Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/cfgfile.cpp Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/cfgfile.h Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/crtheme.cpp Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/crtheme.h Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/itemdelegate.cpp Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/itemdelegate.h Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/main.cpp Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/main.h Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/previewwidget.cpp Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/previewwidget.h Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/selectwnd.cpp Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/selectwnd.h Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/thememodel.cpp Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/thememodel.h Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/warninglabel.cpp Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/warninglabel.h Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrimg.cpp Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrimg.h Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrtheme.cpp Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrtheme.h Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrthemefx.cpp Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrthemefx.h Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrthemexp.cpp Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrthemexp.h Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrxcur.cpp Examining data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrxcur.h Examining data/lxqt-config-0.14.1/lxqt-config-appearance/configothertoolkits.cpp Examining data/lxqt-config-0.14.1/lxqt-config-appearance/configothertoolkits.h Examining data/lxqt-config-0.14.1/lxqt-config-appearance/fontconfigfile.cpp Examining data/lxqt-config-0.14.1/lxqt-config-appearance/fontconfigfile.h Examining data/lxqt-config-0.14.1/lxqt-config-appearance/fontsconfig.cpp Examining data/lxqt-config-0.14.1/lxqt-config-appearance/fontsconfig.h Examining data/lxqt-config-0.14.1/lxqt-config-appearance/iconthemeconfig.cpp Examining data/lxqt-config-0.14.1/lxqt-config-appearance/iconthemeconfig.h Examining data/lxqt-config-0.14.1/lxqt-config-appearance/iconthemeinfo.cpp Examining data/lxqt-config-0.14.1/lxqt-config-appearance/iconthemeinfo.h Examining data/lxqt-config-0.14.1/lxqt-config-appearance/lxqtthemeconfig.cpp Examining data/lxqt-config-0.14.1/lxqt-config-appearance/lxqtthemeconfig.h Examining data/lxqt-config-0.14.1/lxqt-config-appearance/main.cpp Examining data/lxqt-config-0.14.1/lxqt-config-appearance/styleconfig.cpp Examining data/lxqt-config-0.14.1/lxqt-config-appearance/styleconfig.h Examining data/lxqt-config-0.14.1/lxqt-config-brightness/brightnesssettings.cpp Examining data/lxqt-config-0.14.1/lxqt-config-brightness/brightnesssettings.h Examining data/lxqt-config-0.14.1/lxqt-config-brightness/main.cpp Examining data/lxqt-config-0.14.1/lxqt-config-brightness/monitorinfo.cpp Examining data/lxqt-config-0.14.1/lxqt-config-brightness/monitorinfo.h Examining data/lxqt-config-0.14.1/lxqt-config-brightness/outputwidget.cpp Examining data/lxqt-config-0.14.1/lxqt-config-brightness/outputwidget.h Examining data/lxqt-config-0.14.1/lxqt-config-brightness/xrandrbrightness.cpp Examining data/lxqt-config-0.14.1/lxqt-config-brightness/xrandrbrightness.h Examining data/lxqt-config-0.14.1/lxqt-config-file-associations/applicationchooser.cpp Examining data/lxqt-config-0.14.1/lxqt-config-file-associations/applicationchooser.h Examining data/lxqt-config-0.14.1/lxqt-config-file-associations/main.cpp Examining data/lxqt-config-0.14.1/lxqt-config-file-associations/mimetypedata.cpp Examining data/lxqt-config-0.14.1/lxqt-config-file-associations/mimetypedata.h Examining data/lxqt-config-0.14.1/lxqt-config-file-associations/mimetypeitemmodel.cpp Examining data/lxqt-config-0.14.1/lxqt-config-file-associations/mimetypeitemmodel.h Examining data/lxqt-config-0.14.1/lxqt-config-file-associations/mimetypeviewer.cpp Examining