Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/cfgfile.cpp
Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/cfgfile.h
Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/crtheme.cpp
Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/crtheme.h
Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/itemdelegate.cpp
Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/itemdelegate.h
Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/main.cpp
Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/main.h
Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/previewwidget.cpp
Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/previewwidget.h
Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/selectwnd.cpp
Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/selectwnd.h
Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/thememodel.cpp
Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/thememodel.h
Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/warninglabel.cpp
Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/warninglabel.h
Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrimg.cpp
Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrimg.h
Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrtheme.cpp
Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrtheme.h
Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrthemefx.cpp
Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrthemefx.h
Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrthemexp.cpp
Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrthemexp.h
Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrxcur.cpp
Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrxcur.h
Examining data/lxqt-config-0.14.1/lxqt-config-appearance/configothertoolkits.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-appearance/configothertoolkits.h
Examining data/lxqt-config-0.14.1/lxqt-config-appearance/fontconfigfile.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-appearance/fontconfigfile.h
Examining data/lxqt-config-0.14.1/lxqt-config-appearance/fontsconfig.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-appearance/fontsconfig.h
Examining data/lxqt-config-0.14.1/lxqt-config-appearance/iconthemeconfig.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-appearance/iconthemeconfig.h
Examining data/lxqt-config-0.14.1/lxqt-config-appearance/iconthemeinfo.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-appearance/iconthemeinfo.h
Examining data/lxqt-config-0.14.1/lxqt-config-appearance/lxqtthemeconfig.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-appearance/lxqtthemeconfig.h
Examining data/lxqt-config-0.14.1/lxqt-config-appearance/main.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-appearance/styleconfig.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-appearance/styleconfig.h
Examining data/lxqt-config-0.14.1/lxqt-config-brightness/brightnesssettings.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-brightness/brightnesssettings.h
Examining data/lxqt-config-0.14.1/lxqt-config-brightness/main.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-brightness/monitorinfo.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-brightness/monitorinfo.h
Examining data/lxqt-config-0.14.1/lxqt-config-brightness/outputwidget.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-brightness/outputwidget.h
Examining data/lxqt-config-0.14.1/lxqt-config-brightness/xrandrbrightness.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-brightness/xrandrbrightness.h
Examining data/lxqt-config-0.14.1/lxqt-config-file-associations/applicationchooser.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-file-associations/applicationchooser.h
Examining data/lxqt-config-0.14.1/lxqt-config-file-associations/main.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-file-associations/mimetypedata.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-file-associations/mimetypedata.h
Examining data/lxqt-config-0.14.1/lxqt-config-file-associations/mimetypeitemmodel.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-file-associations/mimetypeitemmodel.h
Examining data/lxqt-config-0.14.1/lxqt-config-file-associations/mimetypeviewer.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-file-associations/mimetypeviewer.h
Examining data/lxqt-config-0.14.1/lxqt-config-input/keyboardconfig.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-input/keyboardconfig.h
Examining data/lxqt-config-0.14.1/lxqt-config-input/keyboardlayoutconfig.h
Examining data/lxqt-config-0.14.1/lxqt-config-input/keyboardlayoutinfo.h
Examining data/lxqt-config-0.14.1/lxqt-config-input/lxqt-config-input.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-input/lxqt-config-input.h
Examining data/lxqt-config-0.14.1/lxqt-config-input/mouseconfig.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-input/mouseconfig.h
Examining data/lxqt-config-0.14.1/lxqt-config-input/selectkeyboardlayoutdialog.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-input/selectkeyboardlayoutdialog.h
Examining data/lxqt-config-0.14.1/lxqt-config-input/touchpadconfig.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-input/touchpadconfig.h
Examining data/lxqt-config-0.14.1/lxqt-config-input/touchpaddevice.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-input/touchpaddevice.h
Examining data/lxqt-config-0.14.1/lxqt-config-input/keyboardlayoutconfig.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-locale/combobox.h
Examining data/lxqt-config-0.14.1/lxqt-config-locale/localeconfig.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-locale/localeconfig.h
Examining data/lxqt-config-0.14.1/lxqt-config-locale/main.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-monitor/fastmenu.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-monitor/fastmenu.h
Examining data/lxqt-config-0.14.1/lxqt-config-monitor/loadsettings.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-monitor/loadsettings.h
Examining data/lxqt-config-0.14.1/lxqt-config-monitor/main.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-monitor/managesavedsettings.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-monitor/managesavedsettings.h
Examining data/lxqt-config-0.14.1/lxqt-config-monitor/monitor.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-monitor/monitor.h
Examining data/lxqt-config-0.14.1/lxqt-config-monitor/monitorpicture.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-monitor/monitorpicture.h
Examining data/lxqt-config-0.14.1/lxqt-config-monitor/monitorsettingsdialog.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-monitor/monitorsettingsdialog.h
Examining data/lxqt-config-0.14.1/lxqt-config-monitor/monitorwidget.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-monitor/monitorwidget.h
Examining data/lxqt-config-0.14.1/lxqt-config-monitor/savesettings.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-monitor/settingsdialog.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-monitor/settingsdialog.h
Examining data/lxqt-config-0.14.1/lxqt-config-monitor/timeoutdialog.cpp
Examining data/lxqt-config-0.14.1/lxqt-config-monitor/timeoutdialog.h
Examining data/lxqt-config-0.14.1/src/main.cpp
Examining data/lxqt-config-0.14.1/src/mainwindow.cpp
Examining data/lxqt-config-0.14.1/src/mainwindow.h
Examining data/lxqt-config-0.14.1/src/qcategorizedview/qcategorizedsortfilterproxymodel.cpp
Examining data/lxqt-config-0.14.1/src/qcategorizedview/qcategorizedsortfilterproxymodel.h
Examining data/lxqt-config-0.14.1/src/qcategorizedview/qcategorizedsortfilterproxymodel_p.h
Examining data/lxqt-config-0.14.1/src/qcategorizedview/qcategorizedview.cpp
Examining data/lxqt-config-0.14.1/src/qcategorizedview/qcategorizedview.h
Examining data/lxqt-config-0.14.1/src/qcategorizedview/qcategorizedview_p.h
Examining data/lxqt-config-0.14.1/src/qcategorizedview/qcategorydrawer.cpp
Examining data/lxqt-config-0.14.1/src/qcategorizedview/qcategorydrawer.h

