Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/knowthelist-2.3.1/gst/directsound/gstdirectsoundplugin.c Examining data/knowthelist-2.3.1/gst/directsound/gstdirectsoundsink.c Examining data/knowthelist-2.3.1/gst/directsound/gstdirectsoundsink.h Examining data/knowthelist-2.3.1/src/collectiondb.cpp Examining data/knowthelist-2.3.1/src/collectiondb.h Examining data/knowthelist-2.3.1/src/collectionsetupmodel.cpp Examining data/knowthelist-2.3.1/src/collectionsetupmodel.h Examining data/knowthelist-2.3.1/src/collectiontree.cpp Examining data/knowthelist-2.3.1/src/collectiontree.h Examining data/knowthelist-2.3.1/src/collectiontreeitem.cpp Examining data/knowthelist-2.3.1/src/collectiontreeitem.h Examining data/knowthelist-2.3.1/src/collectionupdater.cpp Examining data/knowthelist-2.3.1/src/collectionupdater.h Examining data/knowthelist-2.3.1/src/collectionwidget.cpp Examining data/knowthelist-2.3.1/src/collectionwidget.h Examining data/knowthelist-2.3.1/src/customdial.cpp Examining data/knowthelist-2.3.1/src/customdial.h Examining data/knowthelist-2.3.1/src/dj.cpp Examining data/knowthelist-2.3.1/src/dj.h Examining data/knowthelist-2.3.1/src/djbrowser.cpp Examining data/knowthelist-2.3.1/src/djbrowser.h Examining data/knowthelist-2.3.1/src/djfilterwidget.cpp Examining data/knowthelist-2.3.1/src/djfilterwidget.h Examining data/knowthelist-2.3.1/src/djsession.cpp Examining data/knowthelist-2.3.1/src/djsession.h Examining data/knowthelist-2.3.1/src/djsettings.cpp Examining data/knowthelist-2.3.1/src/djsettings.h Examining data/knowthelist-2.3.1/src/djwidget.cpp Examining data/knowthelist-2.3.1/src/djwidget.h Examining data/knowthelist-2.3.1/src/fancytabwidget.cpp Examining data/knowthelist-2.3.1/src/fancytabwidget.h Examining data/knowthelist-2.3.1/src/filebrowser.cpp Examining data/knowthelist-2.3.1/src/filebrowser.h Examining data/knowthelist-2.3.1/src/filter.cpp Examining data/knowthelist-2.3.1/src/filter.h Examining data/knowthelist-2.3.1/src/knowthelist.cpp Examining data/knowthelist-2.3.1/src/knowthelist.h Examining data/knowthelist-2.3.1/src/main.cpp Examining data/knowthelist-2.3.1/src/modeselector.cpp Examining data/knowthelist-2.3.1/src/modeselector.h Examining data/knowthelist-2.3.1/src/monitorplayer.cpp Examining data/knowthelist-2.3.1/src/monitorplayer.h Examining data/knowthelist-2.3.1/src/player.cpp Examining data/knowthelist-2.3.1/src/player.h Examining data/knowthelist-2.3.1/src/playerwidget.cpp Examining data/knowthelist-2.3.1/src/playerwidget.h Examining data/knowthelist-2.3.1/src/playlist.cpp Examining data/knowthelist-2.3.1/src/playlist.h Examining data/knowthelist-2.3.1/src/playlistbrowser.cpp Examining data/knowthelist-2.3.1/src/playlistbrowser.h Examining data/knowthelist-2.3.1/src/playlistitem.cpp Examining data/knowthelist-2.3.1/src/playlistitem.h Examining data/knowthelist-2.3.1/src/playlistwidget.cpp Examining data/knowthelist-2.3.1/src/playlistwidget.h Examining data/knowthelist-2.3.1/src/progressbar.cpp Examining data/knowthelist-2.3.1/src/progressbar.h Examining data/knowthelist-2.3.1/src/qled.cpp Examining data/knowthelist-2.3.1/src/qled.h Examining data/knowthelist-2.3.1/src/ratingwidget.cpp Examining data/knowthelist-2.3.1/src/ratingwidget.h Examining data/knowthelist-2.3.1/src/settingsdialog.cpp Examining data/knowthelist-2.3.1/src/settingsdialog.h Examining data/knowthelist-2.3.1/src/stackdisplay.cpp Examining data/knowthelist-2.3.1/src/stackdisplay.h Examining data/knowthelist-2.3.1/src/stylehelper.cpp Examining data/knowthelist-2.3.1/src/stylehelper.h Examining data/knowthelist-2.3.1/src/track.cpp Examining data/knowthelist-2.3.1/src/track.h Examining data/knowthelist-2.3.1/src/trackanalyser.cpp Examining data/knowthelist-2.3.1/src/trackanalyser.h Examining data/knowthelist-2.3.1/src/vumeter.cpp Examining data/knowthelist-2.3.1/src/vumeter.h FINAL RESULTS: data/knowthelist-2.3.1/src/main.cpp:51:25: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. lang = QLocale::system().name(); data/knowthelist-2.3.1/src/stylehelper.cpp:152:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. key.sprintf("mh_vertical %d %d %d %d %d", data/knowthelist-2.3.1/gst/directsound/gstdirectsoundsink.c:663:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pLockedBuffer1, data, dwSizeBuffer1); data/knowthelist-2.3.1/gst/directsound/gstdirectsoundsink.c:665:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pLockedBuffer2, (LPBYTE) data + dwSizeBuffer1, dwSizeBuffer2); data/knowthelist-2.3.1/src/djfilterwidget.cpp:237:44: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void DjFilterWidget::slideCloseWidget(bool open) data/knowthelist-2.3.1/src/djfilterwidget.cpp:239:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). p->targetWidth = (open) ? 70 : 0; data/knowthelist-2.3.1/src/djfilterwidget.h:38:32: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void slideCloseWidget(bool open); data/knowthelist-2.3.1/src/djsession.cpp:363:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QFile::WriteOnly)) data/knowthelist-2.3.1/src/djwidget.cpp:185:38: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void DjWidget::slideCloseWidget(bool open) data/knowthelist-2.3.1/src/djwidget.cpp:187:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). p->targetWidth = (open) ? 70 : 0; data/knowthelist-2.3.1/src/djwidget.h:36:32: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void slideCloseWidget(bool open); data/knowthelist-2.3.1/src/knowthelist.cpp:664:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). monitorPlayer->open(track->url()); data/knowthelist-2.3.1/src/main.cpp:91:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!db.open()) { data/knowthelist-2.3.1/src/monitorplayer.cpp:223:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void MonitorPlayer::open(QUrl url) data/knowthelist-2.3.1/src/monitorplayer.h:48:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(QUrl url); data/knowthelist-2.3.1/src/player.cpp:264:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void Player::open(QUrl url) data/knowthelist-2.3.1/src/player.h:38:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(QUrl url); data/knowthelist-2.3.1/src/playerwidget.cpp:306:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). player->open(url); data/knowthelist-2.3.1/src/playerwidget.cpp:309:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). trackanalyser->open(url); data/knowthelist-2.3.1/src/playlist.cpp:467:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QFile::WriteOnly)) data/knowthelist-2.3.1/src/playlist.cpp:531:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QFile::ReadOnly)) { data/knowthelist-2.3.1/src/playlistbrowser.cpp:331:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( file.open( QFile::ReadOnly ) ) data/knowthelist-2.3.1/src/playlistbrowser.cpp:396:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( file.open( QFile::ReadOnly ) ) data/knowthelist-2.3.1/src/playlistwidget.cpp:180:44: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void PlaylistWidget::slideCloseWidget(bool open) data/knowthelist-2.3.1/src/playlistwidget.cpp:182:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). p->targetWidth = (open) ? 70 : 0; data/knowthelist-2.3.1/src/playlistwidget.h:25:32: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void slideCloseWidget(bool open); data/knowthelist-2.3.1/src/trackanalyser.cpp:232:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void TrackAnalyser::open(QUrl url) data/knowthelist-2.3.1/src/trackanalyser.h:38:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(QUrl url); ANALYSIS SUMMARY: Hits = 28 Lines analyzed = 15307 in approximately 1.20 seconds (12741 lines/second) Physical Source Lines of Code (SLOC) = 11062 Hits@level = [0] 0 [1] 0 [2] 26 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 28 [1+] 28 [2+] 28 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 2.53119 [1+] 2.53119 [2+] 2.53119 [3+] 0.180799 [4+] 0.180799 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.