Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/mupen64plus-qt-1.14/src/common.cpp Examining data/mupen64plus-qt-1.14/src/common.h Examining data/mupen64plus-qt-1.14/src/dialogs/aboutdialog.cpp Examining data/mupen64plus-qt-1.14/src/dialogs/aboutdialog.h Examining data/mupen64plus-qt-1.14/src/dialogs/configeditor.cpp Examining data/mupen64plus-qt-1.14/src/dialogs/configeditor.h Examining data/mupen64plus-qt-1.14/src/dialogs/controlinfodialog.cpp Examining data/mupen64plus-qt-1.14/src/dialogs/controlinfodialog.h Examining data/mupen64plus-qt-1.14/src/dialogs/downloaddialog.cpp Examining data/mupen64plus-qt-1.14/src/dialogs/downloaddialog.h Examining data/mupen64plus-qt-1.14/src/dialogs/gamesettingsdialog.cpp Examining data/mupen64plus-qt-1.14/src/dialogs/gamesettingsdialog.h Examining data/mupen64plus-qt-1.14/src/dialogs/keycodesdialog.cpp Examining data/mupen64plus-qt-1.14/src/dialogs/keycodesdialog.h Examining data/mupen64plus-qt-1.14/src/dialogs/logdialog.cpp Examining data/mupen64plus-qt-1.14/src/dialogs/logdialog.h Examining data/mupen64plus-qt-1.14/src/dialogs/settingsdialog.cpp Examining data/mupen64plus-qt-1.14/src/dialogs/settingsdialog.h Examining data/mupen64plus-qt-1.14/src/emulation/emulatorhandler.cpp Examining data/mupen64plus-qt-1.14/src/emulation/emulatorhandler.h Examining data/mupen64plus-qt-1.14/src/global.h Examining data/mupen64plus-qt-1.14/src/main.cpp Examining data/mupen64plus-qt-1.14/src/mainwindow.cpp Examining data/mupen64plus-qt-1.14/src/mainwindow.h Examining data/mupen64plus-qt-1.14/src/roms/romcollection.cpp Examining data/mupen64plus-qt-1.14/src/roms/romcollection.h Examining data/mupen64plus-qt-1.14/src/roms/thegamesdbscraper.cpp Examining data/mupen64plus-qt-1.14/src/roms/thegamesdbscraper.h Examining data/mupen64plus-qt-1.14/src/views/gridview.cpp Examining data/mupen64plus-qt-1.14/src/views/gridview.h Examining data/mupen64plus-qt-1.14/src/views/listview.cpp Examining data/mupen64plus-qt-1.14/src/views/listview.h Examining data/mupen64plus-qt-1.14/src/views/tableview.cpp Examining data/mupen64plus-qt-1.14/src/views/tableview.h Examining data/mupen64plus-qt-1.14/src/views/widgets/clickablewidget.cpp Examining data/mupen64plus-qt-1.14/src/views/widgets/clickablewidget.h Examining data/mupen64plus-qt-1.14/src/views/widgets/treewidgetitem.cpp Examining data/mupen64plus-qt-1.14/src/views/widgets/treewidgetitem.h FINAL RESULTS: data/mupen64plus-qt-1.14/src/common.cpp:119:39: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. QString systemLanguage = QLocale::system().name().left(2); data/mupen64plus-qt-1.14/src/common.cpp:360:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). versionFile.open(QIODevice::ReadOnly); data/mupen64plus-qt-1.14/src/common.cpp:371:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). zipFile.open(QuaZip::mdUnzip); data/mupen64plus-qt-1.14/src/common.cpp:383:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). zippedFile.open(QIODevice::ReadOnly); data/mupen64plus-qt-1.14/src/dialogs/aboutdialog.cpp:54:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). licenseFile.open(QIODevice::ReadOnly); data/mupen64plus-qt-1.14/src/dialogs/configeditor.cpp:63:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). config.open(QIODevice::ReadOnly); data/mupen64plus-qt-1.14/src/dialogs/configeditor.cpp:117:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). config.open(QIODevice::WriteOnly); data/mupen64plus-qt-1.14/src/emulation/emulatorhandler.cpp:142:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). zippedFile.open(QIODevice::ReadOnly); data/mupen64plus-qt-1.14/src/emulation/emulatorhandler.cpp:152:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tempRom.open(QIODevice::WriteOnly); data/mupen64plus-qt-1.14/src/emulation/emulatorhandler.cpp:201:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). romFile.open(QIODevice::ReadOnly); data/mupen64plus-qt-1.14/src/roms/romcollection.cpp:120:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). database.open(); data/mupen64plus-qt-1.14/src/roms/romcollection.cpp:166:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QIODevice::ReadOnly); data/mupen64plus-qt-1.14/src/roms/romcollection.cpp:223:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). database.open(); data/mupen64plus-qt-1.14/src/roms/romcollection.cpp:399:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QIODevice::ReadOnly); data/mupen64plus-qt-1.14/src/roms/romcollection.cpp:462:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!database.open()) data/mupen64plus-qt-1.14/src/roms/thegamesdbscraper.cpp:67:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). cacheFile.open(QIODevice::ReadOnly); data/mupen64plus-qt-1.14/src/roms/thegamesdbscraper.cpp:83:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). cacheFile.open(QIODevice::ReadOnly); data/mupen64plus-qt-1.14/src/roms/thegamesdbscraper.cpp:124:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QIODevice::WriteOnly); data/mupen64plus-qt-1.14/src/roms/thegamesdbscraper.cpp:140:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). coverJPG.open(QIODevice::WriteOnly); data/mupen64plus-qt-1.14/src/roms/thegamesdbscraper.cpp:313:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QIODevice::WriteOnly); data/mupen64plus-qt-1.14/src/roms/thegamesdbscraper.cpp:340:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QIODevice::ReadOnly); data/mupen64plus-qt-1.14/src/roms/thegamesdbscraper.cpp:359:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). cover.open(QIODevice::WriteOnly); data/mupen64plus-qt-1.14/src/roms/thegamesdbscraper.cpp:448:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file->open(QIODevice::WriteOnly); data/mupen64plus-qt-1.14/src/emulation/emulatorhandler.cpp:202:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QByteArray romCheck = romFile.read(4); ANALYSIS SUMMARY: Hits = 24 Lines analyzed = 7355 in approximately 0.21 seconds (34868 lines/second) Physical Source Lines of Code (SLOC) = 4685 Hits@level = [0] 0 [1] 1 [2] 22 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 24 [1+] 24 [2+] 23 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 5.12273 [1+] 5.12273 [2+] 4.90928 [3+] 0.213447 [4+] 0.213447 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.