Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/ktp-text-ui-20.08.0/filters/geopoint/geopoint-filter.cpp Examining data/ktp-text-ui-20.08.0/filters/geopoint/geopoint-filter.h Examining data/ktp-text-ui-20.08.0/filters/emoticons/emoticon-filter.cpp Examining data/ktp-text-ui-20.08.0/filters/emoticons/emoticon-filter.h Examining data/ktp-text-ui-20.08.0/filters/emoticons/emoticon-config.h Examining data/ktp-text-ui-20.08.0/filters/emoticons/emoticon-config.cpp Examining data/ktp-text-ui-20.08.0/filters/searchexpansion/searchexpansion-filter.cpp Examining data/ktp-text-ui-20.08.0/filters/searchexpansion/searchexpansion-filter.h Examining data/ktp-text-ui-20.08.0/filters/youtube/youtube-filter.cpp Examining data/ktp-text-ui-20.08.0/filters/youtube/youtube-filter.h Examining data/ktp-text-ui-20.08.0/filters/highlight/highlight-filter.cpp Examining data/ktp-text-ui-20.08.0/filters/highlight/highlight-filter.h Examining data/ktp-text-ui-20.08.0/filters/urlexpansion/urlexpansion-filter.cpp Examining data/ktp-text-ui-20.08.0/filters/urlexpansion/urlexpansion-filter.h Examining data/ktp-text-ui-20.08.0/filters/formatting/format-filter.cpp Examining data/ktp-text-ui-20.08.0/filters/formatting/format-filter.h Examining data/ktp-text-ui-20.08.0/filters/images/images-filter.cpp Examining data/ktp-text-ui-20.08.0/filters/images/images-filter.h Examining data/ktp-text-ui-20.08.0/filters/bugzilla/bugzilla-filter.cpp Examining data/ktp-text-ui-20.08.0/filters/bugzilla/bugzilla-filter.h Examining data/ktp-text-ui-20.08.0/filters/otr/otr-filter.h Examining data/ktp-text-ui-20.08.0/filters/otr/otr-filter.cpp Examining data/ktp-text-ui-20.08.0/filters/latex/latex-filter.h Examining data/ktp-text-ui-20.08.0/filters/latex/latex-config.cpp Examining data/ktp-text-ui-20.08.0/filters/latex/latex-filter.cpp Examining data/ktp-text-ui-20.08.0/filters/latex/latex-config.h Examining data/ktp-text-ui-20.08.0/filters/texttospeech/tts-filter.cpp Examining data/ktp-text-ui-20.08.0/filters/texttospeech/tts-filter.h Examining data/ktp-text-ui-20.08.0/lib/otr-status.cpp Examining data/ktp-text-ui-20.08.0/lib/adium-theme-message-info.h Examining data/ktp-text-ui-20.08.0/lib/notify-filter.cpp Examining data/ktp-text-ui-20.08.0/lib/chat-style-plist-file-reader.cpp Examining data/ktp-text-ui-20.08.0/lib/adium-theme-message-info.cpp Examining data/ktp-text-ui-20.08.0/lib/channel-contact-model.h Examining data/ktp-text-ui-20.08.0/lib/text-chat-config.h Examining data/ktp-text-ui-20.08.0/lib/otr-notifications.h Examining data/ktp-text-ui-20.08.0/lib/chat-window-style-manager.h Examining data/ktp-text-ui-20.08.0/lib/contact-delegate.cpp Examining data/ktp-text-ui-20.08.0/lib/adium-theme-status-info.cpp Examining data/ktp-text-ui-20.08.0/lib/chat-search-bar.cpp Examining data/ktp-text-ui-20.08.0/lib/adium-theme-content-info.h Examining data/ktp-text-ui-20.08.0/lib/contact-delegate.h Examining data/ktp-text-ui-20.08.0/lib/chat-text-edit.cpp Examining data/ktp-text-ui-20.08.0/lib/chat-window-style.cpp Examining data/ktp-text-ui-20.08.0/lib/adium-theme-status-info.h Examining data/ktp-text-ui-20.08.0/lib/otr-notifications.cpp Examining data/ktp-text-ui-20.08.0/lib/emoticons-manager.h Examining data/ktp-text-ui-20.08.0/lib/chat-widget.h Examining data/ktp-text-ui-20.08.0/lib/types.h Examining data/ktp-text-ui-20.08.0/lib/chat-window-style.h Examining data/ktp-text-ui-20.08.0/lib/channel-contact-model.cpp Examining