Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/dragon-20.04.2/src/mpris2/mediaplayer2.h Examining data/dragon-20.04.2/src/mpris2/mediaplayer2player.cpp Examining data/dragon-20.04.2/src/mpris2/mpris2.h Examining data/dragon-20.04.2/src/mpris2/mediaplayer2.cpp Examining data/dragon-20.04.2/src/mpris2/mediaplayer2player.h Examining data/dragon-20.04.2/src/mpris2/mpris2.cpp Examining data/dragon-20.04.2/src/app/part.cpp Examining data/dragon-20.04.2/src/app/partToolBar.h Examining data/dragon-20.04.2/src/app/actions.cpp Examining data/dragon-20.04.2/src/app/stateChange.cpp Examining data/dragon-20.04.2/src/app/playerApplication.h Examining data/dragon-20.04.2/src/app/playerApplication.cpp Examining data/dragon-20.04.2/src/app/discSelectionDialog.cpp Examining data/dragon-20.04.2/src/app/videoWindow.h Examining data/dragon-20.04.2/src/app/audioView2.cpp Examining data/dragon-20.04.2/src/app/audioView2.h Examining data/dragon-20.04.2/src/app/playlistFile.h Examining data/dragon-20.04.2/src/app/adjustSizeButton.cpp Examining data/dragon-20.04.2/src/app/playDialog.cpp Examining data/dragon-20.04.2/src/app/timeLabel.cpp Examining data/dragon-20.04.2/src/app/mainWindow.h Examining data/dragon-20.04.2/src/app/theStream.h Examining data/dragon-20.04.2/src/app/fullScreenToolBarHandler.h Examining data/dragon-20.04.2/src/app/analyzer/analyzerBase.h Examining data/dragon-20.04.2/src/app/analyzer/fht.cpp Examining data/dragon-20.04.2/src/app/analyzer/fht.h Examining data/dragon-20.04.2/src/app/analyzer/blockAnalyzer.h Examining data/dragon-20.04.2/src/app/analyzer/blockAnalyzer.cpp Examining data/dragon-20.04.2/src/app/analyzer/analyzerBase.cpp Examining data/dragon-20.04.2/src/app/main.cpp Examining data/dragon-20.04.2/src/app/listView.cpp Examining data/dragon-20.04.2/src/app/part.h Examining data/dragon-20.04.2/src/app/recentlyPlayedList.cpp Examining data/dragon-20.04.2/src/app/loadView.h Examining data/dragon-20.04.2/src/app/adjustSizeButton.h Examining data/dragon-20.04.2/src/app/playDialog.h Examining data/dragon-20.04.2/src/app/videoWindow.cpp Examining data/dragon-20.04.2/src/app/loadView.cpp Examining data/dragon-20.04.2/src/app/mainWindow.cpp Examining data/dragon-20.04.2/src/app/timeLabel.h Examining data/dragon-20.04.2/src/app/theStream.cpp Examining data/dragon-20.04.2/src/app/partToolBar.cpp Examining data/dragon-20.04.2/src/app/discSelectionDialog.h Examining data/dragon-20.04.2/src/app/recentlyPlayedList.h Examining data/dragon-20.04.2/src/app/fullScreenToolBarHandler.cpp Examining data/dragon-20.04.2/src/app/actions.h Examining data/dragon-20.04.2/src/app/playlistFile.cpp Examining data/dragon-20.04.2/src/codeine.h Examining data/dragon-20.04.2/src/messageBox.h FINAL RESULTS: data/dragon-20.04.2/src/app/analyzer/fht.cpp:73:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. return (float *)memcpy(d, s, m_num * sizeof(float)); data/dragon-20.04.2/src/app/analyzer/fht.cpp:215:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p + k, m_buf, sizeof(float) * n); data/dragon-20.04.2/src/app/analyzer/fht.cpp:241:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p + k, m_buf, sizeof(float) * n); data/dragon-20.04.2/src/app/mainWindow.cpp:201:60: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). connect( m_loadView, SIGNAL(loadUrl(QUrl)), this, SLOT(open(QUrl)) ); data/dragon-20.04.2/src/app/mainWindow.cpp:281:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). KStandardAction::open( this, SLOT(toggleLoadView()), ac )->setText( i18n("Play &Media...") ); data/dragon-20.04.2/src/app/mainWindow.cpp:531:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). MainWindow::open( const QUrl &url ) data/dragon-20.04.2/src/app/mainWindow.cpp:655:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open( urls.first() ); data/dragon-20.04.2/src/app/mainWindow.cpp:668:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open( url ); data/dragon-20.04.2/src/app/mainWindow.cpp:708:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). this->open( url ); data/dragon-20.04.2/src/app/mainWindow.cpp:801:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). this->open( e->mimeData()->urls().first() ); data/dragon-20.04.2/src/app/mainWindow.h:75:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(const QUrl & ); data/dragon-20.04.2/src/app/playerApplication.cpp:81:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_mainWindow->open(uris.first()); data/dragon-20.04.2/src/mpris2/mediaplayer2player.cpp:108:61: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). static_cast<Dragon::MainWindow*>(Dragon::mainWindow())->open(QUrl(Uri)); ANALYSIS SUMMARY: Hits = 13 Lines analyzed = 6811 in approximately 0.25 seconds (26842 lines/second) Physical Source Lines of Code (SLOC) = 4473 Hits@level = [0] 0 [1] 0 [2] 13 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 13 [1+] 13 [2+] 13 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 2.90633 [1+] 2.90633 [2+] 2.90633 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.