Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/threadweaver-5.74.0/autotests/WaitForIdleAndFinished.h Examining data/threadweaver-5.74.0/autotests/JobTests.cpp Examining data/threadweaver-5.74.0/autotests/JobLoggingWeaver.h Examining data/threadweaver-5.74.0/autotests/LifecycleTests.cpp Examining data/threadweaver-5.74.0/autotests/JobTests.h Examining data/threadweaver-5.74.0/autotests/SequencesTests.cpp Examining data/threadweaver-5.74.0/autotests/QueueTests.cpp Examining data/threadweaver-5.74.0/autotests/ShutdownOnQApplicationQuitTests.cpp Examining data/threadweaver-5.74.0/autotests/AppendCharacterAndVerifyJob.h Examining data/threadweaver-5.74.0/autotests/DeleteTest.cpp Examining data/threadweaver-5.74.0/autotests/WaitForIdleAndFinished.cpp Examining data/threadweaver-5.74.0/autotests/AppendCharacterAndVerifyJob.cpp Examining data/threadweaver-5.74.0/autotests/SequencesTests.h Examining data/threadweaver-5.74.0/autotests/QueueTests.h Examining data/threadweaver-5.74.0/autotests/DeleteTest.h Examining data/threadweaver-5.74.0/autotests/JobLoggingDecorator.h Examining data/threadweaver-5.74.0/autotests/AppendCharacterJob.h Examining data/threadweaver-5.74.0/autotests/QueueFactoryTests.cpp Examining data/threadweaver-5.74.0/autotests/JobLoggingDecorator.cpp Examining data/threadweaver-5.74.0/autotests/JobLoggingWeaver.cpp Examining data/threadweaver-5.74.0/benchmarks/QueueBenchmarks.cpp Examining data/threadweaver-5.74.0/examples/HelloWorld/HelloWorld.cpp Examining data/threadweaver-5.74.0/examples/HelloWorldRaw/HelloWorldRaw.cpp Examining data/threadweaver-5.74.0/examples/ThumbNailer/Benchmark.h Examining data/threadweaver-5.74.0/examples/ThumbNailer/Model.cpp Examining data/threadweaver-5.74.0/examples/ThumbNailer/Model.h Examining data/threadweaver-5.74.0/examples/ThumbNailer/ComputeThumbNailJob.h Examining data/threadweaver-5.74.0/examples/ThumbNailer/ItemDelegate.cpp Examining data/threadweaver-5.74.0/examples/ThumbNailer/ImageLoaderJob.cpp Examining data/threadweaver-5.74.0/examples/ThumbNailer/AverageLoadManager.h Examining data/threadweaver-5.74.0/examples/ThumbNailer/FileLoaderJob.cpp Examining data/threadweaver-5.74.0/examples/ThumbNailer/ComputeThumbNailJob.cpp Examining data/threadweaver-5.74.0/examples/ThumbNailer/Image.h Examining data/threadweaver-5.74.0/examples/ThumbNailer/ImageListFilter.cpp Examining data/threadweaver-5.74.0/examples/ThumbNailer/MainWindow.h Examining data/threadweaver-5.74.0/examples/ThumbNailer/ThumbNailer.cpp Examining data/threadweaver-5.74.0/examples/ThumbNailer/PriorityDecorator.h Examining data/threadweaver-5.74.0/examples/ThumbNailer/Benchmark.cpp Examining data/threadweaver-5.74.0/examples/ThumbNailer/ImageListFilter.h Examining data/threadweaver-5.74.0/examples/ThumbNailer/Progress.h Examining data/threadweaver-5.74.0/examples/ThumbNailer/PriorityDecorator.cpp Examining data/threadweaver-5.74.0/examples/ThumbNailer/ImageLoaderJob.h Examining data/threadweaver-5.74.0/examples/ThumbNailer/AverageLoadManager.cpp Examining data/threadweaver-5.74.0/examples/ThumbNailer/ItemDelegate.h Examining data/threadweaver-5.74.0/examples/ThumbNailer/FileLoaderJob.h Examining data/threadweaver-5.74.0/examples/ThumbNailer/Image.cpp Examining data/threadweaver-5.74.0/examples/ThumbNailer/MainWindow.cpp Examining data/threadweaver-5.74.0/examples/HelloInternet/ViewController.h Examining data/threadweaver-5.74.0/examples/HelloInternet/ViewController.cpp Examining data/threadweaver-5.74.0/examples/HelloInternet/MainWidget.cpp Examining data/threadweaver-5.74.0/examples/HelloInternet/main.cpp Examining data/threadweaver-5.74.0/examples/HelloInternet/MainWidget.h Examining data/threadweaver-5.74.0/src/executewrapper.cpp Examining data/threadweaver-5.74.0/src/iddecorator.cpp Examining data/threadweaver-5.74.0/src/sequence_p.cpp Examining data/threadweaver-5.74.0/src/collection_p.h Examining data/threadweaver-5.74.0/src/jobinterface.h Examining data/threadweaver-5.74.0/src/exception.h Examining data/threadweaver-5.74.0/src/queuesignals.cpp Examining data/threadweaver-5.74.0/src/collection_p.cpp Examining data/threadweaver-5.74.0/src/jobpointer.h Examining data/threadweaver-5.74.0/src/state.cpp Examining data/threadweaver-5.74.0/src/suspendingstate.cpp Examining data/threadweaver-5.74.0/src/resourcerestrictionpolicy.h Examining data/threadweaver-5.74.0/src/collection.cpp Examining data/threadweaver-5.74.0/src/debuggingaids.h Examining data/threadweaver-5.74.0/src/shuttingdownstate.cpp Examining data/threadweaver-5.74.0/src/queuesignals_p.cpp Examining data/threadweaver-5.74.0/src/queue.cpp Examining data/threadweaver-5.74.0/src/managedjobpointer.h