FINAL RESULTS:

data/lxqt-config-0.14.1/liblxqt-config-cursor/cfgfile.cpp:21:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (fl.open(QIODevice::ReadOnly))
data/lxqt-config-0.14.1/liblxqt-config-cursor/cfgfile.cpp:62:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if (fl.open(QIODevice::ReadOnly))
data/lxqt-config-0.14.1/liblxqt-config-cursor/cfgfile.cpp:87:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if (fl.open(QIODevice::WriteOnly))
data/lxqt-config-0.14.1/liblxqt-config-cursor/cfgfile.cpp:105:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (fl.open(QIODevice::ReadOnly))
data/lxqt-config-0.14.1/liblxqt-config-cursor/selectwnd.cpp:193:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if(indexTheme.open(QIODevice::WriteOnly|QIODevice::Truncate))
data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrtheme.cpp:313:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      if (fo.open(QIODevice::WriteOnly)) {
data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrtheme.cpp:353:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if (fl.open(QIODevice::ReadOnly)) {
data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrtheme.cpp:478:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if (fl.open(QIODevice::ReadOnly)) {
data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrtheme.cpp:540:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if (!fl.open(QIODevice::WriteOnly)) return false;
data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrtheme.cpp:702:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if (fl.open(QIODevice::WriteOnly)) {
data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrthemefx.cpp:180:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if (!fl.open(QIODevice::ReadOnly)) return false; // shit!
data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrthemexp.cpp:206:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tmpDirName[18];
data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrthemexp.cpp:207:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(tmpDirName, "/tmp/unzXXXXXX");
data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrthemexp.cpp:271:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if (!fl.open(QIODevice::ReadOnly)) return false; // no scheme --> no fun!
data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrxcur.cpp:139:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if (!fl.open(QIODevice::ReadOnly)) return false; // shit!
data/lxqt-config-0.14.1/lxqt-config-appearance/configothertoolkits.cpp:78:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if(tempFile.open()) {
data/lxqt-config-0.14.1/lxqt-config-appearance/configothertoolkits.cpp:125:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!file.open(QIODevice::ReadOnly | QIODevice::Text))
data/lxqt-config-0.14.1/lxqt-config-appearance/configothertoolkits.cpp:180:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if(file.open(QIODevice::WriteOnly)) {
data/lxqt-config-0.14.1/lxqt-config-appearance/configothertoolkits.cpp:220:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!file.open(QIODevice::WriteOnly | QIODevice::Text)) {
data/lxqt-config-0.14.1/lxqt-config-appearance/configothertoolkits.cpp:253:23:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            if (!file.open(QIODevice::ReadOnly | QIODevice::Text))
data/lxqt-config-0.14.1/lxqt-config-appearance/configothertoolkits.cpp:271:23:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            if (!file.open(QIODevice::ReadOnly | QIODevice::Text))
data/lxqt-config-0.14.1/lxqt-config-appearance/fontconfigfile.cpp:102:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if(file.open(QIODevice::ReadOnly))
data/lxqt-config-0.14.1/lxqt-config-appearance/fontconfigfile.cpp:153:23:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            if(backup.open(QIODevice::WriteOnly))
data/lxqt-config-0.14.1/lxqt-config-appearance/fontconfigfile.cpp:174:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if(file.open(QIODevice::WriteOnly))
data/lxqt-config-0.14.1/lxqt-config-input/keyboardlayoutconfig.cpp:106:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if(file.open(QIODevice::ReadOnly)) {
data/lxqt-config-0.14.1/lxqt-config-brightness/xrandrbrightness.cpp:46:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        xcb_intern_atom (QX11Info::connection(), 1, strlen("Backlight"), "Backlight"),
data/lxqt-config-0.14.1/src/mainwindow.cpp:86:28:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        bool res = xdgMenu.read(menuFile);

ANALYSIS SUMMARY:

Hits = 27
Lines analyzed = 17006 in approximately 0.49 seconds (34816 lines/second)
Physical Source Lines of Code (SLOC) = 11263
Hits@level = [0]   3 [1]   2 [2]  25 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  30 [1+]  27 [2+]  25 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 2.66359 [1+] 2.39723 [2+] 2.21966 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.