Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/kmix-20.08.2/plasma/engine/mixerservice.h Examining data/kmix-20.08.2/plasma/engine/mixerservice.cpp Examining data/kmix-20.08.2/plasma/engine/mixerengine.h Examining data/kmix-20.08.2/plasma/engine/mixerengine.cpp Examining data/kmix-20.08.2/apps/KMixApp.cpp Examining data/kmix-20.08.2/apps/KMixApp.h Examining data/kmix-20.08.2/apps/kmixd.cpp Examining data/kmix-20.08.2/apps/kmixctrl.cpp Examining data/kmix-20.08.2/apps/kmix.cpp Examining data/kmix-20.08.2/apps/kmix.h Examining data/kmix-20.08.2/apps/kmixd.h Examining data/kmix-20.08.2/apps/main.cpp Examining data/kmix-20.08.2/tests/profiletest.cpp Examining data/kmix-20.08.2/backends/mixer_mpris2.h Examining data/kmix-20.08.2/backends/mixer_sun.h Examining data/kmix-20.08.2/backends/mixer_oss.cpp Examining data/kmix-20.08.2/backends/mixer_backend_i18n.cpp Examining data/kmix-20.08.2/backends/mixer_alsa.h Examining data/kmix-20.08.2/backends/mixer_pulse.cpp Examining data/kmix-20.08.2/backends/mixer_oss4.cpp Examining data/kmix-20.08.2/backends/qtpamainloop.h Examining data/kmix-20.08.2/backends/kmix-backends.cpp Examining data/kmix-20.08.2/backends/mixer_pulse.h Examining data/kmix-20.08.2/backends/mixer_backend.cpp Examining data/kmix-20.08.2/backends/mixer_oss4.h Examining data/kmix-20.08.2/backends/mixer_alsa9.cpp Examining data/kmix-20.08.2/backends/mixer_mpris2.cpp Examining data/kmix-20.08.2/backends/mixer_oss.h Examining data/kmix-20.08.2/backends/mixer_backend.h Examining data/kmix-20.08.2/backends/mixer_sun.cpp Examining data/kmix-20.08.2/dbus/dbuscontrolwrapper.h Examining data/kmix-20.08.2/dbus/dbusmixsetwrapper.cpp Examining data/kmix-20.08.2/dbus/dbuscontrolwrapper.cpp Examining data/kmix-20.08.2/dbus/dbusmixerwrapper.cpp Examining data/kmix-20.08.2/dbus/dbusmixerwrapper.h Examining data/kmix-20.08.2/dbus/dbusmixsetwrapper.h Examining data/kmix-20.08.2/core/ControlPool.h Examining data/kmix-20.08.2/core/ControlPool.cpp Examining data/kmix-20.08.2/core/mixset.h Examining data/kmix-20.08.2/core/mixset.cpp Examining data/kmix-20.08.2/core/kmixdevicemanager.cpp Examining data/kmix-20.08.2/core/GlobalConfig.cpp Examining data/kmix-20.08.2/core/MasterControl.cpp Examining data/kmix-20.08.2/core/ControlManager.h Examining data/kmix-20.08.2/core/mixertoolbox.cpp Examining data/kmix-20.08.2/core/mixdevice.h Examining data/kmix-20.08.2/core/kmixdevicemanager.h Examining data/kmix-20.08.2/core/volume.h Examining data/kmix-20.08.2/core/MediaController.h Examining data/kmix-20.08.2/core/mixertoolbox.h Examining data/kmix-20.08.2/core/mixer.h Examining data/kmix-20.08.2/core/MasterControl.h Examining data/kmix-20.08.2/core/mixdevice.cpp Examining data/kmix-20.08.2/core/volume.cpp Examining data/kmix-20.08.2/core/GlobalConfig.h Examining data/kmix-20.08.2/core/ControlManager.cpp Examining data/kmix-20.08.2/core/version.h Examining data/kmix-20.08.2/core/mixdevicecomposite.cpp Examining data/kmix-20.08.2/core/mixdevicecomposite.h Examining data/kmix-20.08.2/core/MediaController.cpp Examining data/kmix-20.08.2/core/mixer.cpp Examining data/kmix-20.08.2/gui/dialogselectmaster.cpp Examining data/kmix-20.08.2/gui/mdwenum.h Examining data/kmix-20.08.2/gui/ksmallslider.cpp Examining data/kmix-20.08.2/gui/mdwenum.cpp Examining data/kmix-20.08.2/gui/dialogviewconfiguration.cpp Examining data/kmix-20.08.2/gui/viewbase.h Examining data/kmix-20.08.2/gui/dialogaddview.cpp Examining data/kmix-20.08.2/gui/volumesliderextradata.h Examining data/kmix-20.08.2/gui/dialogaddview.h Examining data/kmix-20.08.2/gui/volumeslider.cpp Examining data/kmix-20.08.2/gui/guiprofile.h Examining data/kmix-20.08.2/gui/kmixdockwidget.cpp Examining data/kmix-20.08.2/gui/kmixerwidget.h Examining data/kmix-20.08.2/gui/kmixprefdlg.cpp Examining data/kmix-20.08.2/gui/kmixerwidget.cpp Examining data/kmix-20.08.2/gui/dialogbase.cpp Examining data/kmix-20.08.2/gui/kmixtoolbox.h Examining data/kmix-20.08.2/gui/dialogstatesaver.h Examining data/kmix-20.08.2/gui/toggletoolbutton.cpp Examining data/kmix-20.08.2/gui/viewdockareapopup.h Examining data/kmix-20.08.2/gui/dialogchoosebackends.cpp Examining data/kmix-20.08.2/gui/dialogchoosebackends.h Examining data/kmix-20.08.2/gui/verticaltext.cpp Examining data/kmix-20.08.2/gui/dialogviewconfiguration.h Examining data/kmix-20.08.2/gui/dialogstatesaver.cpp