data/ktp-text-ui-20.08.0/lib/adium-theme-content-info.cpp Examining data/ktp-text-ui-20.08.0/lib/adium-theme-view.cpp Examining data/ktp-text-ui-20.08.0/lib/adium-theme-header-info.h Examining data/ktp-text-ui-20.08.0/lib/ktp-debug.cpp Examining data/ktp-text-ui-20.08.0/lib/chat-text-edit.h Examining data/ktp-text-ui-20.08.0/lib/proxy-service.h Examining data/ktp-text-ui-20.08.0/lib/emoticons-manager.cpp Examining data/ktp-text-ui-20.08.0/lib/ktpchat_export.h Examining data/ktp-text-ui-20.08.0/lib/notify-filter.h Examining data/ktp-text-ui-20.08.0/lib/proxy-service.cpp Examining data/ktp-text-ui-20.08.0/lib/authenticationwizard.h Examining data/ktp-text-ui-20.08.0/lib/ktp-debug.h Examining data/ktp-text-ui-20.08.0/lib/authenticationwizard.cpp Examining data/ktp-text-ui-20.08.0/lib/otr-status.h Examining data/ktp-text-ui-20.08.0/lib/chat-window-style-manager.cpp Examining data/ktp-text-ui-20.08.0/lib/chat-search-bar.h Examining data/ktp-text-ui-20.08.0/lib/chat-style-plist-file-reader.h Examining data/ktp-text-ui-20.08.0/lib/adium-theme-view.h Examining data/ktp-text-ui-20.08.0/lib/chat-widget.cpp Examining data/ktp-text-ui-20.08.0/lib/adium-theme-header-info.cpp Examining data/ktp-text-ui-20.08.0/lib/text-chat-config.cpp Examining data/ktp-text-ui-20.08.0/app/emoticon-text-edit-selector.h Examining data/ktp-text-ui-20.08.0/app/defines.h Examining data/ktp-text-ui-20.08.0/app/emoticon-text-edit-action.h Examining data/ktp-text-ui-20.08.0/app/chat-window.cpp Examining data/ktp-text-ui-20.08.0/app/chat-tab.cpp Examining data/ktp-text-ui-20.08.0/app/telepathy-chat-ui.h Examining data/ktp-text-ui-20.08.0/app/emoticon-text-edit-selector.cpp Examining data/ktp-text-ui-20.08.0/app/telepathy-chat-ui.cpp Examining data/ktp-text-ui-20.08.0/app/emoticon-text-edit-action.cpp Examining data/ktp-text-ui-20.08.0/app/chat-window.h Examining data/ktp-text-ui-20.08.0/app/main.cpp Examining data/ktp-text-ui-20.08.0/app/chat-tab.h Examining data/ktp-text-ui-20.08.0/app/invite-contact-dialog.cpp Examining data/ktp-text-ui-20.08.0/app/invite-contact-dialog.h Examining data/ktp-text-ui-20.08.0/logviewer/dates-model.cpp Examining data/ktp-text-ui-20.08.0/logviewer/entity-filter-model.cpp Examining data/ktp-text-ui-20.08.0/logviewer/entity-view.h Examining data/ktp-text-ui-20.08.0/logviewer/logs-import-dialog.h Examining data/ktp-text-ui-20.08.0/logviewer/person-entity-merge-model.h Examining data/ktp-text-ui-20.08.0/logviewer/debug.h Examining data/ktp-text-ui-20.08.0/logviewer/dates-view-delegate.h Examining data/ktp-text-ui-20.08.0/logviewer/dates-view-delegate.cpp Examining data/ktp-text-ui-20.08.0/logviewer/entity-view-delegate.h Examining data/ktp-text-ui-20.08.0/logviewer/entity-filter-model.h Examining data/ktp-text-ui-20.08.0/logviewer/message-view.h Examining data/ktp-text-ui-20.08.0/logviewer/log-viewer.h Examining data/ktp-text-ui-20.08.0/logviewer/main.cpp Examining data/ktp-text-ui-20.08.0/logviewer/entity-model.cpp Examining data/ktp-text-ui-20.08.0/logviewer/log-viewer.cpp Examining data/ktp-text-ui-20.08.0/logviewer/entity-model.h Examining data/ktp-text-ui-20.08.0/logviewer/logs-import-dialog.cpp Examining data/ktp-text-ui-20.08.0/logviewer/entity-view-delegate.cpp Examining data/ktp-text-ui-20.08.0/logviewer/entity-view.cpp Examining data/ktp-text-ui-20.08.0/logviewer/config/behavior-config.h Examining data/ktp-text-ui-20.08.0/logviewer/config/behavior-config.cpp