Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/equalx-0.7.1/include/BookmarksPanel/DialogPreferencesBookmark.h
Examining data/equalx-0.7.1/include/BookmarksPanel/BookmarkItem.h
Examining data/equalx-0.7.1/include/BookmarksPanel/BookmarksWidget.h
Examining data/equalx-0.7.1/include/BookmarksPanel/DialogPreferencesFolder.h
Examining data/equalx-0.7.1/include/BookmarksPanel/BookmarksView.h
Examining data/equalx-0.7.1/include/BookmarksPanel/BookmarksViewItemDelegate.h
Examining data/equalx-0.7.1/include/BookmarksPanel/BookmarksItemModel.h
Examining data/equalx-0.7.1/include/FileInfo.h
Examining data/equalx-0.7.1/include/DialogAbout.h
Examining data/equalx-0.7.1/include/LatexHighlighter.h
Examining data/equalx-0.7.1/include/equationimage.h
Examining data/equalx-0.7.1/include/File.h
Examining data/equalx-0.7.1/include/EquationArea.h
Examining data/equalx-0.7.1/include/EquationTemplateWidget.h
Examining data/equalx-0.7.1/include/SearchLineEdit.h
Examining data/equalx-0.7.1/include/HLSelections.h
Examining data/equalx-0.7.1/include/RenderEngine.h
Examining data/equalx-0.7.1/include/LatexEditor.h
Examining data/equalx-0.7.1/include/ColorChooser.h
Examining data/equalx-0.7.1/include/SymbolsGroupMenu.h
Examining data/equalx-0.7.1/include/MainWindow.h
Examining data/equalx-0.7.1/include/Library/Library.h
Examining data/equalx-0.7.1/include/Library/LibraryData.h
Examining data/equalx-0.7.1/include/DialogPreferences.h
Examining data/equalx-0.7.1/include/HistoryPanel/HistoryListModel.h
Examining data/equalx-0.7.1/include/HistoryPanel/HistoryView.h
Examining data/equalx-0.7.1/include/HistoryPanel/HistoryWidget.h
Examining data/equalx-0.7.1/include/HistoryPanel/HistoryViewItemDelegate.h
Examining data/equalx-0.7.1/include/SymbolsGroupWidget.h
Examining data/equalx-0.7.1/include/WidgetColorPicker.h
Examining data/equalx-0.7.1/include/Util.h
Examining data/equalx-0.7.1/include/Symbol.h
Examining data/equalx-0.7.1/include/SymbolsPanel.h
Examining data/equalx-0.7.1/include/WidgetFind.h
Examining data/equalx-0.7.1/include/DialogReplace.h
Examining data/equalx-0.7.1/include/defines.h
Examining data/equalx-0.7.1/include/EquationView.h
Examining data/equalx-0.7.1/src/EquationTemplateWidget.cpp
Examining data/equalx-0.7.1/src/EquationView.cpp
Examining data/equalx-0.7.1/src/File.cpp
Examining data/equalx-0.7.1/src/DialogAbout.cpp
Examining data/equalx-0.7.1/src/WidgetFind.cpp
Examining data/equalx-0.7.1/src/BookmarksPanel/BookmarksView.cpp
Examining data/equalx-0.7.1/src/BookmarksPanel/BookmarksViewItemDelegate.cpp
Examining data/equalx-0.7.1/src/BookmarksPanel/BookmarksWidget.cpp
Examining data/equalx-0.7.1/src/BookmarksPanel/DialogPreferencesFolder.cpp
Examining data/equalx-0.7.1/src/BookmarksPanel/DialogPreferencesBookmark.cpp
Examining data/equalx-0.7.1/src/BookmarksPanel/BookmarksItemModel.cpp
Examining data/equalx-0.7.1/src/BookmarksPanel/BookmarkItem.cpp
Examining data/equalx-0.7.1/src/MainWindow.cpp
Examining data/equalx-0.7.1/src/ColorChooser.cpp
Examining data/equalx-0.7.1/src/LatexEditor.cpp
Examining data/equalx-0.7.1/src/Library/LibraryData.cpp
Examining data/equalx-0.7.1/src/Library/Library.cpp
Examining data/equalx-0.7.1/src/equationimage.cpp
Examining data/equalx-0.7.1/src/HistoryPanel/HistoryWidget.cpp
Examining data/equalx-0.7.1/src/HistoryPanel/HistoryView.cpp
Examining data/equalx-0.7.1/src/HistoryPanel/HistoryViewItemDelegate.cpp
Examining data/equalx-0.7.1/src/HistoryPanel/HistoryListModel.cpp
Examining data/equalx-0.7.1/src/main.cpp
Examining data/equalx-0.7.1/src/WidgetColorPicker.cpp
Examining data/equalx-0.7.1/src/SymbolsPanel.cpp
Examining data/equalx-0.7.1/src/FileWin.cpp
Examining data/equalx-0.7.1/src/Symbol.cpp
Examining data/equalx-0.7.1/src/Util.cpp
Examining data/equalx-0.7.1/src/FileInfo.cpp
Examining data/equalx-0.7.1/src/SymbolsGroupMenu.cpp
Examining data/equalx-0.7.1/src/EquationArea.cpp
Examining data/equalx-0.7.1/src/RenderEngine.cpp
Examining data/equalx-0.7.1/src/SymbolsGroupWidget.cpp
Examining data/equalx-0.7.1/src/DialogReplace.cpp
Examining data/equalx-0.7.1/src/LatexHighlighter.cpp
Examining data/equalx-0.7.1/src/SearchLineEdit.cpp
Examining data/equalx-0.7.1/src/DialogPreferences.cpp
FINAL RESULTS:
data/equalx-0.7.1/include/File.h:51:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const QString& filename, EqualX::File::OpenModes mode=EqualX::File::OPEN_UPDATE);
data/equalx-0.7.1/include/MainWindow.h:105:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open();
data/equalx-0.7.1/src/DialogAbout.cpp:63:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly | QIODevice::Text)){
data/equalx-0.7.1/src/DialogAbout.cpp:83:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly | QIODevice::Text)){
