Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/photoflare-1.6.6/external/qt-solutions/qtsingleapplication/qtlocalpeer.cpp Examining data/photoflare-1.6.6/external/qt-solutions/qtsingleapplication/qtlocalpeer.h Examining data/photoflare-1.6.6/external/qt-solutions/qtsingleapplication/qtlockedfile.cpp Examining data/photoflare-1.6.6/external/qt-solutions/qtsingleapplication/qtlockedfile.h Examining data/photoflare-1.6.6/external/qt-solutions/qtsingleapplication/qtlockedfile_unix.cpp Examining data/photoflare-1.6.6/external/qt-solutions/qtsingleapplication/qtlockedfile_win.cpp Examining data/photoflare-1.6.6/external/qt-solutions/qtsingleapplication/qtsingleapplication.cpp Examining data/photoflare-1.6.6/external/qt-solutions/qtsingleapplication/qtsingleapplication.h Examining data/photoflare-1.6.6/external/qt-solutions/qtsingleapplication/qtsinglecoreapplication.cpp Examining data/photoflare-1.6.6/external/qt-solutions/qtsingleapplication/qtsinglecoreapplication.h Examining data/photoflare-1.6.6/src/Settings.cpp Examining data/photoflare-1.6.6/src/Settings.h Examining data/photoflare-1.6.6/src/dialogs/NewDialog.cpp Examining data/photoflare-1.6.6/src/dialogs/NewDialog.h Examining data/photoflare-1.6.6/src/dialogs/aboutdialog.cpp Examining data/photoflare-1.6.6/src/dialogs/aboutdialog.h Examining data/photoflare-1.6.6/src/dialogs/batchdialog.cpp Examining data/photoflare-1.6.6/src/dialogs/batchdialog.h Examining data/photoflare-1.6.6/src/dialogs/checkupdatedialog.cpp Examining data/photoflare-1.6.6/src/dialogs/checkupdatedialog.h Examining data/photoflare-1.6.6/src/dialogs/colourmanagerdialog.cpp Examining data/photoflare-1.6.6/src/dialogs/colourmanagerdialog.h Examining data/photoflare-1.6.6/src/dialogs/compressiondialog.cpp Examining data/photoflare-1.6.6/src/dialogs/compressiondialog.h Examining data/photoflare-1.6.6/src/dialogs/dropshadowdialog.cpp Examining data/photoflare-1.6.6/src/dialogs/dropshadowdialog.h Examining data/photoflare-1.6.6/src/dialogs/gradientdialog.cpp Examining data/photoflare-1.6.6/src/dialogs/gradientdialog.h Examining data/photoflare-1.6.6/src/dialogs/huedialog.cpp Examining data/photoflare-1.6.6/src/dialogs/huedialog.h Examining data/photoflare-1.6.6/src/dialogs/imagepropertiesdialog.cpp Examining data/photoflare-1.6.6/src/dialogs/imagepropertiesdialog.h Examining data/photoflare-1.6.6/src/dialogs/outerframedialog.cpp Examining data/photoflare-1.6.6/src/dialogs/outerframedialog.h Examining data/photoflare-1.6.6/src/dialogs/plugindialog.cpp Examining data/photoflare-1.6.6/src/dialogs/plugindialog.h Examining data/photoflare-1.6.6/src/dialogs/prefsdialog.cpp Examining data/photoflare-1.6.6/src/dialogs/prefsdialog.h Examining data/photoflare-1.6.6/src/dialogs/textdialog.cpp Examining data/photoflare-1.6.6/src/dialogs/textdialog.h Examining data/photoflare-1.6.6/src/dialogs/transparentdialog.cpp Examining data/photoflare-1.6.6/src/dialogs/transparentdialog.h Examining data/photoflare-1.6.6/src/main.cpp Examining data/photoflare-1.6.6/src/mainwindow.cpp Examining data/photoflare-1.6.6/src/mainwindow.h Examining data/photoflare-1.6.6/src/managers/FilterManager.cpp Examining data/photoflare-1.6.6/src/managers/FilterManager.h Examining data/photoflare-1.6.6/src/managers/ToolManager.cpp Examining data/photoflare-1.6.6/src/managers/ToolManager.h Examining data/photoflare-1.6.6/src/progress/QProgressIndicator.cpp Examining data/photoflare-1.6.6/src/progress/QProgressIndicator.h Examining data/photoflare-1.6.6/src/progress/batchprogress.cpp Examining data/photoflare-1.6.6/src/progress/batchprogress.h Examining data/photoflare-1.6.6/src/toolSettings/BlurSettingsWidget.cpp Examining data/photoflare-1.6.6/src/toolSettings/BlurSettingsWidget.h Examining data/photoflare-1.6.6/src/toolSettings/LineSettingsWidget.cpp Examining data/photoflare-1.6.6/src/toolSettings/LineSettingsWidget.h Examining data/photoflare-1.6.6/src/toolSettings/MagicWandSettingsWidget.cpp Examining data/photoflare-1.6.6/src/toolSettings/MagicWandSettingsWidget.h Examining data/photoflare-1.6.6/src/toolSettings/PaintBrushAdvSettingsWidget.cpp Examining data/photoflare-1.6.6/src/toolSettings/PaintBrushAdvSettingsWidget.h Examining data/photoflare-1.6.6/src/toolSettings/PaintBrushSettingsWidget.cpp Examining data/photoflare-1.6.6/src/toolSettings/PaintBrushSettingsWidget.h Examining data/photoflare-1.6.6/src/toolSettings/SmudgeSettingsWidget.cpp Examining data/photoflare-1.6.6/src/toolSettings/SmudgeSettingsWidget.h Examining data/photoflare-1.6.6/src/toolSettings/SprayCanSettingsWidget.cpp Examining data/photoflare-1.6.6/src/toolSettings/SprayCanSettingsWidget.h Examining