Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/jag-0.3.8/src/baseitem.cpp
Examining data/jag-0.3.8/src/baseitem.h
Examining data/jag-0.3.8/src/bighammertool.cpp
Examining data/jag-0.3.8/src/bighammertool.h
Examining data/jag-0.3.8/src/bombtool.cpp
Examining data/jag-0.3.8/src/bombtool.h
Examining data/jag-0.3.8/src/clocktool.cpp
Examining data/jag-0.3.8/src/clocktool.h
Examining data/jag-0.3.8/src/consttools.cpp
Examining data/jag-0.3.8/src/consttools.h
Examining data/jag-0.3.8/src/defines.h
Examining data/jag-0.3.8/src/displaywrapper.cpp
Examining data/jag-0.3.8/src/displaywrapper.h
Examining data/jag-0.3.8/src/editor/defines.h
Examining data/jag-0.3.8/src/editor/levelpack.cpp
Examining data/jag-0.3.8/src/editor/levelpack.h
Examining data/jag-0.3.8/src/editor/levelwidget.cpp
Examining data/jag-0.3.8/src/editor/levelwidget.h
Examining data/jag-0.3.8/src/editor/main.cpp
Examining data/jag-0.3.8/src/editor/mainwindow.cpp
Examining data/jag-0.3.8/src/editor/mainwindow.h
Examining data/jag-0.3.8/src/gamebackground.cpp
Examining data/jag-0.3.8/src/gamebackground.h
Examining data/jag-0.3.8/src/gamebonus.cpp
Examining data/jag-0.3.8/src/gamebonus.h
Examining data/jag-0.3.8/src/gamecontrol.cpp
Examining data/jag-0.3.8/src/gameitem.cpp
Examining data/jag-0.3.8/src/gameitem.h
Examining data/jag-0.3.8/src/gamemenu.cpp
Examining data/jag-0.3.8/src/gamemenu.h
Examining data/jag-0.3.8/src/gamepaint.cpp
Examining data/jag-0.3.8/src/gameprofile.cpp
Examining data/jag-0.3.8/src/gameprofile.h
Examining data/jag-0.3.8/src/gamescene.cpp
Examining data/jag-0.3.8/src/gamescene.h
Examining data/jag-0.3.8/src/gamesound.cpp
Examining data/jag-0.3.8/src/gamesound.h
Examining data/jag-0.3.8/src/gamestat.cpp
Examining data/jag-0.3.8/src/gamestat.h
Examining data/jag-0.3.8/src/gamestatics.cpp
Examining data/jag-0.3.8/src/gamestock.cpp
Examining data/jag-0.3.8/src/gamestock.h
Examining data/jag-0.3.8/src/gametools.cpp
Examining data/jag-0.3.8/src/gametools.h
Examining data/jag-0.3.8/src/gamewidget.cpp
Examining data/jag-0.3.8/src/gamewidget.h
Examining data/jag-0.3.8/src/gamexml.cpp
Examining data/jag-0.3.8/src/hammertool.cpp
Examining data/jag-0.3.8/src/hammertool.h
Examining data/jag-0.3.8/src/main.cpp
Examining data/jag-0.3.8/src/menucontrol.cpp
Examining data/jag-0.3.8/src/mixertool.cpp
Examining data/jag-0.3.8/src/mixertool.h
Examining data/jag-0.3.8/src/randomkilltool.cpp
Examining data/jag-0.3.8/src/randomkilltool.h
Examining data/jag-0.3.8/src/scaler.cpp
Examining data/jag-0.3.8/src/scaler.h
Examining data/jag-0.3.8/src/scene_if.h
Examining data/jag-0.3.8/src/smallhammertool.cpp
Examining data/jag-0.3.8/src/smallhammertool.h
Examining data/jag-0.3.8/src/thundertool.cpp
Examining data/jag-0.3.8/src/thundertool.h
Examining data/jag-0.3.8/src/twintool.cpp
Examining data/jag-0.3.8/src/twintool.h
Examining data/jag-0.3.8/src/unblocktool.cpp
Examining data/jag-0.3.8/src/unblocktool.h
Examining data/jag-0.3.8/src/version.h
FINAL RESULTS:
data/jag-0.3.8/src/displaywrapper.cpp:236:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!xconf.open(QFile::ReadOnly))
data/jag-0.3.8/src/editor/mainwindow.cpp:224:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f.open(QIODevice::WriteOnly)) {
data/jag-0.3.8/src/editor/mainwindow.cpp:259:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (flevel.open(QIODevice::ReadOnly)) {
data/jag-0.3.8/src/editor/mainwindow.cpp:302:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f.open(QIODevice::ReadOnly)) {
data/jag-0.3.8/src/editor/mainwindow.cpp:354:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (flevel.open(QIODevice::WriteOnly)) {
data/jag-0.3.8/src/editor/mainwindow.cpp:906:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f.open(QIODevice::ReadOnly)) {
data/jag-0.3.8/src/editor/mainwindow.cpp:926:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f.open(QIODevice::WriteOnly)) {
data/jag-0.3.8/src/editor/mainwindow.cpp:937:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f.open(QIODevice::WriteOnly)) {
data/jag-0.3.8/src/editor/mainwindow.cpp:970:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f.open(QIODevice::ReadOnly)) {
data/jag-0.3.8/src/gamemenu.cpp:60:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f.open(QIODevice::ReadOnly)) {
data/jag-0.3.8/src/gamemenu.cpp:78:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!fhelp.open(QIODevice::ReadOnly)) {
data/jag-0.3.8/src/gamemenu.cpp:81:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fhelp.open(QIODevice::ReadOnly);
data/jag-0.3.8/src/gameprofile.cpp:192:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f.open(QIODevice::ReadOnly))
data/jag-0.3.8/src/gameprofile.cpp:292:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f.open(QIODevice::ReadOnly)) {
data/jag-0.3.8/src/gameprofile.cpp:319:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f.open(QIODevice::ReadOnly)) {
data/jag-0.3.8/src/gamescene.cpp:340:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f.open(QIODevice::ReadOnly)) {
data/jag-0.3.8/src/gamexml.cpp:35:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QFile::WriteOnly | QFile::Text))
data/jag-0.3.8/src/gamexml.cpp:118:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QFile::ReadOnly | QFile::Text))
data/jag-0.3.8/src/menucontrol.cpp:229:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QFile::ReadOnly | QFile::Text))
data/jag-0.3.8/src/menucontrol.cpp:556:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QFile::ReadOnly | QFile::Text))
data/jag-0.3.8/src/editor/mainwindow.cpp:332:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray ba = ds.device()->read(size);
data/jag-0.3.8/src/gamescene.cpp:373:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray ba = ds.device()->read(size);
ANALYSIS SUMMARY:
Hits = 22
Lines analyzed = 11640 in approximately 0.35 seconds (33690 lines/second)
Physical Source Lines of Code (SLOC) = 7440
Hits@level = [0] 0 [1] 2 [2] 20 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 22 [1+] 22 [2+] 20 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 2.95699 [1+] 2.95699 [2+] 2.68817 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.