Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/kmplot-20.04.0/kmplot/kgradientdialog.h Examining data/kmplot-20.04.0/kmplot/functiontools.h Examining data/kmplot-20.04.0/kmplot/view.h Examining data/kmplot-20.04.0/kmplot/kconstanteditor.cpp Examining data/kmplot-20.04.0/kmplot/equationeditor.cpp Examining data/kmplot-20.04.0/kmplot/kmplotprogress.cpp Examining data/kmplot-20.04.0/kmplot/maindlg.h Examining data/kmplot-20.04.0/kmplot/calculator.cpp Examining data/kmplot-20.04.0/kmplot/equationhighlighter.cpp Examining data/kmplot-20.04.0/kmplot/kprinterdlg.h Examining data/kmplot-20.04.0/kmplot/vector.h Examining data/kmplot-20.04.0/kmplot/equationeditwidget.cpp Examining data/kmplot-20.04.0/kmplot/kmplot.cpp Examining data/kmplot-20.04.0/kmplot/equationeditorwidget.h Examining data/kmplot-20.04.0/kmplot/view.cpp Examining data/kmplot-20.04.0/kmplot/kgradientdialog.cpp Examining data/kmplot-20.04.0/kmplot/vector.cpp Examining data/kmplot-20.04.0/kmplot/constants.cpp Examining data/kmplot-20.04.0/kmplot/equationedit.h Examining data/kmplot-20.04.0/kmplot/parameterswidget.h Examining data/kmplot-20.04.0/kmplot/parameteranimator.h Examining data/kmplot-20.04.0/kmplot/maindlg.cpp Examining data/kmplot-20.04.0/kmplot/kconstanteditor.h Examining data/kmplot-20.04.0/kmplot/parser.h Examining data/kmplot-20.04.0/kmplot/parameteranimator.cpp Examining data/kmplot-20.04.0/kmplot/equationhighlighter.h Examining data/kmplot-20.04.0/kmplot/plotstylewidget.h Examining data/kmplot-20.04.0/kmplot/xparser.cpp Examining data/kmplot-20.04.0/kmplot/functioneditor.h Examining data/kmplot-20.04.0/kmplot/function.cpp Examining data/kmplot-20.04.0/kmplot/kprinterdlg.cpp Examining data/kmplot-20.04.0/kmplot/kparametereditor.cpp Examining data/kmplot-20.04.0/kmplot/main.cpp Examining data/kmplot-20.04.0/kmplot/xparser.h Examining data/kmplot-20.04.0/kmplot/kmplot.h Examining data/kmplot-20.04.0/kmplot/coordsconfigdialog.cpp Examining data/kmplot-20.04.0/kmplot/kmplotio.h Examining data/kmplot-20.04.0/kmplot/initialconditionseditor.h Examining data/kmplot-20.04.0/kmplot/ksliderwindow.h Examining data/kmplot-20.04.0/kmplot/equationeditorwidget.cpp Examining data/kmplot-20.04.0/kmplot/functioneditor.cpp Examining data/kmplot-20.04.0/kmplot/function.h Examining data/kmplot-20.04.0/kmplot/initialconditionseditor.cpp Examining data/kmplot-20.04.0/kmplot/plotstylewidget.cpp Examining data/kmplot-20.04.0/kmplot/equationeditwidget.h Examining data/kmplot-20.04.0/kmplot/kmplotprogress.h Examining data/kmplot-20.04.0/kmplot/parameterswidget.cpp Examining data/kmplot-20.04.0/kmplot/constants.h Examining data/kmplot-20.04.0/kmplot/coordsconfigdialog.h Examining data/kmplot-20.04.0/kmplot/kparametereditor.h Examining data/kmplot-20.04.0/kmplot/calculator.h Examining data/kmplot-20.04.0/kmplot/equationeditor.h Examining data/kmplot-20.04.0/kmplot/ksliderwindow.cpp Examining data/kmplot-20.04.0/kmplot/functiontools.cpp Examining data/kmplot-20.04.0/kmplot/equationedit.cpp Examining data/kmplot-20.04.0/kmplot/kmplotio.cpp Examining data/kmplot-20.04.0/kmplot/parser.cpp FINAL RESULTS: data/kmplot-20.04.0/kmplot/function.cpp:329:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( ((equals > open) && (open != -1)) || (equals == -1) ) data/kmplot-20.04.0/kmplot/function.cpp:329:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( ((equals > open) && (open != -1)) || (equals == -1) ) data/kmplot-20.04.0/kmplot/function.cpp:330:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pos = open; data/kmplot-20.04.0/kmplot/function.cpp:348:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( (open != -1) && (open < equals) ) data/kmplot-20.04.0/kmplot/function.cpp:348:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( (open != -1) && (open < equals) ) data/kmplot-20.04.0/kmplot/kmplot.cpp:167:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). KStandardAction::open(this, SLOT(fileOpen()), actionCollection()); data/kmplot-20.04.0/kmplot/kmplotio.cpp:135:18: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). QTemporaryFile tmpfile; data/kmplot-20.04.0/kmplot/kmplotio.cpp:136:9: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if ( !tmpfile.open() ) data/kmplot-20.04.0/kmplot/kmplotio.cpp:136:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( !tmpfile.open() ) data/kmplot-20.04.0/kmplot/kmplotio.cpp:139:20: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). << QUrl( tmpfile.fileName() ).toLocalFile() << " for writing.