data/photoflare-1.6.6/src/toolSettings/StampSettingsWidget.cpp Examining data/photoflare-1.6.6/src/toolSettings/StampSettingsWidget.h Examining data/photoflare-1.6.6/src/toolSettings/erasersettingswidget.cpp Examining data/photoflare-1.6.6/src/toolSettings/erasersettingswidget.h Examining data/photoflare-1.6.6/src/toolSettings/pointersettingswidget.cpp Examining data/photoflare-1.6.6/src/toolSettings/pointersettingswidget.h Examining data/photoflare-1.6.6/src/tools/BlurTool.cpp Examining data/photoflare-1.6.6/src/tools/BlurTool.h Examining data/photoflare-1.6.6/src/tools/ColourPickerTool.cpp Examining data/photoflare-1.6.6/src/tools/ColourPickerTool.h Examining data/photoflare-1.6.6/src/tools/EraserTool.cpp Examining data/photoflare-1.6.6/src/tools/EraserTool.h Examining data/photoflare-1.6.6/src/tools/LineTool.cpp Examining data/photoflare-1.6.6/src/tools/LineTool.h Examining data/photoflare-1.6.6/src/tools/MagicWandTool.cpp Examining data/photoflare-1.6.6/src/tools/MagicWandTool.h Examining data/photoflare-1.6.6/src/tools/PaintBrushAdvTool.cpp Examining data/photoflare-1.6.6/src/tools/PaintBrushAdvTool.h Examining data/photoflare-1.6.6/src/tools/PaintBrushTool.cpp Examining data/photoflare-1.6.6/src/tools/PaintBrushTool.h Examining data/photoflare-1.6.6/src/tools/PaintBucketTool.cpp Examining data/photoflare-1.6.6/src/tools/PaintBucketTool.h Examining data/photoflare-1.6.6/src/tools/PointerTool.cpp Examining data/photoflare-1.6.6/src/tools/PointerTool.h Examining data/photoflare-1.6.6/src/tools/SmudgeTool.cpp Examining data/photoflare-1.6.6/src/tools/SmudgeTool.h Examining data/photoflare-1.6.6/src/tools/SprayCanTool.cpp Examining data/photoflare-1.6.6/src/tools/SprayCanTool.h Examining data/photoflare-1.6.6/src/tools/StampTool.cpp Examining data/photoflare-1.6.6/src/tools/StampTool.h Examining data/photoflare-1.6.6/src/tools/TextTool.cpp Examining data/photoflare-1.6.6/src/tools/TextTool.h Examining data/photoflare-1.6.6/src/tools/Tool.cpp Examining data/photoflare-1.6.6/src/tools/Tool.h Examining data/photoflare-1.6.6/src/widgets/PaintWidget.cpp Examining data/photoflare-1.6.6/src/widgets/PaintWidget.h Examining data/photoflare-1.6.6/src/widgets/brushtypecombobox.cpp Examining data/photoflare-1.6.6/src/widgets/brushtypecombobox.h Examining data/photoflare-1.6.6/src/widgets/colorboxwidget.cpp Examining data/photoflare-1.6.6/src/widgets/colorboxwidget.h Examining data/photoflare-1.6.6/src/widgets/imagepositionwidget.cpp Examining data/photoflare-1.6.6/src/widgets/imagepositionwidget.h Examining data/photoflare-1.6.6/src/workers/BatchProcessWorker.cpp Examining data/photoflare-1.6.6/src/workers/BatchProcessWorker.h Examining data/photoflare-1.6.6/src/workers/filterworker.cpp Examining data/photoflare-1.6.6/src/workers/filterworker.h Examining data/photoflare-1.6.6/src/workers/filterworkermp.cpp Examining data/photoflare-1.6.6/src/workers/filterworkermp.h FINAL RESULTS: data/photoflare-1.6.6/src/main.cpp:64:70: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. QString sysLanguage = QLocale::countryToString(QLocale::system().country()); data/photoflare-1.6.6/external/qt-solutions/qtsingleapplication/qtlocalpeer.cpp:108:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). lockFile.open(QIODevice::ReadWrite); data/photoflare-1.6.6/external/qt-solutions/qtsingleapplication/qtlockedfile.cpp:123:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool QtLockedFile::open(OpenMode mode) data/photoflare-1.6.6/external/qt-solutions/qtsingleapplication/qtlockedfile.cpp:129:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return QFile::open(mode); data/photoflare-1.6.6/external/qt-solutions/qtsingleapplication/qtlockedfile.h:76:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(OpenMode mode); data/photoflare-1.6.6/src/managers/FilterManager.cpp:47:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::WriteOnly); data/photoflare-1.6.6/external/qt-solutions/qtsingleapplication/qtlocalpeer.cpp:167:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). res &= (socket.read(qstrlen(ack)) == ack); data/photoflare-1.6.6/src/widgets/PaintWidget.cpp:306:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QImage raw = reader.read(); ANALYSIS SUMMARY: Hits = 8 Lines analyzed = 16824 in approximately 0.47 seconds (36117 lines/second) Physical Source Lines of Code (SLOC) = 11682 Hits@level = [0] 0 [1] 2 [2] 5 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 8 [1+] 8 [2+] 6 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 0.684814 [1+] 0.684814 [2+] 0.513611 [3+] 0.0856018 [4+] 0.0856018 [5+] 0 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.