Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/vokoscreen-ng-3.0.7/src/QGlobalShortcut/qglobalshortcut.h
Examining data/vokoscreen-ng-3.0.7/src/QGlobalShortcut/win/qglobalshortcut.cpp
Examining data/vokoscreen-ng-3.0.7/src/QGlobalShortcut/x11/qglobalshortcut.cpp
Examining data/vokoscreen-ng-3.0.7/src/QvkGlobalShortcut/QvkGlobalShortcut.cpp
Examining data/vokoscreen-ng-3.0.7/src/QvkGlobalShortcut/QvkGlobalShortcut.h
Examining data/vokoscreen-ng-3.0.7/src/audio/linux/QvkAudioController.cpp
Examining data/vokoscreen-ng-3.0.7/src/audio/linux/QvkAudioController.h
Examining data/vokoscreen-ng-3.0.7/src/audio/linux/QvkDevices.c
Examining data/vokoscreen-ng-3.0.7/src/audio/linux/QvkDevices.h
Examining data/vokoscreen-ng-3.0.7/src/audio/linux/QvkPulseAudioDevices.cpp
Examining data/vokoscreen-ng-3.0.7/src/audio/linux/QvkPulseAudioDevices.h
Examining data/vokoscreen-ng-3.0.7/src/audio/linux/QvkPulseAudioServer.cpp
Examining data/vokoscreen-ng-3.0.7/src/audio/linux/QvkPulseAudioServer.h
Examining data/vokoscreen-ng-3.0.7/src/audio/linux/QvkPulseAudioWatcher.cpp
Examining data/vokoscreen-ng-3.0.7/src/audio/linux/QvkPulseAudioWatcher.h
Examining data/vokoscreen-ng-3.0.7/src/audio/windows/DirectSound/QvkDirectSoundController.cpp
Examining data/vokoscreen-ng-3.0.7/src/audio/windows/DirectSound/QvkDirectSoundController.h
Examining data/vokoscreen-ng-3.0.7/src/audio/windows/DirectSound/QvkDirectSoundWatcher.cpp
Examining data/vokoscreen-ng-3.0.7/src/audio/windows/DirectSound/QvkDirectSoundWatcher.h
Examining data/vokoscreen-ng-3.0.7/src/audio/windows/QvkAudioController.cpp
Examining data/vokoscreen-ng-3.0.7/src/audio/windows/QvkAudioController.h
Examining data/vokoscreen-ng-3.0.7/src/audio/windows/WASAPI/QvkWASAPIController.cpp
Examining data/vokoscreen-ng-3.0.7/src/audio/windows/WASAPI/QvkWASAPIController.h
Examining data/vokoscreen-ng-3.0.7/src/audio/windows/WASAPI/QvkWASAPIGstreamer.cpp
Examining data/vokoscreen-ng-3.0.7/src/audio/windows/WASAPI/QvkWASAPIGstreamer.h
Examining data/vokoscreen-ng-3.0.7/src/audio/windows/WASAPI/QvkWASAPIWatcher.cpp
Examining data/vokoscreen-ng-3.0.7/src/audio/windows/WASAPI/QvkWASAPIWatcher.h
Examining data/vokoscreen-ng-3.0.7/src/camera/QvkCameraController.cpp
Examining data/vokoscreen-ng-3.0.7/src/camera/QvkCameraController.h
Examining data/vokoscreen-ng-3.0.7/src/camera/QvkCameraResolution.cpp
Examining data/vokoscreen-ng-3.0.7/src/camera/QvkCameraResolution.h
Examining data/vokoscreen-ng-3.0.7/src/camera/QvkCameraWatcher.cpp
Examining data/vokoscreen-ng-3.0.7/src/camera/QvkCameraWatcher.h
Examining data/vokoscreen-ng-3.0.7/src/camera/QvkCameraWindow.cpp
Examining data/vokoscreen-ng-3.0.7/src/camera/QvkCameraWindow.h
Examining data/vokoscreen-ng-3.0.7/src/camera/QvkVideoSurface.h
Examining data/vokoscreen-ng-3.0.7/src/camera/camerasettingsdialog.cpp
Examining data/vokoscreen-ng-3.0.7/src/camera/camerasettingsdialog.h
Examining data/vokoscreen-ng-3.0.7/src/ciscoOpenh264/QvkBzlib.cpp
Examining data/vokoscreen-ng-3.0.7/src/ciscoOpenh264/QvkBzlib.h
Examining data/vokoscreen-ng-3.0.7/src/ciscoOpenh264/QvkCiscoOpenh264Controller.cpp
Examining data/vokoscreen-ng-3.0.7/src/ciscoOpenh264/QvkCiscoOpenh264Controller.h
Examining data/vokoscreen-ng-3.0.7/src/ciscoOpenh264/QvkCiscoOpenh264Downloader.cpp
Examining data/vokoscreen-ng-3.0.7/src/ciscoOpenh264/QvkCiscoOpenh264Downloader.h
Examining data/vokoscreen-ng-3.0.7/src/countdown/QvkCountdown.cpp
Examining data/vokoscreen-ng-3.0.7/src/countdown/QvkCountdown.h
Examining data/vokoscreen-ng-3.0.7/src/global.cpp
Examining data/vokoscreen-ng-3.0.7/src/global.h
Examining data/vokoscreen-ng-3.0.7/src/help/QvkDownloader.cpp
Examining data/vokoscreen-ng-3.0.7/src/help/QvkDownloader.h