data/lxqt-config-0.14.1/lxqt-config-file-associations/mimetypeviewer.h Examining data/lxqt-config-0.14.1/lxqt-config-input/keyboardconfig.cpp Examining data/lxqt-config-0.14.1/lxqt-config-input/keyboardconfig.h Examining data/lxqt-config-0.14.1/lxqt-config-input/keyboardlayoutconfig.h Examining data/lxqt-config-0.14.1/lxqt-config-input/keyboardlayoutinfo.h Examining data/lxqt-config-0.14.1/lxqt-config-input/lxqt-config-input.cpp Examining data/lxqt-config-0.14.1/lxqt-config-input/lxqt-config-input.h Examining data/lxqt-config-0.14.1/lxqt-config-input/mouseconfig.cpp Examining data/lxqt-config-0.14.1/lxqt-config-input/mouseconfig.h Examining data/lxqt-config-0.14.1/lxqt-config-input/selectkeyboardlayoutdialog.cpp Examining data/lxqt-config-0.14.1/lxqt-config-input/selectkeyboardlayoutdialog.h Examining data/lxqt-config-0.14.1/lxqt-config-input/touchpadconfig.cpp Examining data/lxqt-config-0.14.1/lxqt-config-input/touchpadconfig.h Examining data/lxqt-config-0.14.1/lxqt-config-input/touchpaddevice.cpp Examining data/lxqt-config-0.14.1/lxqt-config-input/touchpaddevice.h Examining data/lxqt-config-0.14.1/lxqt-config-input/keyboardlayoutconfig.cpp Examining data/lxqt-config-0.14.1/lxqt-config-locale/combobox.h Examining data/lxqt-config-0.14.1/lxqt-config-locale/localeconfig.cpp Examining data/lxqt-config-0.14.1/lxqt-config-locale/localeconfig.h Examining data/lxqt-config-0.14.1/lxqt-config-locale/main.cpp Examining data/lxqt-config-0.14.1/lxqt-config-monitor/fastmenu.cpp Examining data/lxqt-config-0.14.1/lxqt-config-monitor/fastmenu.h Examining data/lxqt-config-0.14.1/lxqt-config-monitor/loadsettings.cpp Examining data/lxqt-config-0.14.1/lxqt-config-monitor/loadsettings.h Examining data/lxqt-config-0.14.1/lxqt-config-monitor/main.cpp Examining data/lxqt-config-0.14.1/lxqt-config-monitor/managesavedsettings.cpp Examining data/lxqt-config-0.14.1/lxqt-config-monitor/managesavedsettings.h Examining data/lxqt-config-0.14.1/lxqt-config-monitor/monitor.cpp Examining data/lxqt-config-0.14.1/lxqt-config-monitor/monitor.h Examining data/lxqt-config-0.14.1/lxqt-config-monitor/monitorpicture.cpp Examining data/lxqt-config-0.14.1/lxqt-config-monitor/monitorpicture.h Examining data/lxqt-config-0.14.1/lxqt-config-monitor/monitorsettingsdialog.cpp Examining data/lxqt-config-0.14.1/lxqt-config-monitor/monitorsettingsdialog.h Examining data/lxqt-config-0.14.1/lxqt-config-monitor/monitorwidget.cpp Examining data/lxqt-config-0.14.1/lxqt-config-monitor/monitorwidget.h Examining data/lxqt-config-0.14.1/lxqt-config-monitor/savesettings.cpp Examining data/lxqt-config-0.14.1/lxqt-config-monitor/settingsdialog.cpp Examining data/lxqt-config-0.14.1/lxqt-config-monitor/settingsdialog.h Examining data/lxqt-config-0.14.1/lxqt-config-monitor/timeoutdialog.cpp Examining data/lxqt-config-0.14.1/lxqt-config-monitor/timeoutdialog.h Examining data/lxqt-config-0.14.1/src/main.cpp Examining data/lxqt-config-0.14.1/src/mainwindow.cpp Examining data/lxqt-config-0.14.1/src/mainwindow.h Examining data/lxqt-config-0.14.1/src/qcategorizedview/qcategorizedsortfilterproxymodel.cpp Examining data/lxqt-config-0.14.1/src/qcategorizedview/qcategorizedsortfilterproxymodel.h Examining data/lxqt-config-0.14.1/src/qcategorizedview/qcategorizedsortfilterproxymodel_p.h Examining data/lxqt-config-0.14.1/src/qcategorizedview/qcategorizedview.cpp Examining data/lxqt-config-0.14.1/src/qcategorizedview/qcategorizedview.h Examining data/lxqt-config-0.14.1/src/qcategorizedview/qcategorizedview_p.h Examining data/lxqt-config-0.14.1/src/qcategorizedview/qcategorydrawer.cpp Examining data/lxqt-config-0.14.1/src/qcategorizedview/qcategorydrawer.h FINAL RESULTS: