stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/stretchplayer-0.503/src/AudioSystem.hpp
Examining data/stretchplayer-0.503/src/Engine.cpp
Examining data/stretchplayer-0.503/src/Engine.hpp
Examining data/stretchplayer-0.503/src/JackAudioSystem.hpp
Examining data/stretchplayer-0.503/src/Marquee.cpp
Examining data/stretchplayer-0.503/src/Marquee.hpp
Examining data/stretchplayer-0.503/src/PlayerSizes.cpp
Examining data/stretchplayer-0.503/src/PlayerSizes.hpp
Examining data/stretchplayer-0.503/src/PlayerWidget.cpp
Examining data/stretchplayer-0.503/src/PlayerWidget.hpp
Examining data/stretchplayer-0.503/src/RingBuffer.hpp
Examining data/stretchplayer-0.503/src/StatusWidget.cpp
Examining data/stretchplayer-0.503/src/StatusWidget.hpp
Examining data/stretchplayer-0.503/src/ThinSlider.cpp
Examining data/stretchplayer-0.503/src/ThinSlider.hpp
Examining data/stretchplayer-0.503/src/main.cpp
Examining data/stretchplayer-0.503/src/JackAudioSystem.cpp

FINAL RESULTS:

data/stretchplayer-0.503/src/PlayerWidget.cpp:416:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	_ico.open.addFile(":img/file.png");
data/stretchplayer-0.503/src/PlayerWidget.cpp:457:27:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	_act.open->setIcon( _ico.open );
data/stretchplayer-0.503/src/PlayerWidget.cpp:458:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	addAction(_act.open);
data/stretchplayer-0.503/src/PlayerWidget.cpp:459:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	connect(_act.open, SIGNAL(triggered()),
data/stretchplayer-0.503/src/PlayerWidget.cpp:552:35:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	_btn.open->setDefaultAction(_act.open);
data/stretchplayer-0.503/src/PlayerWidget.hpp:103:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	QIcon open;
data/stretchplayer-0.503/src/PlayerWidget.hpp:110:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	QAction *open;
data/stretchplayer-0.503/src/PlayerWidget.hpp:125:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	QToolButton *open;
data/stretchplayer-0.503/src/RingBuffer.hpp:156:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy (dest, &buf[priv_read_idx], n1 * sizeof (T));
data/stretchplayer-0.503/src/RingBuffer.hpp:160:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy (dest+n1, buf, n2 * sizeof (T));
data/stretchplayer-0.503/src/RingBuffer.hpp:196:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy (&buf[priv_write_idx], src, n1 * sizeof (T));
data/stretchplayer-0.503/src/RingBuffer.hpp:200:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy (buf, src+n1, n2 * sizeof (T));
data/stretchplayer-0.503/src/Engine.cpp:259:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	sf_count_t read, k;
data/stretchplayer-0.503/src/Engine.cpp:263:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	    if( read < 1 ) break;
data/stretchplayer-0.503/src/Engine.cpp:264:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	    for(k=0 ; k<read ; ++k) {
data/stretchplayer-0.503/src/RingBuffer.hpp:65:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	guint read  (T *dest, guint cnt);
data/stretchplayer-0.503/src/RingBuffer.hpp:130:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
RingBuffer<T>::read (T *dest, guint cnt)

ANALYSIS SUMMARY:

Hits = 17
Lines analyzed = 3308 in approximately 0.08 seconds (42003 lines/second)
Physical Source Lines of Code (SLOC) = 2344
Hits@level = [0]   0 [1]   5 [2]  12 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  17 [1+]  17 [2+]  12 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 7.25256 [1+] 7.25256 [2+] 5.11945 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.