Examining data/ktp-text-ui-20.08.0/logviewer/message-view.cpp Examining data/ktp-text-ui-20.08.0/logviewer/dates-model.h Examining data/ktp-text-ui-20.08.0/logviewer/person-entity-merge-model.cpp Examining data/ktp-text-ui-20.08.0/adiumxtra-protocol-handler/emoticon-set-installer.h Examining data/ktp-text-ui-20.08.0/adiumxtra-protocol-handler/chat-style-installer.h Examining data/ktp-text-ui-20.08.0/adiumxtra-protocol-handler/bundle-installer.h Examining data/ktp-text-ui-20.08.0/adiumxtra-protocol-handler/adiumxtra-protocol-handler.h Examining data/ktp-text-ui-20.08.0/adiumxtra-protocol-handler/adiumxtra-protocol-handler.cpp Examining data/ktp-text-ui-20.08.0/adiumxtra-protocol-handler/chat-style-installer.cpp Examining data/ktp-text-ui-20.08.0/adiumxtra-protocol-handler/main.cpp Examining data/ktp-text-ui-20.08.0/adiumxtra-protocol-handler/bundle-installer.cpp Examining data/ktp-text-ui-20.08.0/adiumxtra-protocol-handler/emoticon-set-installer.cpp Examining data/ktp-text-ui-20.08.0/config/appearance/appearance-config-tab.cpp Examining data/ktp-text-ui-20.08.0/config/appearance/appearance-config-tab.h Examining data/ktp-text-ui-20.08.0/config/appearance/appearance-config.cpp Examining data/ktp-text-ui-20.08.0/config/appearance/appearance-config.h Examining data/ktp-text-ui-20.08.0/config/messages/messages-config.h Examining data/ktp-text-ui-20.08.0/config/messages/messages-config.cpp Examining data/ktp-text-ui-20.08.0/config/otr/otr-config.h Examining data/ktp-text-ui-20.08.0/config/otr/otr-config.cpp Examining data/ktp-text-ui-20.08.0/config/behavior/behavior-config.h Examining data/ktp-text-ui-20.08.0/config/behavior/behavior-config.cpp Examining data/ktp-text-ui-20.08.0/image-sharer/mpform.h Examining data/ktp-text-ui-20.08.0/image-sharer/imgursharer.cpp Examining data/ktp-text-ui-20.08.0/image-sharer/abstractsharer.cpp Examining data/ktp-text-ui-20.08.0/image-sharer/shareprovider.h Examining data/ktp-text-ui-20.08.0/image-sharer/imagebinsharer.h Examining data/ktp-text-ui-20.08.0/image-sharer/abstractsharer.h Examining data/ktp-text-ui-20.08.0/image-sharer/imgursharer.h Examining data/ktp-text-ui-20.08.0/image-sharer/shareprovider.cpp Examining data/ktp-text-ui-20.08.0/image-sharer/simplestimagehostingsharer.cpp Examining data/ktp-text-ui-20.08.0/image-sharer/imagebinsharer.cpp Examining data/ktp-text-ui-20.08.0/image-sharer/imagesharer_export.h Examining data/ktp-text-ui-20.08.0/image-sharer/mpform.cpp Examining data/ktp-text-ui-20.08.0/image-sharer/simplestimagehostingsharer.h FINAL RESULTS: data/ktp-text-ui-20.08.0/lib/adium-theme-view.cpp:643:66: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. htmlTemplate.replace(QLatin1String("%timeOpened%"), QLocale::system().toString(info.timeOpened().time())); data/ktp-text-ui-20.08.0/lib/adium-theme-view.cpp:644:66: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. htmlTemplate.replace(QLatin1String("%dateOpened%"), QLocale::system().toString(info.timeOpened().date(), QLocale::LongFormat)); data/ktp-text-ui-20.08.0/lib/adium-theme-view.cpp:648:104: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. "Conversation began %1", QLocale::system().toString(info.timeOpened().time()))); data/ktp-text-ui-20.08.0/lib/adium-theme-view.cpp:652:96: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. "Joined at %1", QLocale::system().toString(info.timeOpened().time()))); data/ktp-text-ui-20.08.0/lib/adium-theme-view.cpp:719:60: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. htmlTemplate.replace(QLatin1String("%time%"), QLocale::system().toString(info.time().time())); data/ktp-text-ui-20.08.0/lib/adium-theme-view.cpp:721:65: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. htmlTemplate.replace(QLatin1String("%shortTime%"), QLocale::system().toString(info.time().time(), QLocale::ShortFormat)); data/ktp-text-ui-20.08.0/logviewer/dates-model.cpp:332:29: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. return QLocale::system().toString(node->date, QLocale::ShortFormat); data/ktp-text-ui-20.08.0/adiumxtra-protocol-handler/adiumxtra-protocol-handler.cpp:65:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (tmpFile->open()) { data/ktp-text-ui-20.08.0/adiumxtra-protocol-handler/adiumxtra-protocol-handler.cpp:101:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!archive->open(QIODevice::ReadOnly)) { data/ktp-text-ui-20.08.0/filters/latex/latex-filter.cpp:94:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!texFile.open()) { data/ktp-text-ui-20.08.0/filters/latex/latex-filter.cpp:157:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QIODevice::ReadOnly); data/ktp-text-ui-20.08.0/filters/urlexpansion/urlexpansion-filter.cpp:52:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool b = servicesFile.open(QIODevice::ReadOnly); data/ktp-text-ui-20.08.0/image-sharer/mpform.cpp:114:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!imageFile.open(QIODevice::ReadOnly)) data/ktp-text-ui-20.08.0/image-sharer/shareprovider.cpp:142:31: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). KIO::FileJob *fjob = KIO::open(mjob->url(), QIODevice::ReadOnly); data/ktp-text-ui-20.08.0/image-sharer/shareprovider.cpp:143:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). connect(fjob, SIGNAL(open(KIO::Job*)), this, SLOT(onFileOpened(KIO::Job*))); data/ktp-text-ui-20.08.0/lib/chat-style-plist-file-reader.cpp:57:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly)) { data/ktp-text-ui-20.08.0/lib/chat-widget.cpp:481:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!tmpFile.open()) { data/ktp-text-ui-20.08.0/lib/chat-window-style-manager.cpp:144:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!archive->open(QIODevice::ReadOnly)) { data/ktp-text-ui-20.08.0/lib/chat-window-style-manager.cpp:148:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!archive->open(QIODevice::ReadOnly)) { data/ktp-text-ui-20.08.0/lib/chat-window-style-manager.cpp:160:36: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (archive == 0 || !archive->open(QIODevice::ReadOnly)) { data/ktp-text-ui-20.08.0/lib/chat-window-style.cpp:406:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fileAccess.open(QIODevice::ReadOnly); data/ktp-text-ui-20.08.0/lib/chat-window-style.cpp:457:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fileAccess.open(QIODevice::ReadOnly); data/ktp-text-ui-20.08.0/image-sharer/shareprovider.cpp:152:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fjob->read(fjob->size()); ANALYSIS SUMMARY: Hits = 23 Lines analyzed = 19619 in approximately 0.96 seconds (20420 lines/second) Physical Source Lines of Code (SLOC) = 12707 Hits@level = [0] 0 [1] 1 [2] 15 [3] 0 [4] 7 [5] 0 Hits@level+ = [0+] 23 [1+] 23 [2+] 22 [3+] 7 [4+] 7 [5+] 0 Hits/KSLOC@level+ = [0+] 1.81003 [1+] 1.81003 [2+] 1.73133 [3+] 0.550877 [4+] 0.550877 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.