Examining data/threadweaver-5.74.0/src/dependency.h Examining data/threadweaver-5.74.0/src/weaverimplstate.h Examining data/threadweaver-5.74.0/src/qobjectdecorator.cpp Examining data/threadweaver-5.74.0/src/executor_p.h Examining data/threadweaver-5.74.0/src/qobjectdecorator.h Examining data/threadweaver-5.74.0/src/threadweaver.cpp Examining data/threadweaver-5.74.0/src/suspendedstate.h Examining data/threadweaver-5.74.0/src/queuestream.cpp Examining data/threadweaver-5.74.0/src/job.cpp Examining data/threadweaver-5.74.0/src/job_p.cpp Examining data/threadweaver-5.74.0/src/sequence_p.h Examining data/threadweaver-5.74.0/src/queueapi.cpp Examining data/threadweaver-5.74.0/src/weaver.h Examining data/threadweaver-5.74.0/src/dependencypolicy.h Examining data/threadweaver-5.74.0/src/weaverimplstate.cpp Examining data/threadweaver-5.74.0/src/queuestream.h Examining data/threadweaver-5.74.0/src/queueapi.h Examining data/threadweaver-5.74.0/src/inconstructionstate.cpp Examining data/threadweaver-5.74.0/src/destructedstate.h Examining data/threadweaver-5.74.0/src/queue.h Examining data/threadweaver-5.74.0/src/shuttingdownstate.h Examining data/threadweaver-5.74.0/src/queueing.h Examining data/threadweaver-5.74.0/src/debuggingaids.cpp Examining data/threadweaver-5.74.0/src/workinghardstate.cpp Examining data/threadweaver-5.74.0/src/collection.h Examining data/threadweaver-5.74.0/src/inconstructionstate.h Examining data/threadweaver-5.74.0/src/weaver_p.cpp Examining data/threadweaver-5.74.0/src/destructedstate.cpp Examining data/threadweaver-5.74.0/src/thread.cpp Examining data/threadweaver-5.74.0/src/thread.h Examining data/threadweaver-5.74.0/src/dependencypolicy.cpp Examining data/threadweaver-5.74.0/src/weaver.cpp Examining data/threadweaver-5.74.0/src/workinghardstate.h Examining data/threadweaver-5.74.0/src/lambda.h Examining data/threadweaver-5.74.0/src/job_p.h Examining data/threadweaver-5.74.0/src/state.h Examining data/threadweaver-5.74.0/src/executor.cpp Examining data/threadweaver-5.74.0/src/weaver_p.h Examining data/threadweaver-5.74.0/src/dependency.cpp Examining data/threadweaver-5.74.0/src/exception.cpp Examining data/threadweaver-5.74.0/src/sequence.h Examining data/threadweaver-5.74.0/src/threadweaver.h Examining data/threadweaver-5.74.0/src/resourcerestrictionpolicy.cpp Examining data/threadweaver-5.74.0/src/weaverinterface.h Examining data/threadweaver-5.74.0/src/suspendedstate.cpp Examining data/threadweaver-5.74.0/src/queuesignals_p.h Examining data/threadweaver-5.74.0/src/suspendingstate.h Examining data/threadweaver-5.74.0/src/queuesignals.h Examining data/threadweaver-5.74.0/src/queuepolicy.h Examining data/threadweaver-5.74.0/src/queueinterface.h Examining data/threadweaver-5.74.0/src/executewrapper_p.h Examining data/threadweaver-5.74.0/src/job.h Examining data/threadweaver-5.74.0/src/iddecorator.h Examining data/threadweaver-5.74.0/src/sequence.cpp FINAL RESULTS: data/threadweaver-5.74.0/src/debuggingaids.h:62:23: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((format(printf, 2, 3))) data/threadweaver-5.74.0/src/debuggingaids.h:69:23: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((format(printf, 3, 4))) data/threadweaver-5.74.0/src/debuggingaids.h:103:17: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. PROTECT(vprintf(cformat, ap)); data/threadweaver-5.74.0/src/debuggingaids.h:115:17: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. PROTECT(vprintf(cformat, ap)); data/threadweaver-5.74.0/autotests/JobTests.cpp:680:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(1); data/threadweaver-5.74.0/examples/ThumbNailer/Image.cpp:89:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly)) { data/threadweaver-5.74.0/examples/ThumbNailer/Image.cpp:108:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in.open(QIODevice::ReadOnly); data/threadweaver-5.74.0/src/state.cpp:18:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *const StateNames[NoOfStates] = { data/threadweaver-5.74.0/autotests/JobTests.cpp:674:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int SizeOfAlphabet = strlen(Alphabet); data/threadweaver-5.74.0/examples/ThumbNailer/Image.cpp:110:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_image = reader.read(); ANALYSIS SUMMARY: Hits = 10 Lines analyzed = 10672 in approximately 0.28 seconds (37968 lines/second) Physical Source Lines of Code (SLOC) = 7137 Hits@level = [0] 0 [1] 2 [2] 3 [3] 1 [4] 4 [5] 0 Hits@level+ = [0+] 10 [1+] 10 [2+] 8 [3+] 5 [4+] 4 [5+] 0 Hits/KSLOC@level+ = [0+] 1.40115 [1+] 1.40115 [2+] 1.12092 [3+] 0.700574 [4+] 0.56046 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.