stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/dragon-20.04.2/src/mpris2/mediaplayer2.h
Examining data/dragon-20.04.2/src/mpris2/mediaplayer2player.cpp
Examining data/dragon-20.04.2/src/mpris2/mpris2.h
Examining data/dragon-20.04.2/src/mpris2/mediaplayer2.cpp
Examining data/dragon-20.04.2/src/mpris2/mediaplayer2player.h
Examining data/dragon-20.04.2/src/mpris2/mpris2.cpp
Examining data/dragon-20.04.2/src/app/part.cpp
Examining data/dragon-20.04.2/src/app/partToolBar.h
Examining data/dragon-20.04.2/src/app/actions.cpp
Examining data/dragon-20.04.2/src/app/stateChange.cpp
Examining data/dragon-20.04.2/src/app/playerApplication.h
Examining data/dragon-20.04.2/src/app/playerApplication.cpp
Examining data/dragon-20.04.2/src/app/discSelectionDialog.cpp
Examining data/dragon-20.04.2/src/app/videoWindow.h
Examining data/dragon-20.04.2/src/app/audioView2.cpp
Examining data/dragon-20.04.2/src/app/audioView2.h
Examining data/dragon-20.04.2/src/app/playlistFile.h
Examining data/dragon-20.04.2/src/app/adjustSizeButton.cpp
Examining data/dragon-20.04.2/src/app/playDialog.cpp
Examining data/dragon-20.04.2/src/app/timeLabel.cpp
Examining data/dragon-20.04.2/src/app/mainWindow.h
Examining data/dragon-20.04.2/src/app/theStream.h
Examining data/dragon-20.04.2/src/app/fullScreenToolBarHandler.h
Examining data/dragon-20.04.2/src/app/analyzer/analyzerBase.h
Examining data/dragon-20.04.2/src/app/analyzer/fht.cpp
Examining data/dragon-20.04.2/src/app/analyzer/fht.h
Examining data/dragon-20.04.2/src/app/analyzer/blockAnalyzer.h
Examining data/dragon-20.04.2/src/app/analyzer/blockAnalyzer.cpp
Examining data/dragon-20.04.2/src/app/analyzer/analyzerBase.cpp
Examining data/dragon-20.04.2/src/app/main.cpp
Examining data/dragon-20.04.2/src/app/listView.cpp
Examining data/dragon-20.04.2/src/app/part.h
Examining data/dragon-20.04.2/src/app/recentlyPlayedList.cpp
Examining data/dragon-20.04.2/src/app/loadView.h
Examining data/dragon-20.04.2/src/app/adjustSizeButton.h
Examining data/dragon-20.04.2/src/app/playDialog.h
Examining data/dragon-20.04.2/src/app/videoWindow.cpp
Examining data/dragon-20.04.2/src/app/loadView.cpp
Examining data/dragon-20.04.2/src/app/mainWindow.cpp
Examining data/dragon-20.04.2/src/app/timeLabel.h
Examining data/dragon-20.04.2/src/app/theStream.cpp
Examining data/dragon-20.04.2/src/app/partToolBar.cpp
Examining data/dragon-20.04.2/src/app/discSelectionDialog.h
Examining data/dragon-20.04.2/src/app/recentlyPlayedList.h
Examining data/dragon-20.04.2/src/app/fullScreenToolBarHandler.cpp
Examining data/dragon-20.04.2/src/app/actions.h
Examining data/dragon-20.04.2/src/app/playlistFile.cpp
Examining data/dragon-20.04.2/src/codeine.h
Examining data/dragon-20.04.2/src/messageBox.h

FINAL RESULTS:

data/dragon-20.04.2/src/app/analyzer/fht.cpp:73:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    return (float *)memcpy(d, s, m_num * sizeof(float));
data/dragon-20.04.2/src/app/analyzer/fht.cpp:215:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p + k, m_buf, sizeof(float) * n);
data/dragon-20.04.2/src/app/analyzer/fht.cpp:241:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p + k, m_buf, sizeof(float) * n);
data/dragon-20.04.2/src/app/mainWindow.cpp:201:60:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    connect( m_loadView, SIGNAL(loadUrl(QUrl)), this, SLOT(open(QUrl)) );
data/dragon-20.04.2/src/app/mainWindow.cpp:281:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    KStandardAction::open( this, SLOT(toggleLoadView()), ac )->setText( i18n("Play &Media...") );
data/dragon-20.04.2/src/app/mainWindow.cpp:531:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
MainWindow::open( const QUrl &url )
data/dragon-20.04.2/src/app/mainWindow.cpp:655:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        open( urls.first() );
data/dragon-20.04.2/src/app/mainWindow.cpp:668:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        open( url );
data/dragon-20.04.2/src/app/mainWindow.cpp:708:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    this->open( url );
data/dragon-20.04.2/src/app/mainWindow.cpp:801:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        this->open( e->mimeData()->urls().first() );
data/dragon-20.04.2/src/app/mainWindow.h:75:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    bool open(const QUrl & );
data/dragon-20.04.2/src/app/playerApplication.cpp:81:23:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        m_mainWindow->open(uris.first());
data/dragon-20.04.2/src/mpris2/mediaplayer2player.cpp:108:61:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    static_cast<Dragon::MainWindow*>(Dragon::mainWindow())->open(QUrl(Uri));

ANALYSIS SUMMARY:

Hits = 13
Lines analyzed = 6811 in approximately 0.25 seconds (26842 lines/second)
Physical Source Lines of Code (SLOC) = 4473
Hits@level = [0]   0 [1]   0 [2]  13 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  13 [1+]  13 [2+]  13 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 2.90633 [1+] 2.90633 [2+] 2.90633 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.