Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/converseen-0.9.8.1/resource.h Examining data/converseen-0.9.8.1/src/Modules/multipageconverter.cpp Examining data/converseen-0.9.8.1/src/Modules/multipageconverter.h Examining data/converseen-0.9.8.1/src/cachingsystem.cpp Examining data/converseen-0.9.8.1/src/cachingsystem.h Examining data/converseen-0.9.8.1/src/combofilters.cpp Examining data/converseen-0.9.8.1/src/combofilters.h Examining data/converseen-0.9.8.1/src/converter.cpp Examining data/converseen-0.9.8.1/src/converter.h Examining data/converseen-0.9.8.1/src/dialogconversionstatus.cpp Examining data/converseen-0.9.8.1/src/dialogconversionstatus.h Examining data/converseen-0.9.8.1/src/dialoginfo.cpp Examining data/converseen-0.9.8.1/src/dialoginfo.h Examining data/converseen-0.9.8.1/src/dialogmultipageeditor.cpp Examining data/converseen-0.9.8.1/src/dialogmultipageeditor.h Examining data/converseen-0.9.8.1/src/dialogoptions.cpp Examining data/converseen-0.9.8.1/src/dialogoptions.h Examining data/converseen-0.9.8.1/src/dialogquality.cpp Examining data/converseen-0.9.8.1/src/dialogquality.h Examining data/converseen-0.9.8.1/src/dialogshowupdatemsg.cpp Examining data/converseen-0.9.8.1/src/dialogshowupdatemsg.h Examining data/converseen-0.9.8.1/src/formats.cpp Examining data/converseen-0.9.8.1/src/formats.h Examining data/converseen-0.9.8.1/src/globals.cpp Examining data/converseen-0.9.8.1/src/globals.h Examining data/converseen-0.9.8.1/src/inisettings.cpp Examining data/converseen-0.9.8.1/src/inisettings.h Examining data/converseen-0.9.8.1/src/main.cpp Examining data/converseen-0.9.8.1/src/mainwindowimpl.h Examining data/converseen-0.9.8.1/src/mylabelpreviewer.cpp Examining data/converseen-0.9.8.1/src/mylabelpreviewer.h Examining data/converseen-0.9.8.1/src/pixtreewidget.cpp Examining data/converseen-0.9.8.1/src/pixtreewidget.h Examining data/converseen-0.9.8.1/src/pushcolorchooser.cpp Examining data/converseen-0.9.8.1/src/pushcolorchooser.h Examining data/converseen-0.9.8.1/src/sizeutil.cpp Examining data/converseen-0.9.8.1/src/sizeutil.h Examining data/converseen-0.9.8.1/src/thumbnailgeneratorthread.cpp Examining data/converseen-0.9.8.1/src/thumbnailgeneratorthread.h Examining data/converseen-0.9.8.1/src/translator.cpp Examining data/converseen-0.9.8.1/src/translator.h Examining data/converseen-0.9.8.1/src/updatechecker.cpp Examining data/converseen-0.9.8.1/src/updatechecker.h Examining data/converseen-0.9.8.1/src/whereiam.cpp Examining data/converseen-0.9.8.1/src/whereiam.h Examining data/converseen-0.9.8.1/src/mainwindowimpl.cpp FINAL RESULTS: data/converseen-0.9.8.1/src/mainwindowimpl.cpp:117:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) data/converseen-0.9.8.1/src/Modules/multipageconverter.cpp:48:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). my_image.read(tmpFileName.toStdString()); data/converseen-0.9.8.1/src/converter.cpp:70:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). my_image.read(m_fileNameIn.toStdString()); data/converseen-0.9.8.1/src/converter.cpp:242:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bgImg.read("xc:" + m_bg_color.toStdString()); data/converseen-0.9.8.1/src/thumbnailgeneratorthread.cpp:128:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). my_image.read(m_fileName.toStdString()); ANALYSIS SUMMARY: Hits = 5 Lines analyzed = 4822 in approximately 0.28 seconds (17393 lines/second) Physical Source Lines of Code (SLOC) = 2974 Hits@level = [0] 0 [1] 4 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 5 [1+] 5 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.68124 [1+] 1.68124 [2+] 0.336247 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.