.c:1014:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sz += strlen(expBuf.buf);
data/deepin-calculator-5.0.1/math/floatio.c:1030:7:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
      strncat(buf, tokens->fracpart.buf, fraclg);
data/deepin-calculator-5.0.1/math/floatnum.c:638:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  explg = strlen(b);
data/deepin-calculator-5.0.1/math/floatnum.c:694:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    bufsz = strlen(buf);
data/deepin-calculator-5.0.1/math/floatnum.c:817:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    bufsz = strlen(buf);
data/deepin-calculator-5.0.1/math/number.c:1469:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen (digits);

ANALYSIS SUMMARY:

Hits = 42
Lines analyzed = 28208 in approximately 0.69 seconds (41055 lines/second)
Physical Source Lines of Code (SLOC) = 19304
Hits@level = [0]   3 [1]  13 [2]  26 [3]   0 [4]   3 [5]   0
Hits@level+ = [0+]  45 [1+]  42 [2+]  29 [3+]   3 [4+]   3 [5+]   0
Hits/KSLOC@level+ = [0+] 2.33112 [1+] 2.17571 [2+] 1.50228 [3+] 0.155408 [4+] 0.155408 [5+]   0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.