\n"; data/kmplot-20.04.0/kmplot/kmplotio.cpp:142:20: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). QTextStream ts( &tmpfile ); data/kmplot-20.04.0/kmplot/kmplotio.cpp:147:14: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). QFile file(tmpfile.fileName()); data/kmplot-20.04.0/kmplot/kmplotio.cpp:148:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QIODevice::ReadOnly); data/kmplot-20.04.0/kmplot/kmplotio.cpp:159:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!xmlfile.open( QIODevice::WriteOnly ) ) data/kmplot-20.04.0/kmplot/kmplotio.cpp:364:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(); data/kmplot-20.04.0/kmplot/kmplotio.cpp:372:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( !f.open( QIODevice::ReadOnly ) ) data/kmplot-20.04.0/kmplot/kparametereditor.cpp:245:18: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). QTemporaryFile tmpfile; data/kmplot-20.04.0/kmplot/kparametereditor.cpp:246:3: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). tmpfile.setAutoRemove(false); data/kmplot-20.04.0/kmplot/kparametereditor.cpp:247:3: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). tmpfile.open(); data/kmplot-20.04.0/kmplot/kparametereditor.cpp:247:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tmpfile.open(); data/kmplot-20.04.0/kmplot/kparametereditor.cpp:248:3: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). tmpfile.write(transferjob->data()); data/kmplot-20.04.0/kmplot/kparametereditor.cpp:249:20: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). file.setFileName(tmpfile.fileName()); data/kmplot-20.04.0/kmplot/kparametereditor.cpp:250:3: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). tmpfile.close(); data/kmplot-20.04.0/kmplot/kparametereditor.cpp:255:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( file.open(QIODevice::ReadOnly) ) data/kmplot-20.04.0/kmplot/kparametereditor.cpp:308:19: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). QTemporaryFile tmpfile; data/kmplot-20.04.0/kmplot/kparametereditor.cpp:310:8: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (tmpfile.open() ) data/kmplot-20.04.0/kmplot/kparametereditor.cpp:310:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (tmpfile.open() ) data/kmplot-20.04.0/kmplot/kparametereditor.cpp:312:25: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). QTextStream stream(&tmpfile); data/kmplot-20.04.0/kmplot/kparametereditor.cpp:326:15: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). QFile file(tmpfile.fileName()); data/kmplot-20.04.0/kmplot/kparametereditor.cpp:327:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QIODevice::ReadOnly); data/kmplot-20.04.0/kmplot/kparametereditor.cpp:340:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open( QIODevice::WriteOnly ) ) data/kmplot-20.04.0/kmplot/maindlg.cpp:612:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QIODevice::ReadOnly); data/kmplot-20.04.0/kmplot/maindlg.cpp:632:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tmp.open(); data/kmplot-20.04.0/kmplot/maindlg.cpp:636:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QIODevice::ReadOnly); data/kmplot-20.04.0/kmplot/vector.cpp:94:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( m_data.data(), other.m_data.data(), size() * sizeof(double) ); data/kmplot-20.04.0/kmplot/xparser.cpp:296:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( m_arg.data() + 1 + (useParameter ? 1 : 0), y.data(), order*sizeof(double) ); data/kmplot-20.04.0/kmplot/xparser.cpp:297:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( m_result.data(), y.data() + 1, (order-1)*sizeof(double) ); ANALYSIS SUMMARY: Hits = 37 Lines analyzed = 19623 in approximately 1.44 seconds (13598 lines/second) Physical Source Lines of Code (SLOC) = 12433 Hits@level = [0] 0 [1] 0 [2] 37 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 37 [1+] 37 [2+] 37 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 2.97595 [1+] 2.97595 [2+] 2.97595 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.