Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tiatracker-1.3/timeline.h
Examining data/tiatracker-1.3/tracktab.cpp
Examining data/tiatracker-1.3/tiasound/instrumentpitchguide.h
Examining data/tiatracker-1.3/tiasound/pitchguide.cpp
Examining data/tiatracker-1.3/tiasound/instrumentpitchguide.cpp
Examining data/tiatracker-1.3/tiasound/pitchguidefactory.cpp
Examining data/tiatracker-1.3/tiasound/tiasound.h
Examining data/tiatracker-1.3/tiasound/pitchguidefactory.h
Examining data/tiatracker-1.3/tiasound/tiasound.cpp
Examining data/tiatracker-1.3/tiasound/pitchguide.h
Examining data/tiatracker-1.3/insertpatterndialog.cpp
Examining data/tiatracker-1.3/instrumentselector.cpp
Examining data/tiatracker-1.3/pianokeyboard.cpp
Examining data/tiatracker-1.3/renamepatterndialog.cpp
Examining data/tiatracker-1.3/setfrequencydialog.h
Examining data/tiatracker-1.3/instrumentselector.h
Examining data/tiatracker-1.3/pianokeyboard.h
Examining data/tiatracker-1.3/createguidedialog.cpp
Examining data/tiatracker-1.3/createpatterndialog.h
Examining data/tiatracker-1.3/percussionshaper.h
Examining data/tiatracker-1.3/createguidedialog.h
Examining data/tiatracker-1.3/mainwindow.h
Examining data/tiatracker-1.3/createpatterndialog.cpp
Examining data/tiatracker-1.3/insertpatterndialog.h
Examining data/tiatracker-1.3/optionstab.cpp
Examining data/tiatracker-1.3/waveformshaper.h
Examining data/tiatracker-1.3/optionstab.h
Examining data/tiatracker-1.3/timeline.cpp
Examining data/tiatracker-1.3/renamepatterndialog.h
Examining data/tiatracker-1.3/setfrequencydialog.cpp
Examining data/tiatracker-1.3/setslidedialog.cpp
Examining data/tiatracker-1.3/percussionshaper.cpp
Examining data/tiatracker-1.3/instrumentstab.h
Examining data/tiatracker-1.3/guidekeyboard.h
Examining data/tiatracker-1.3/setslidedialog.h
Examining data/tiatracker-1.3/track/track.cpp
Examining data/tiatracker-1.3/track/note.cpp
Examining data/tiatracker-1.3/track/sequence.cpp
Examining data/tiatracker-1.3/track/sequence.h
Examining data/tiatracker-1.3/track/pattern.cpp
Examining data/tiatracker-1.3/track/sequenceentry.cpp
Examining data/tiatracker-1.3/track/instrument.cpp
Examining data/tiatracker-1.3/track/percussion.h
Examining data/tiatracker-1.3/track/instrument.h
Examining data/tiatracker-1.3/track/note.h
Examining data/tiatracker-1.3/track/percussion.cpp
Examining data/tiatracker-1.3/track/pattern.h
Examining data/tiatracker-1.3/track/sequenceentry.h
Examining data/tiatracker-1.3/track/track.h
Examining data/tiatracker-1.3/guidekeyboard.cpp
Examining data/tiatracker-1.3/main.cpp
Examining data/tiatracker-1.3/patterneditor.h
Examining data/tiatracker-1.3/patterneditor.cpp
Examining data/tiatracker-1.3/emulation/player.cpp
Examining data/tiatracker-1.3/emulation/player.h
Examining data/tiatracker-1.3/emulation/TIASnd.cpp
Examining data/tiatracker-1.3/emulation/SoundSDL2.cpp
Examining data/tiatracker-1.3/emulation/TIASnd.h
Examining data/tiatracker-1.3/emulation/bspf.h
Examining data/tiatracker-1.3/emulation/SoundSDL2.h
Examining data/tiatracker-1.3/percussiontab.h
Examining data/tiatracker-1.3/mainwindow.cpp
Examining data/tiatracker-1.3/setgotodialog.cpp
Examining data/tiatracker-1.3/waveformshaper.cpp
Examining data/tiatracker-1.3/envelopeshaper.h
Examining data/tiatracker-1.3/percussiontab.cpp
Examining data/tiatracker-1.3/aboutdialog.h
Examining data/tiatracker-1.3/instrumentstab.cpp
Examining data/tiatracker-1.3/setgotodialog.h
Examining data/tiatracker-1.3/tracktab.h
Examining data/tiatracker-1.3/aboutdialog.cpp
Examining data/tiatracker-1.3/envelopeshaper.cpp
FINAL RESULTS:
data/tiatracker-1.3/emulation/bspf.h:95:25: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define BSPF_snprintf _snprintf
data/tiatracker-1.3/emulation/bspf.h:100:25: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define BSPF_snprintf snprintf
data/tiatracker-1.3/emulation/bspf.h:101:26: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define BSPF_vsnprintf vsnprintf
data/tiatracker-1.3/emulation/SoundSDL2.cpp:97:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void SoundSDL2::open()
data/tiatracker-1.3/emulation/SoundSDL2.h:92:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open();
data/tiatracker-1.3/emulation/player.cpp:29:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sdlSound.open();
data/tiatracker-1.3/emulation/player.cpp:56:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sdlSound.open();
data/tiatracker-1.3/instrumentstab.cpp:225:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!saveFile.open(QIODevice::WriteOnly)) {
data/tiatracker-1.3/instrumentstab.cpp:277:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!loadFile.open(QIODevice::ReadOnly)) {
data/tiatracker-1.3/main.cpp:47:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
styleFile.open(QFile::ReadOnly);
data/tiatracker-1.3/mainwindow.cpp:106:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!keymapFile.open(QIODevice::ReadOnly)) {
data/tiatracker-1.3/mainwindow.cpp:455:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!saveFile.open(QIODevice::WriteOnly)) {
data/tiatracker-1.3/mainwindow.cpp:471:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!loadFile.open(QIODevice::ReadOnly)) {
data/tiatracker-1.3/mainwindow.cpp:827:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!fileIn.open(QIODevice::ReadOnly)) {
data/tiatracker-1.3/mainwindow.cpp:841:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!outFile.open(QIODevice::WriteOnly)) {
data/tiatracker-1.3/mainwindow.cpp:2009:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!outFile.open(QIODevice::WriteOnly)) {
data/tiatracker-1.3/optionstab.cpp:165:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!loadFile.open(QIODevice::ReadOnly)) {
data/tiatracker-1.3/optionstab.cpp:209:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!saveFile.open(QIODevice::WriteOnly)) {
data/tiatracker-1.3/percussiontab.cpp:190:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!saveFile.open(QIODevice::WriteOnly)) {
data/tiatracker-1.3/percussiontab.cpp:242:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!loadFile.open(QIODevice::ReadOnly)) {
data/tiatracker-1.3/emulation/bspf.h:144:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return _strnicmp(s1, s2, strlen(s2)) == 0;
data/tiatracker-1.3/emulation/bspf.h:146:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strncasecmp(s1, s2, strlen(s2)) == 0;
ANALYSIS SUMMARY:
Hits = 22
Lines analyzed = 12701 in approximately 0.33 seconds (37992 lines/second)
Physical Source Lines of Code (SLOC) = 8875
Hits@level = [0] 0 [1] 2 [2] 17 [3] 0 [4] 3 [5] 0
Hits@level+ = [0+] 22 [1+] 22 [2+] 20 [3+] 3 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 2.47887 [1+] 2.47887 [2+] 2.25352 [3+] 0.338028 [4+] 0.338028 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.