Examining data/vokoscreen-ng-3.0.7/src/help/QvkHelp.cpp
Examining data/vokoscreen-ng-3.0.7/src/help/QvkHelp.h
Examining data/vokoscreen-ng-3.0.7/src/help/QvkLocale.cpp
Examining data/vokoscreen-ng-3.0.7/src/help/QvkLocale.h
Examining data/vokoscreen-ng-3.0.7/src/information/QvkInformation.cpp
Examining data/vokoscreen-ng-3.0.7/src/information/QvkInformation.h
Examining data/vokoscreen-ng-3.0.7/src/licenses/QvkLicenses.cpp
Examining data/vokoscreen-ng-3.0.7/src/licenses/QvkLicenses.h
Examining data/vokoscreen-ng-3.0.7/src/limitDiskFreeSpace/QvkLimitDiskFreeSpace.cpp
Examining data/vokoscreen-ng-3.0.7/src/limitDiskFreeSpace/QvkLimitDiskFreeSpace.h
Examining data/vokoscreen-ng-3.0.7/src/loadExtensions/QvkLoadExtension.cpp
Examining data/vokoscreen-ng-3.0.7/src/loadExtensions/QvkLoadExtension.h
Examining data/vokoscreen-ng-3.0.7/src/log/QvkLog.cpp
Examining data/vokoscreen-ng-3.0.7/src/log/QvkLog.h
Examining data/vokoscreen-ng-3.0.7/src/log/QvkLogController.cpp
Examining data/vokoscreen-ng-3.0.7/src/log/QvkLogController.h
Examining data/vokoscreen-ng-3.0.7/src/magnifier/QvkMagnifier.cpp
Examining data/vokoscreen-ng-3.0.7/src/magnifier/QvkMagnifier.h
Examining data/vokoscreen-ng-3.0.7/src/magnifier/QvkMagnifierController.cpp
Examining data/vokoscreen-ng-3.0.7/src/magnifier/QvkMagnifierController.h
Examining data/vokoscreen-ng-3.0.7/src/main.cpp
Examining data/vokoscreen-ng-3.0.7/src/mainwindow.cpp
Examining data/vokoscreen-ng-3.0.7/src/mainwindow.h
Examining data/vokoscreen-ng-3.0.7/src/player/QvkPlayer.cpp
Examining data/vokoscreen-ng-3.0.7/src/player/QvkPlayer.h
Examining data/vokoscreen-ng-3.0.7/src/player/QvkPlayerVideoSurface.h
Examining data/vokoscreen-ng-3.0.7/src/region/QvkRegionButtonArrow.cpp
Examining data/vokoscreen-ng-3.0.7/src/region/QvkRegionButtonArrow.h
Examining data/vokoscreen-ng-3.0.7/src/region/QvkRegionChoise.cpp
Examining data/vokoscreen-ng-3.0.7/src/region/QvkRegionChoise.h
Examining data/vokoscreen-ng-3.0.7/src/screenManager/QvkScreenManager.cpp
Examining data/vokoscreen-ng-3.0.7/src/screenManager/QvkScreenManager.h
Examining data/vokoscreen-ng-3.0.7/src/settings/QvkSettings.cpp
Examining data/vokoscreen-ng-3.0.7/src/settings/QvkSettings.h
Examining data/vokoscreen-ng-3.0.7/src/spezialSlider/QvkSpezialSlider.cpp
Examining data/vokoscreen-ng-3.0.7/src/spezialSlider/QvkSpezialSlider.h
Examining data/vokoscreen-ng-3.0.7/src/systray/QvkSystray.cpp
Examining data/vokoscreen-ng-3.0.7/src/systray/QvkSystray.h
Examining data/vokoscreen-ng-3.0.7/src/systrayAlternative/QvkSystrayAlternative.cpp
Examining data/vokoscreen-ng-3.0.7/src/systrayAlternative/QvkSystrayAlternative.h
Examining data/vokoscreen-ng-3.0.7/src/theme/QvkTheme.cpp
Examining data/vokoscreen-ng-3.0.7/src/theme/QvkTheme.h
Examining data/vokoscreen-ng-3.0.7/src/version/QvkVersion.cpp
Examining data/vokoscreen-ng-3.0.7/src/version/QvkVersion.h
Examining data/vokoscreen-ng-3.0.7/src/winInfo/QvkWinInfo.cpp
Examining data/vokoscreen-ng-3.0.7/src/winInfo/QvkWinInfo.h
FINAL RESULTS:
data/vokoscreen-ng-3.0.7/src/audio/linux/QvkDevices.c:236:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( s, pa_input_devicelist[ctr].name);
data/vokoscreen-ng-3.0.7/src/audio/linux/QvkDevices.c:238:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( s, pa_input_devicelist[ctr].description);
data/vokoscreen-ng-3.0.7/src/help/QvkHelp.cpp:147:63: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ( ui->comboBoxOnlineHelp->findText( "(" + QLocale::system().name() + ")", Qt::MatchEndsWith ) > -1 )
data/vokoscreen-ng-3.0.7/src/help/QvkHelp.cpp:149:33: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
language = QLocale::system().name();
data/vokoscreen-ng-3.0.7/src/main.cpp:101:42: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
