Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/jag-0.3.8/src/baseitem.cpp Examining data/jag-0.3.8/src/baseitem.h Examining data/jag-0.3.8/src/bighammertool.cpp Examining data/jag-0.3.8/src/bighammertool.h Examining data/jag-0.3.8/src/bombtool.cpp Examining data/jag-0.3.8/src/bombtool.h Examining data/jag-0.3.8/src/clocktool.cpp Examining data/jag-0.3.8/src/clocktool.h Examining data/jag-0.3.8/src/consttools.cpp Examining data/jag-0.3.8/src/consttools.h Examining data/jag-0.3.8/src/defines.h Examining data/jag-0.3.8/src/displaywrapper.cpp Examining data/jag-0.3.8/src/displaywrapper.h Examining data/jag-0.3.8/src/editor/defines.h Examining data/jag-0.3.8/src/editor/levelpack.cpp Examining data/jag-0.3.8/src/editor/levelpack.h Examining data/jag-0.3.8/src/editor/levelwidget.cpp Examining data/jag-0.3.8/src/editor/levelwidget.h Examining data/jag-0.3.8/src/editor/main.cpp Examining data/jag-0.3.8/src/editor/mainwindow.cpp Examining data/jag-0.3.8/src/editor/mainwindow.h Examining data/jag-0.3.8/src/gamebackground.cpp Examining data/jag-0.3.8/src/gamebackground.h Examining data/jag-0.3.8/src/gamebonus.cpp Examining data/jag-0.3.8/src/gamebonus.h Examining data/jag-0.3.8/src/gamecontrol.cpp Examining data/jag-0.3.8/src/gameitem.cpp Examining data/jag-0.3.8/src/gameitem.h Examining data/jag-0.3.8/src/gamemenu.cpp Examining data/jag-0.3.8/src/gamemenu.h Examining data/jag-0.3.8/src/gamepaint.cpp Examining data/jag-0.3.8/src/gameprofile.cpp Examining data/jag-0.3.8/src/gameprofile.h Examining data/jag-0.3.8/src/gamescene.cpp Examining data/jag-0.3.8/src/gamescene.h Examining data/jag-0.3.8/src/gamesound.cpp Examining data/jag-0.3.8/src/gamesound.h Examining data/jag-0.3.8/src/gamestat.cpp Examining data/jag-0.3.8/src/gamestat.h Examining data/jag-0.3.8/src/gamestatics.cpp Examining data/jag-0.3.8/src/gamestock.cpp Examining data/jag-0.3.8/src/gamestock.h Examining data/jag-0.3.8/src/gametools.cpp Examining data/jag-0.3.8/src/gametools.h Examining data/jag-0.3.8/src/gamewidget.cpp Examining data/jag-0.3.8/src/gamewidget.h Examining data/jag-0.3.8/src/gamexml.cpp Examining data/jag-0.3.8/src/hammertool.cpp Examining data/jag-0.3.8/src/hammertool.h Examining data/jag-0.3.8/src/main.cpp Examining data/jag-0.3.8/src/menucontrol.cpp Examining data/jag-0.3.8/src/mixertool.cpp Examining data/jag-0.3.8/src/mixertool.h Examining data/jag-0.3.8/src/randomkilltool.cpp Examining data/jag-0.3.8/src/randomkilltool.h Examining data/jag-0.3.8/src/scaler.cpp Examining data/jag-0.3.8/src/scaler.h Examining data/jag-0.3.8/src/scene_if.h Examining data/jag-0.3.8/src/smallhammertool.cpp Examining data/jag-0.3.8/src/smallhammertool.h Examining data/jag-0.3.8/src/thundertool.cpp Examining data/jag-0.3.8/src/thundertool.h Examining data/jag-0.3.8/src/twintool.cpp Examining data/jag-0.3.8/src/twintool.h Examining data/jag-0.3.8/src/unblocktool.cpp Examining data/jag-0.3.8/src/unblocktool.h Examining data/jag-0.3.8/src/version.h FINAL RESULTS: data/jag-0.3.8/src/displaywrapper.cpp:236:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!xconf.open(QFile::ReadOnly)) data/jag-0.3.8/src/editor/mainwindow.cpp:224:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (f.open(QIODevice::WriteOnly)) { data/jag-0.3.8/src/editor/mainwindow.cpp:259:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (flevel.open(QIODevice::ReadOnly)) { data/jag-0.3.8/src/editor/mainwindow.cpp:302:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (f.open(QIODevice::ReadOnly)) { data/jag-0.3.8/src/editor/mainwindow.cpp:354:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (flevel.open(QIODevice::WriteOnly)) { data/jag-0.3.8/src/editor/mainwindow.cpp:906:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (f.open(QIODevice::ReadOnly)) { data/jag-0.3.8/src/editor/mainwindow.cpp:926:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (f.open(QIODevice::WriteOnly)) { data/jag-0.3.8/src/editor/mainwindow.cpp:937:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (f.open(QIODevice::WriteOnly)) { data/jag-0.3.8/src/editor/mainwindow.cpp:970:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (f.open(QIODevice::ReadOnly)) { data/jag-0.3.8/src/gamemenu.cpp:60:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (f.open(QIODevice::ReadOnly)) { data/jag-0.3.8/src/gamemenu.cpp:78:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fhelp.open(QIODevice::ReadOnly)) { data/jag-0.3.8/src/gamemenu.cpp:81:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fhelp.open(QIODevice::ReadOnly); data/jag-0.3.8/src/gameprofile.cpp:192:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (f.open(QIODevice::ReadOnly)) data/jag-0.3.8/src/gameprofile.cpp:292:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (f.open(QIODevice::ReadOnly)) { data/jag-0.3.8/src/gameprofile.cpp:319:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (f.open(QIODevice::ReadOnly)) { data/jag-0.3.8/src/gamescene.cpp:340:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (f.open(QIODevice::ReadOnly)) { data/jag-0.3.8/src/gamexml.cpp:35:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::WriteOnly | QFile::Text)) data/jag-0.3.8/src/gamexml.cpp:118:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::ReadOnly | QFile::Text)) data/jag-0.3.8/src/menucontrol.cpp:229:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::ReadOnly | QFile::Text)) data/jag-0.3.8/src/menucontrol.cpp:556:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::ReadOnly | QFile::Text)) data/jag-0.3.8/src/editor/mainwindow.cpp:332:46: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QByteArray ba = ds.device()->read(size); data/jag-0.3.8/src/gamescene.cpp:373:42: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QByteArray ba = ds.device()->read(size); ANALYSIS SUMMARY: Hits = 22 Lines analyzed = 11640 in approximately 0.35 seconds (33690 lines/second) Physical Source Lines of Code (SLOC) = 7440 Hits@level = [0] 0 [1] 2 [2] 20 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 22 [1+] 22 [2+] 20 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 2.95699 [1+] 2.95699 [2+] 2.68817 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.