data/lxqt-config-0.14.1/liblxqt-config-cursor/cfgfile.cpp:21:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (fl.open(QIODevice::ReadOnly)) data/lxqt-config-0.14.1/liblxqt-config-cursor/cfgfile.cpp:62:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (fl.open(QIODevice::ReadOnly)) data/lxqt-config-0.14.1/liblxqt-config-cursor/cfgfile.cpp:87:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (fl.open(QIODevice::WriteOnly)) data/lxqt-config-0.14.1/liblxqt-config-cursor/cfgfile.cpp:105:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (fl.open(QIODevice::ReadOnly)) data/lxqt-config-0.14.1/liblxqt-config-cursor/selectwnd.cpp:193:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(indexTheme.open(QIODevice::WriteOnly|QIODevice::Truncate)) data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrtheme.cpp:313:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (fo.open(QIODevice::WriteOnly)) { data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrtheme.cpp:353:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (fl.open(QIODevice::ReadOnly)) { data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrtheme.cpp:478:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (fl.open(QIODevice::ReadOnly)) { data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrtheme.cpp:540:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fl.open(QIODevice::WriteOnly)) return false; data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrtheme.cpp:702:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (fl.open(QIODevice::WriteOnly)) { data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrthemefx.cpp:180:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fl.open(QIODevice::ReadOnly)) return false; // shit! data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrthemexp.cpp:206:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpDirName[18]; data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrthemexp.cpp:207:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tmpDirName, "/tmp/unzXXXXXX"); data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrthemexp.cpp:271:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fl.open(QIODevice::ReadOnly)) return false; // no scheme --> no fun! data/lxqt-config-0.14.1/liblxqt-config-cursor/xcr/xcrxcur.cpp:139:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fl.open(QIODevice::ReadOnly)) return false; // shit! data/lxqt-config-0.14.1/lxqt-config-appearance/configothertoolkits.cpp:78:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(tempFile.open()) { data/lxqt-config-0.14.1/lxqt-config-appearance/configothertoolkits.cpp:125:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) data/lxqt-config-0.14.1/lxqt-config-appearance/configothertoolkits.cpp:180:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(file.open(QIODevice::WriteOnly)) { data/lxqt-config-0.14.1/lxqt-config-appearance/configothertoolkits.cpp:220:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::WriteOnly | QIODevice::Text)) { data/lxqt-config-0.14.1/lxqt-config-appearance/configothertoolkits.cpp:253:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) data/lxqt-config-0.14.1/lxqt-config-appearance/configothertoolkits.cpp:271:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) data/lxqt-config-0.14.1/lxqt-config-appearance/fontconfigfile.cpp:102:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(file.open(QIODevice::ReadOnly)) data/lxqt-config-0.14.1/lxqt-config-appearance/fontconfigfile.cpp:153:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(backup.open(QIODevice::WriteOnly)) data/lxqt-config-0.14.1/lxqt-config-appearance/fontconfigfile.cpp:174:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(file.open(QIODevice::WriteOnly)) data/lxqt-config-0.14.1/lxqt-config-input/keyboardlayoutconfig.cpp:106:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(file.open(QIODevice::ReadOnly)) { data/lxqt-config-0.14.1/lxqt-config-brightness/xrandrbrightness.cpp:46:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xcb_intern_atom (QX11Info::connection(), 1, strlen("Backlight"), "Backlight"), data/lxqt-config-0.14.1/src/mainwindow.cpp:86:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool res = xdgMenu.read(menuFile); ANALYSIS SUMMARY: Hits = 27 Lines analyzed = 17006 in approximately 0.49 seconds (34816 lines/second) Physical Source Lines of Code (SLOC) = 11263 Hits@level = [0] 3 [1] 2 [2] 25 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 30 [1+] 27 [2+] 25 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 2.66359 [1+] 2.39723 [2+] 2.21966 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.