Examining data/kmix-20.08.2/gui/viewsliders.h Examining data/kmix-20.08.2/gui/osdwidget.cpp Examining data/kmix-20.08.2/gui/mdwslider.h Examining data/kmix-20.08.2/gui/mdwswitch.cpp Examining data/kmix-20.08.2/gui/toggletoolbutton.h Examining data/kmix-20.08.2/gui/dialogselectmaster.h Examining data/kmix-20.08.2/gui/mixdevicewidget.cpp Examining data/kmix-20.08.2/gui/volumeslider.h Examining data/kmix-20.08.2/gui/dialogbase.h Examining data/kmix-20.08.2/gui/verticaltext.h Examining data/kmix-20.08.2/gui/viewdockareapopup.cpp Examining data/kmix-20.08.2/gui/guiprofile.cpp Examining data/kmix-20.08.2/gui/kmixdockwidget.h Examining data/kmix-20.08.2/gui/mdwswitch.h Examining data/kmix-20.08.2/gui/viewsliders.cpp Examining data/kmix-20.08.2/gui/mixdevicewidget.h Examining data/kmix-20.08.2/gui/viewbase.cpp Examining data/kmix-20.08.2/gui/osdwidget.h Examining data/kmix-20.08.2/gui/mdwslider.cpp Examining data/kmix-20.08.2/gui/kmixprefdlg.h Examining data/kmix-20.08.2/gui/kmixtoolbox.cpp Examining data/kmix-20.08.2/gui/ksmallslider.h FINAL RESULTS: data/kmix-20.08.2/backends/mixer_alsa.h:55:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int open() override; data/kmix-20.08.2/backends/mixer_alsa9.cpp:114:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int Mixer_ALSA::open() data/kmix-20.08.2/backends/mixer_alsa9.cpp:446:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[100]; data/kmix-20.08.2/backends/mixer_backend.cpp:88:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). const int ret = open(); data/kmix-20.08.2/backends/mixer_backend.h:51:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual int open() = 0; data/kmix-20.08.2/backends/mixer_mpris2.cpp:47:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int Mixer_MPRIS2::open() data/kmix-20.08.2/backends/mixer_mpris2.h:121:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int open() override; data/kmix-20.08.2/backends/mixer_oss.cpp:105:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int Mixer_OSS::open() data/kmix-20.08.2/backends/mixer_oss.h:43:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int open() override; data/kmix-20.08.2/backends/mixer_oss4.cpp:184:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int Mixer_OSS4::open() data/kmix-20.08.2/backends/mixer_oss4.h:49:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void reinitialize() { open(); close(); } data/kmix-20.08.2/backends/mixer_oss4.h:50:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual int open(); data/kmix-20.08.2/backends/mixer_pulse.cpp:1082:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int Mixer_PULSE::open() data/kmix-20.08.2/backends/mixer_pulse.h:77:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int open() override; data/kmix-20.08.2/backends/mixer_sun.cpp:150:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int Mixer_SUN::open() data/kmix-20.08.2/backends/mixer_sun.h:43:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual int open(); data/kmix-20.08.2/gui/guiprofile.cpp:385:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QIODevice::WriteOnly|QFile::Truncate)) data/kmix-20.08.2/core/mixdevice.cpp:337:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool MixDevice::read(const KConfig *config, const QString &grp) data/kmix-20.08.2/core/mixdevice.h:216:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(const KConfig *config, const QString &grp); data/kmix-20.08.2/core/mixer.cpp:225:39: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ( ! _mixerBackend->m_mixDevices.read( config, grp ) ) { data/kmix-20.08.2/core/mixset.cpp:41:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool MixSet::read( KConfig *config, const QString& grp ) data/kmix-20.08.2/core/mixset.cpp:50:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ( md->read( config, grp ) ) data/kmix-20.08.2/core/mixset.h:34:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read( KConfig *config, const QString& grp ); ANALYSIS SUMMARY: Hits = 23 Lines analyzed = 24141 in approximately 1.55 seconds (15536 lines/second) Physical Source Lines of Code (SLOC) = 14719 Hits@level = [0] 0 [1] 6 [2] 17 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 23 [1+] 23 [2+] 17 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.56261 [1+] 1.56261 [2+] 1.15497 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.