Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/mystiq-20.03.23/converter/audiofilter.cpp
Examining data/mystiq-20.03.23/converter/audiofilter.h
Examining data/mystiq-20.03.23/converter/conversionparameters.cpp
Examining data/mystiq-20.03.23/converter/conversionparameters.h
Examining data/mystiq-20.03.23/converter/converterinterface.cpp
Examining data/mystiq-20.03.23/converter/converterinterface.h
Examining data/mystiq-20.03.23/converter/exepath.cpp
Examining data/mystiq-20.03.23/converter/exepath.h
Examining data/mystiq-20.03.23/converter/ffmpeginterface.cpp
Examining data/mystiq-20.03.23/converter/ffmpeginterface.h
Examining data/mystiq-20.03.23/converter/mediaconverter.cpp
Examining data/mystiq-20.03.23/converter/mediaconverter.h
Examining data/mystiq-20.03.23/converter/mediaprobe.cpp
Examining data/mystiq-20.03.23/converter/mediaprobe.h
Examining data/mystiq-20.03.23/converter/presets.cpp
Examining data/mystiq-20.03.23/converter/presets.h
Examining data/mystiq-20.03.23/extra-translations.h
Examining data/mystiq-20.03.23/main.cpp
Examining data/mystiq-20.03.23/services/abstractpreviewer.cpp
Examining data/mystiq-20.03.23/services/abstractpreviewer.h
Examining data/mystiq-20.03.23/services/constants.cpp
Examining data/mystiq-20.03.23/services/constants.h
Examining data/mystiq-20.03.23/services/extensions.cpp
Examining data/mystiq-20.03.23/services/extensions.h
Examining data/mystiq-20.03.23/services/filepathoperations.cpp
Examining data/mystiq-20.03.23/services/filepathoperations.h
Examining data/mystiq-20.03.23/services/httpdownloader.cpp
Examining data/mystiq-20.03.23/services/httpdownloader.h
Examining data/mystiq-20.03.23/services/notification.cpp
Examining data/mystiq-20.03.23/services/notification.h
Examining data/mystiq-20.03.23/services/notificationservice-libnotify.cpp
Examining data/mystiq-20.03.23/services/notificationservice-libnotify.h
Examining data/mystiq-20.03.23/services/notificationservice-notifysend.cpp
Examining data/mystiq-20.03.23/services/notificationservice-notifysend.h
Examining data/mystiq-20.03.23/services/notificationservice-qt.cpp
Examining data/mystiq-20.03.23/services/notificationservice-qt.h
Examining data/mystiq-20.03.23/services/notificationservice.cpp
Examining data/mystiq-20.03.23/services/notificationservice.h
Examining data/mystiq-20.03.23/services/paths.cpp
Examining data/mystiq-20.03.23/services/paths.h
Examining data/mystiq-20.03.23/services/powermanagement-dummy.cpp
Examining data/mystiq-20.03.23/services/powermanagement-linux.cpp
Examining data/mystiq-20.03.23/services/powermanagement-w32.cpp
Examining data/mystiq-20.03.23/services/powermanagement.h
Examining data/mystiq-20.03.23/services/settingtimer.cpp
Examining data/mystiq-20.03.23/services/settingtimer.h
Examining data/mystiq-20.03.23/services/updatechecker.cpp
Examining data/mystiq-20.03.23/services/updatechecker.h
Examining data/mystiq-20.03.23/services/updateinfoparser.cpp
Examining data/mystiq-20.03.23/services/updateinfoparser.h
Examining data/mystiq-20.03.23/services/versioncompare.cpp
Examining data/mystiq-20.03.23/services/versioncompare.h
Examining data/mystiq-20.03.23/services/xmllookuptable.cpp
Examining data/mystiq-20.03.23/services/xmllookuptable.h
Examining data/mystiq-20.03.23/tests/testupdateinfoparser/testupdateinfoparser.cpp
Examining data/mystiq-20.03.23/tests/testupdateinfoparser/testupdateinfoparser.h
Examining data/mystiq-20.03.23/tests/testversioncompare/testversioncompare.cpp