data/equalx-0.7.1/src/File.cpp:178:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void EqualX::File::open(const QString &filename, EqualX::File::OpenModes mode)
data/equalx-0.7.1/src/File.cpp:295:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::ReadWrite | QIODevice::Text);
data/equalx-0.7.1/src/File.cpp:323:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in.open(QIODevice::ReadOnly); out.open(QIODevice::WriteOnly);
data/equalx-0.7.1/src/File.cpp:323:43: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in.open(QIODevice::ReadOnly); out.open(QIODevice::WriteOnly);
data/equalx-0.7.1/src/File.cpp:469:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
texFile.open(QIODevice::WriteOnly | QIODevice::Text);
data/equalx-0.7.1/src/File.cpp:487:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpTexFile.open(QIODevice::WriteOnly | QIODevice::Text);
data/equalx-0.7.1/src/File.cpp:503:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
metadatafile.open(QIODevice::WriteOnly | QIODevice::Text);
data/equalx-0.7.1/src/File.cpp:529:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f.open(filename, mode);
data/equalx-0.7.1/src/FileWin.cpp:182:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void EqualX::File::open(const QString &filename, EqualX::File::OpenModes mode)
data/equalx-0.7.1/src/FileWin.cpp:301:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::ReadWrite | QIODevice::Text);
data/equalx-0.7.1/src/FileWin.cpp:334:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in.open(QIODevice::ReadOnly); out.open(QIODevice::WriteOnly);
data/equalx-0.7.1/src/FileWin.cpp:334:43: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in.open(QIODevice::ReadOnly); out.open(QIODevice::WriteOnly);
data/equalx-0.7.1/src/FileWin.cpp:480:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
texFile.open(QIODevice::WriteOnly | QIODevice::Text);
data/equalx-0.7.1/src/FileWin.cpp:498:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpTexFile.open(QIODevice::WriteOnly | QIODevice::Text);
data/equalx-0.7.1/src/FileWin.cpp:515:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
metadatafile.open(QIODevice::WriteOnly | QIODevice::Text);
data/equalx-0.7.1/src/FileWin.cpp:539:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f.open(filename, mode);
data/equalx-0.7.1/src/LatexEditor.cpp:112:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file.open(QFile::ReadOnly) )
data/equalx-0.7.1/src/Library/Library.cpp:95:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!mDB.open())
data/equalx-0.7.1/src/Library/Library.cpp:138:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mDB.open();
data/equalx-0.7.1/src/Library/Library.cpp:142:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::ReadOnly);
data/equalx-0.7.1/src/Library/Library.cpp:144:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/equalx-0.7.1/src/MainWindow.cpp:420:61: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
connect(ui->actionOpen, SIGNAL(triggered()), this, SLOT(open()) );
data/equalx-0.7.1/src/MainWindow.cpp:566:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f.open(QIODevice::ReadOnly);
data/equalx-0.7.1/src/MainWindow.cpp:579:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void MainWindow::open()
data/equalx-0.7.1/src/RenderEngine.cpp:232:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mFile.open(TEMP_FILE_NAME"."+filetype);
data/equalx-0.7.1/src/RenderEngine.cpp:432:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mFile.open(filename);
data/equalx-0.7.1/src/main.cpp:30:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(file.open(QIODevice::ReadOnly | QIODevice::Text))
data/equalx-0.7.1/include/File.h:54:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(); // read metadata from the current file and set FileInfo and Metadata
data/equalx-0.7.1/src/File.cpp:214:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool EqualX::File::read()
data/equalx-0.7.1/src/File.cpp:530:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool readStatus = f.read();
data/equalx-0.7.1/src/FileWin.cpp:226:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool EqualX::File::read()
data/equalx-0.7.1/src/FileWin.cpp:540:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool readStatus = f.read();
ANALYSIS SUMMARY:
Hits = 36
Lines analyzed = 11414 in approximately 0.32 seconds (35280 lines/second)
Physical Source Lines of Code (SLOC) = 7217
Hits@level = [0] 0 [1] 5 [2] 31 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 36 [1+] 36 [2+] 31 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 4.98822 [1+] 4.98822 [2+] 4.29541 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.