qtTranslator->load( "qt_" + QLocale::system().name(), QLibraryInfo::location( QLibraryInfo::TranslationsPath ) );
data/vokoscreen-ng-3.0.7/src/main.cpp:105:31: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
translator.load( QLocale::system().name(), ":/language" );
data/vokoscreen-ng-3.0.7/src/mainwindow.cpp:228:71: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
qDebug().noquote() << global::nameOutput << "Locale:" << QLocale::system().name();
data/vokoscreen-ng-3.0.7/src/audio/linux/QvkDevices.c:14:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[512];
data/vokoscreen-ng-3.0.7/src/audio/linux/QvkDevices.c:16:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char description[256];
data/vokoscreen-ng-3.0.7/src/audio/linux/QvkDevices.c:220:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[4096];
data/vokoscreen-ng-3.0.7/src/audio/linux/QvkDevices.c:237:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( s, ":::" );
data/vokoscreen-ng-3.0.7/src/audio/linux/QvkDevices.c:239:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( s, "---" );
data/vokoscreen-ng-3.0.7/src/ciscoOpenh264/QvkBzlib.cpp:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 1024 ];
data/vokoscreen-ng-3.0.7/src/ciscoOpenh264/QvkBzlib.cpp:49:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inFile = fopen ( strIN, "r" );
data/vokoscreen-ng-3.0.7/src/ciscoOpenh264/QvkBzlib.cpp:70:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outFile = fopen ( strOut, "wb");
data/vokoscreen-ng-3.0.7/src/ciscoOpenh264/QvkCiscoOpenh264Downloader.cpp:47:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( !file.open( QIODevice::WriteOnly ) )
data/vokoscreen-ng-3.0.7/src/help/QvkDownloader.cpp:47:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( !file.open( QIODevice::WriteOnly ) )
data/vokoscreen-ng-3.0.7/src/help/QvkHelp.cpp:224:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( !file.open( QIODevice::ReadOnly ) )
data/vokoscreen-ng-3.0.7/src/help/QvkHelp.cpp:257:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( !file.open( QIODevice::ReadOnly ) )
data/vokoscreen-ng-3.0.7/src/help/QvkHelp.cpp:307:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( !file.open( QIODevice::ReadOnly ) )
data/vokoscreen-ng-3.0.7/src/help/QvkLocale.cpp:51:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( !file.open( QIODevice::ReadOnly ) )
data/vokoscreen-ng-3.0.7/src/log/QvkLog.cpp:70:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logFile.open( QIODevice::Append | QIODevice::Text | QIODevice::Unbuffered );
data/vokoscreen-ng-3.0.7/src/mainwindow.cpp:708:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( !file.open( QIODevice::ReadOnly) )
data/vokoscreen-ng-3.0.7/src/audio/linux/QvkDevices.c:70:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pa_devicelist[ctr].name, l->name, 511);
data/vokoscreen-ng-3.0.7/src/audio/linux/QvkDevices.c:71:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pa_devicelist[ctr].description, l->description, 255);
data/vokoscreen-ng-3.0.7/src/audio/linux/QvkDevices.c:95:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pa_devicelist[ctr].name, l->name, 511);
data/vokoscreen-ng-3.0.7/src/audio/linux/QvkDevices.c:96:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pa_devicelist[ctr].description, l->description, 255);
ANALYSIS SUMMARY:
Hits = 27
Lines analyzed = 14320 in approximately 0.36 seconds (39878 lines/second)
Physical Source Lines of Code (SLOC) = 9679
Hits@level = [0] 9 [1] 4 [2] 16 [3] 0 [4] 7 [5] 0
Hits@level+ = [0+] 36 [1+] 27 [2+] 23 [3+] 7 [4+] 7 [5+] 0
Hits/KSLOC@level+ = [0+] 3.71939 [1+] 2.78954 [2+] 2.37628 [3+] 0.723215 [4+] 0.723215 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.