Examining data/mystiq-20.03.23/tests/testversioncompare/testversioncompare.h
Examining data/mystiq-20.03.23/ui/aboutdialog.cpp
Examining data/mystiq-20.03.23/ui/aboutdialog.h
Examining data/mystiq-20.03.23/ui/aboutffmpegdialog.cpp
Examining data/mystiq-20.03.23/ui/aboutffmpegdialog.h
Examining data/mystiq-20.03.23/ui/addtaskwizard.cpp
Examining data/mystiq-20.03.23/ui/addtaskwizard.h
Examining data/mystiq-20.03.23/ui/conversionparameterdialog.cpp
Examining data/mystiq-20.03.23/ui/conversionparameterdialog.h
Examining data/mystiq-20.03.23/ui/convertlist.cpp
Examining data/mystiq-20.03.23/ui/convertlist.h
Examining data/mystiq-20.03.23/ui/helpmystiqdialog.cpp
Examining data/mystiq-20.03.23/ui/helpmystiqdialog.h
Examining data/mystiq-20.03.23/ui/interactivecuttingdialog.cpp
Examining data/mystiq-20.03.23/ui/interactivecuttingdialog.h
Examining data/mystiq-20.03.23/ui/mainwindow.cpp
Examining data/mystiq-20.03.23/ui/mainwindow.h
Examining data/mystiq-20.03.23/ui/mediaplayerwidget.cpp
Examining data/mystiq-20.03.23/ui/mediaplayerwidget.h
Examining data/mystiq-20.03.23/ui/optionsdialog.cpp
Examining data/mystiq-20.03.23/ui/optionsdialog.h
Examining data/mystiq-20.03.23/ui/poweroffdialog.cpp
Examining data/mystiq-20.03.23/ui/poweroffdialog.h
Examining data/mystiq-20.03.23/ui/previewdialog.cpp
Examining data/mystiq-20.03.23/ui/previewdialog.h
Examining data/mystiq-20.03.23/ui/progressbar.cpp
Examining data/mystiq-20.03.23/ui/progressbar.h
Examining data/mystiq-20.03.23/ui/rangeselector.cpp
Examining data/mystiq-20.03.23/ui/rangeselector.h
Examining data/mystiq-20.03.23/ui/rangewidgetbinder.cpp
Examining data/mystiq-20.03.23/ui/rangewidgetbinder.h
Examining data/mystiq-20.03.23/ui/timerangeedit.cpp
Examining data/mystiq-20.03.23/ui/timerangeedit.h
Examining data/mystiq-20.03.23/ui/updatedialog.cpp
Examining data/mystiq-20.03.23/ui/updatedialog.h
Examining data/mystiq-20.03.23/version.h
FINAL RESULTS:
data/mystiq-20.03.23/main.cpp:41:31: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QString locale = QLocale::system().name(); // language code + country code (xx_XX)
data/mystiq-20.03.23/main.cpp:186:41: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
translator_qt.load("qt_" + QLocale::system().name(), Paths::qtTranslationPath());
data/mystiq-20.03.23/ui/aboutdialog.cpp:170:39: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QString current_locale = QLocale::system().name();
data/mystiq-20.03.23/converter/presets.cpp:222:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!xmlfile.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/mystiq-20.03.23/main.cpp:77:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
constant_xml.open(QIODevice::ReadOnly);
data/mystiq-20.03.23/services/xmllookuptable.cpp:65:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/mystiq-20.03.23/converter/ffmpeginterface.cpp:82:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
begin += strlen(keyword_begin);
data/mystiq-20.03.23/services/httpdownloader.cpp:83:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reply->read(buffer.data(), m_sizeLimit); // buffer.data() is char*
ANALYSIS SUMMARY:
Hits = 8
Lines analyzed = 12678 in approximately 0.32 seconds (39540 lines/second)
Physical Source Lines of Code (SLOC) = 8240
Hits@level = [0] 0 [1] 2 [2] 3 [3] 0 [4] 3 [5] 0
Hits@level+ = [0+] 8 [1+] 8 [2+] 6 [3+] 3 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 0.970874 [1+] 0.970874 [2+] 0.728155 [3+] 0.364078 [4+] 0.364078 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.