Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/qtscrob-0.11+git/src/qt/src/about.cpp
Examining data/qtscrob-0.11+git/src/qt/src/settings.cpp
Examining data/qtscrob-0.11+git/src/qt/src/progress.cpp
Examining data/qtscrob-0.11+git/src/qt/src/main.cpp
Examining data/qtscrob-0.11+git/src/qt/src/help.cpp
Examining data/qtscrob-0.11+git/src/qt/src/settings.h
Examining data/qtscrob-0.11+git/src/qt/src/missingtimeprogress.cpp
Examining data/qtscrob-0.11+git/src/qt/src/console.cpp
Examining data/qtscrob-0.11+git/src/qt/src/missingtimeprogress.h
Examining data/qtscrob-0.11+git/src/qt/src/about.h
Examining data/qtscrob-0.11+git/src/qt/src/console.h
Examining data/qtscrob-0.11+git/src/qt/src/help.h
Examining data/qtscrob-0.11+git/src/qt/src/progress.h
Examining data/qtscrob-0.11+git/src/qt/src/qtscrob.cpp
Examining data/qtscrob-0.11+git/src/qt/src/qtscrob.h
Examining data/qtscrob-0.11+git/src/cli/app.cpp
Examining data/qtscrob-0.11+git/src/cli/scrobbler.cpp
Examining data/qtscrob-0.11+git/src/cli/app.h
Examining data/qtscrob-0.11+git/src/lib/common.cpp
Examining data/qtscrob-0.11+git/src/lib/libscrobble.h
Examining data/qtscrob-0.11+git/src/lib/parse-mtp.h
Examining data/qtscrob-0.11+git/src/lib/parse.h
Examining data/qtscrob-0.11+git/src/lib/conf.cpp
Examining data/qtscrob-0.11+git/src/lib/parse-mtp-win32.cpp
Examining data/qtscrob-0.11+git/src/lib/dbcache.cpp
Examining data/qtscrob-0.11+git/src/lib/gettrackinfo.h
Examining data/qtscrob-0.11+git/src/lib/dbcache.h
Examining data/qtscrob-0.11+git/src/lib/parse-ipod.h
Examining data/qtscrob-0.11+git/src/lib/parse-mtp-libmtp.cpp
Examining data/qtscrob-0.11+git/src/lib/libscrobble.cpp
Examining data/qtscrob-0.11+git/src/lib/common.h
Examining data/qtscrob-0.11+git/src/lib/conf.h
Examining data/qtscrob-0.11+git/src/lib/parse-log.h
Examining data/qtscrob-0.11+git/src/lib/parse-ipod.cpp
Examining data/qtscrob-0.11+git/src/lib/gettrackinfo.cpp
Examining data/qtscrob-0.11+git/src/lib/parse-log.cpp
Examining data/qtscrob-0.11+git/src/lib/submit.cpp
Examining data/qtscrob-0.11+git/src/lib/submit.h
Examining data/qtscrob-0.11+git/src/common/xgetopt.c
Examining data/qtscrob-0.11+git/src/common/xgetopt.h
FINAL RESULTS:
data/qtscrob-0.11+git/src/cli/app.cpp:78:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "c:dfhl:mnr:t:v:",
data/qtscrob-0.11+git/src/common/xgetopt.c:47:5: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt(int argc, char * const argv[], const char *optstring);
data/qtscrob-0.11+git/src/common/xgetopt.c:48:5: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt_long(int argc, char * const argv[], const char *optstring,
data/qtscrob-0.11+git/src/common/xgetopt.c:430:5: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt(int argc, char * const argv[], const char *optstring)
data/qtscrob-0.11+git/src/common/xgetopt.c:440:5: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt_long(int argc, char * const argv[], const char *optstring,
data/qtscrob-0.11+git/src/common/xgetopt.c:510:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long(argc, argv, shortopts, longopts, NULL)) != EOF)
data/qtscrob-0.11+git/src/common/xgetopt.h:75:9: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
#define getopt _XLIB_getopt
data/qtscrob-0.11+git/src/common/xgetopt.h:76:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
#define getopt_long _XLIB_getopt_long
data/qtscrob-0.11+git/src/common/xgetopt.h:116:5: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt(int argc, char * const argv[], const char *optstring);
data/qtscrob-0.11+git/src/common/xgetopt.h:120:5: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt_long(int argc, char * const argv[], const char *optstring,
data/qtscrob-0.11+git/src/qt/src/main.cpp:74:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "c:hv:",
data/qtscrob-0.11+git/src/lib/dbcache.cpp:72:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool ok = db.open();
data/qtscrob-0.11+git/src/lib/libscrobble.cpp:547:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
parser->open(path, offset);
data/qtscrob-0.11+git/src/lib/libscrobble.cpp:555:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
parser->open(path, offset);
data/qtscrob-0.11+git/src/lib/parse-ipod.cpp:33:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void Parse_Ipod::open(QString folder_path, int tz)
data/qtscrob-0.11+git/src/lib/parse-ipod.cpp:49:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!input_file.open(QIODevice::ReadOnly))
data/qtscrob-0.11+git/src/lib/parse-ipod.cpp:294:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!input_file.open(QFile::ReadOnly))
data/qtscrob-0.11+git/src/lib/parse-ipod.h:35:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual void open(QString, int);
data/qtscrob-0.11+git/src/lib/parse-log.cpp:31:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void Parse_Log::open(QString folder_path, int tz)
data/qtscrob-0.11+git/src/lib/parse-log.cpp:51:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!log_file.open(QIODevice::ReadOnly | QIODevice::Text))
data/qtscrob-0.11+git/src/lib/parse-log.h:31:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual void open(QString, int);
data/qtscrob-0.11+git/src/lib/parse-mtp-libmtp.cpp:38:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void Parse_MTP::open(QString file_path, int tz)
data/qtscrob-0.11+git/src/lib/parse-mtp-win32.cpp:33:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void Parse_MTP::open(QString file_path, int tz)
data/qtscrob-0.11+git/src/lib/parse-mtp.h:40:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual void open(QString, int);
data/qtscrob-0.11+git/src/lib/parse.h:31:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual void open(QString, int) = 0;
data/qtscrob-0.11+git/src/qt/src/help.cpp:32:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly))
data/qtscrob-0.11+git/src/qt/src/qtscrob.cpp:300:2: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(SCROBBLE_LOG);
data/qtscrob-0.11+git/src/qt/src/qtscrob.cpp:305:2: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(SCROBBLE_IPOD);
data/qtscrob-0.11+git/src/qt/src/qtscrob.cpp:311:2: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(SCROBBLE_MTP);
data/qtscrob-0.11+git/src/qt/src/qtscrob.cpp:315:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void QTScrob::open(SCROBBLE_METHOD method) {
data/qtscrob-0.11+git/src/qt/src/qtscrob.h:130:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(SCROBBLE_METHOD);
data/qtscrob-0.11+git/src/common/xgetopt.c:170:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
min = (eqp ? eqp - optarg : strlen(optarg));
data/qtscrob-0.11+git/src/common/xgetopt.c:173:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(longopts[i].name);
ANALYSIS SUMMARY:
Hits = 33
Lines analyzed = 6616 in approximately 0.20 seconds (33612 lines/second)
Physical Source Lines of Code (SLOC) = 4747
Hits@level = [0] 12 [1] 2 [2] 20 [3] 11 [4] 0 [5] 0
Hits@level+ = [0+] 45 [1+] 33 [2+] 31 [3+] 11 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 9.47967 [1+] 6.95176 [2+] 6.53044 [3+] 2.31725 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.