Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/qtscrob-0.11+git/src/qt/src/about.cpp Examining data/qtscrob-0.11+git/src/qt/src/settings.cpp Examining data/qtscrob-0.11+git/src/qt/src/progress.cpp Examining data/qtscrob-0.11+git/src/qt/src/main.cpp Examining data/qtscrob-0.11+git/src/qt/src/help.cpp Examining data/qtscrob-0.11+git/src/qt/src/settings.h Examining data/qtscrob-0.11+git/src/qt/src/missingtimeprogress.cpp Examining data/qtscrob-0.11+git/src/qt/src/console.cpp Examining data/qtscrob-0.11+git/src/qt/src/missingtimeprogress.h Examining data/qtscrob-0.11+git/src/qt/src/about.h Examining data/qtscrob-0.11+git/src/qt/src/console.h Examining data/qtscrob-0.11+git/src/qt/src/help.h Examining data/qtscrob-0.11+git/src/qt/src/progress.h Examining data/qtscrob-0.11+git/src/qt/src/qtscrob.cpp Examining data/qtscrob-0.11+git/src/qt/src/qtscrob.h Examining data/qtscrob-0.11+git/src/cli/app.cpp Examining data/qtscrob-0.11+git/src/cli/scrobbler.cpp Examining data/qtscrob-0.11+git/src/cli/app.h Examining data/qtscrob-0.11+git/src/lib/common.cpp Examining data/qtscrob-0.11+git/src/lib/libscrobble.h Examining data/qtscrob-0.11+git/src/lib/parse-mtp.h Examining data/qtscrob-0.11+git/src/lib/parse.h Examining data/qtscrob-0.11+git/src/lib/conf.cpp Examining data/qtscrob-0.11+git/src/lib/parse-mtp-win32.cpp Examining data/qtscrob-0.11+git/src/lib/dbcache.cpp Examining data/qtscrob-0.11+git/src/lib/gettrackinfo.h Examining data/qtscrob-0.11+git/src/lib/dbcache.h Examining data/qtscrob-0.11+git/src/lib/parse-ipod.h Examining data/qtscrob-0.11+git/src/lib/parse-mtp-libmtp.cpp Examining data/qtscrob-0.11+git/src/lib/libscrobble.cpp Examining data/qtscrob-0.11+git/src/lib/common.h Examining data/qtscrob-0.11+git/src/lib/conf.h Examining data/qtscrob-0.11+git/src/lib/parse-log.h Examining data/qtscrob-0.11+git/src/lib/parse-ipod.cpp Examining data/qtscrob-0.11+git/src/lib/gettrackinfo.cpp Examining data/qtscrob-0.11+git/src/lib/parse-log.cpp Examining data/qtscrob-0.11+git/src/lib/submit.cpp Examining data/qtscrob-0.11+git/src/lib/submit.h Examining data/qtscrob-0.11+git/src/common/xgetopt.c Examining data/qtscrob-0.11+git/src/common/xgetopt.h FINAL RESULTS: data/qtscrob-0.11+git/src/cli/app.cpp:78:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc, argv, "c:dfhl:mnr:t:v:", data/qtscrob-0.11+git/src/common/xgetopt.c:47:5: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int getopt(int argc, char * const argv[], const char *optstring); data/qtscrob-0.11+git/src/common/xgetopt.c:48:5: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int getopt_long(int argc, char * const argv[], const char *optstring, data/qtscrob-0.11+git/src/common/xgetopt.c:430:5: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int getopt(int argc, char * const argv[], const char *optstring) data/qtscrob-0.11+git/src/common/xgetopt.c:440:5: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int getopt_long(int argc, char * const argv[], const char *optstring, data/qtscrob-0.11+git/src/common/xgetopt.c:510:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, shortopts, longopts, NULL)) != EOF) data/qtscrob-0.11+git/src/common/xgetopt.h:75:9: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. #define getopt _XLIB_getopt data/qtscrob-0.11+git/src/common/xgetopt.h:76:9: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. #define getopt_long _XLIB_getopt_long data/qtscrob-0.11+git/src/common/xgetopt.h:116:5: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int getopt(int argc, char * const argv[], const char *optstring); data/qtscrob-0.11+git/src/common/xgetopt.h:120:5: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int getopt_long(int argc, char * const argv[], const char *optstring, data/qtscrob-0.11+git/src/qt/src/main.cpp:74:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc, argv, "c:hv:", data/qtscrob-0.11+git/src/lib/dbcache.cpp:72:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool ok = db.open(); data/qtscrob-0.11+git/src/lib/libscrobble.cpp:547:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). parser->open(path, offset); data/qtscrob-0.11+git/src/lib/libscrobble.cpp:555:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). parser->open(path, offset); data/qtscrob-0.11+git/src/lib/parse-ipod.cpp:33:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void Parse_Ipod::open(QString folder_path, int tz) data/qtscrob-0.11+git/src/lib/parse-ipod.cpp:49:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!input_file.open(QIODevice::ReadOnly)) data/qtscrob-0.11+git/src/lib/parse-ipod.cpp:294:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!input_file.open(QFile::ReadOnly)) data/qtscrob-0.11+git/src/lib/parse-ipod.h:35:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual void open(QString, int); data/qtscrob-0.11+git/src/lib/parse-log.cpp:31:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void Parse_Log::open(QString folder_path, int tz) data/qtscrob-0.11+git/src/lib/parse-log.cpp:51:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!log_file.open(QIODevice::ReadOnly | QIODevice::Text)) data/qtscrob-0.11+git/src/lib/parse-log.h:31:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual void open(QString, int); data/qtscrob-0.11+git/src/lib/parse-mtp-libmtp.cpp:38:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void Parse_MTP::open(QString file_path, int tz) data/qtscrob-0.11+git/src/lib/parse-mtp-win32.cpp:33:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void Parse_MTP::open(QString file_path, int tz) data/qtscrob-0.11+git/src/lib/parse-mtp.h:40:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual void open(QString, int); data/qtscrob-0.11+git/src/lib/parse.h:31:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual void open(QString, int) = 0; data/qtscrob-0.11+git/src/qt/src/help.cpp:32:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::ReadOnly)) data/qtscrob-0.11+git/src/qt/src/qtscrob.cpp:300:2: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(SCROBBLE_LOG); data/qtscrob-0.11+git/src/qt/src/qtscrob.cpp:305:2: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(SCROBBLE_IPOD); data/qtscrob-0.11+git/src/qt/src/qtscrob.cpp:311:2: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(SCROBBLE_MTP); data/qtscrob-0.11+git/src/qt/src/qtscrob.cpp:315:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void QTScrob::open(SCROBBLE_METHOD method) { data/qtscrob-0.11+git/src/qt/src/qtscrob.h:130:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(SCROBBLE_METHOD); data/qtscrob-0.11+git/src/common/xgetopt.c:170:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). min = (eqp ? eqp - optarg : strlen(optarg)); data/qtscrob-0.11+git/src/common/xgetopt.c:173:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(longopts[i].name); ANALYSIS SUMMARY: Hits = 33 Lines analyzed = 6616 in approximately 0.20 seconds (33612 lines/second) Physical Source Lines of Code (SLOC) = 4747 Hits@level = [0] 12 [1] 2 [2] 20 [3] 11 [4] 0 [5] 0 Hits@level+ = [0+] 45 [1+] 33 [2+] 31 [3+] 11 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 9.47967 [1+] 6.95176 [2+] 6.53044 [3+] 2.31725 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.