Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libkscreen-5.19.5/backends/xcbwrapper.h
Examining data/libkscreen-5.19.5/backends/utils.h
Examining data/libkscreen-5.19.5/backends/utils.cpp
Examining data/libkscreen-5.19.5/backends/qscreen/qscreenoutput.h
Examining data/libkscreen-5.19.5/backends/qscreen/qscreenscreen.h
Examining data/libkscreen-5.19.5/backends/qscreen/qscreenbackend.h
Examining data/libkscreen-5.19.5/backends/qscreen/qscreenconfig.h
Examining data/libkscreen-5.19.5/backends/qscreen/qscreenbackend.cpp
Examining data/libkscreen-5.19.5/backends/qscreen/qscreenconfig.cpp
Examining data/libkscreen-5.19.5/backends/qscreen/qscreenoutput.cpp
Examining data/libkscreen-5.19.5/backends/qscreen/qscreenscreen.cpp
Examining data/libkscreen-5.19.5/backends/xcbwrapper.cpp
Examining data/libkscreen-5.19.5/backends/xcbeventlistener.h
Examining data/libkscreen-5.19.5/backends/xcbeventlistener.cpp
Examining data/libkscreen-5.19.5/backends/kwayland/waylandconfig.cpp
Examining data/libkscreen-5.19.5/backends/kwayland/waylandscreen.h
Examining data/libkscreen-5.19.5/backends/kwayland/waylandbackend.cpp
Examining data/libkscreen-5.19.5/backends/kwayland/waylandbackend.h
Examining data/libkscreen-5.19.5/backends/kwayland/waylandconfig.h
Examining data/libkscreen-5.19.5/backends/kwayland/waylandoutput.cpp
Examining data/libkscreen-5.19.5/backends/kwayland/waylandscreen.cpp
Examining data/libkscreen-5.19.5/backends/kwayland/waylandoutput.h
Examining data/libkscreen-5.19.5/backends/xrandr1.1/xrandr11.h
Examining data/libkscreen-5.19.5/backends/xrandr1.1/xrandr11.cpp
Examining data/libkscreen-5.19.5/backends/fake/fake.h
Examining data/libkscreen-5.19.5/backends/fake/parser.h
Examining data/libkscreen-5.19.5/backends/fake/fake.cpp
Examining data/libkscreen-5.19.5/backends/fake/parser.cpp
Examining data/libkscreen-5.19.5/backends/xrandr/xrandroutput.h
Examining data/libkscreen-5.19.5/backends/xrandr/xrandrcrtc.cpp
Examining data/libkscreen-5.19.5/backends/xrandr/xrandrconfig.cpp
Examining data/libkscreen-5.19.5/backends/xrandr/xrandrscreen.h
Examining data/libkscreen-5.19.5/backends/xrandr/xrandroutput.cpp
Examining data/libkscreen-5.19.5/backends/xrandr/xrandrcrtc.h
Examining data/libkscreen-5.19.5/backends/xrandr/xrandrmode.h
Examining data/libkscreen-5.19.5/backends/xrandr/xrandr.h
Examining data/libkscreen-5.19.5/backends/xrandr/xrandrconfig.h
Examining data/libkscreen-5.19.5/backends/xrandr/xrandr.cpp
Examining data/libkscreen-5.19.5/backends/xrandr/xrandrmode.cpp
Examining data/libkscreen-5.19.5/backends/xrandr/xrandrscreen.cpp
Examining data/libkscreen-5.19.5/autotests/testedid.cpp
Examining data/libkscreen-5.19.5/autotests/testlog.cpp
Examining data/libkscreen-5.19.5/autotests/testscreenconfig.cpp
Examining data/libkscreen-5.19.5/autotests/testkwaylandbackend.cpp
Examining data/libkscreen-5.19.5/autotests/testkwaylandconfig.cpp
Examining data/libkscreen-5.19.5/autotests/testbackendloader.cpp
Examining data/libkscreen-5.19.5/autotests/testkwaylanddpms.cpp
Examining data/libkscreen-5.19.5/autotests/testinprocess.cpp
Examining data/libkscreen-5.19.5/autotests/testmodelistchange.cpp
Examining data/libkscreen-5.19.5/autotests/testxrandr.cpp
Examining data/libkscreen-5.19.5/autotests/testqscreenbackend.cpp
Examining data/libkscreen-5.19.5/autotests/testconfigmonitor.cpp
Examining data/libkscreen-5.19.5/autotests/testconfigserializer.cpp
Examining data/libkscreen-5.19.5/tests/testpnp.cpp
Examining data/libkscreen-5.19.5/tests/testpnp.h
Examining data/libkscreen-5.19.5/tests/testplugandplay.cpp
Examining data/libkscreen-5.19.5/tests/kwayland/waylandtestserver.cpp
Examining data/libkscreen-5.19.5/tests/kwayland/waylandtestserver.h
Examining data/libkscreen-5.19.5/tests/kwayland/main.cpp
Examining data/libkscreen-5.19.5/tests/kwayland/waylandconfigreader.cpp
Examining data/libkscreen-5.19.5/tests/kwayland/waylandconfigreader.h
Examining data/libkscreen-5.19.5/src/configserializer_p.h
Examining data/libkscreen-5.19.5/src/backendmanager.cpp
Examining data/libkscreen-5.19.5/src/configmonitor.h
Examining data/libkscreen-5.19.5/src/configoperation.cpp
Examining data/libkscreen-5.19.5/src/edid.cpp
Examining data/libkscreen-5.19.5/src/configoperation_p.h
Examining data/libkscreen-5.19.5/src/backendmanager_p.h
Examining data/libkscreen-5.19.5/src/abstractbackend.cpp
Examining data/libkscreen-5.19.5/src/setconfigoperation.h
Examining data/libkscreen-5.19.5/src/getconfigoperation.h
Examining data/libkscreen-5.19.5/src/configoperation.h
Examining data/libkscreen-5.19.5/src/edid.h
Examining data/libkscreen-5.19.5/src/abstractbackend.h
Examining data/libkscreen-5.19.5/src/mode.cpp
Examining data/libkscreen-5.19.5/src/configmonitor.cpp
Examining data/libkscreen-5.19.5/src/backendlauncher/backendloader.h
Examining data/libkscreen-5.19.5/src/backendlauncher/main.cpp
Examining data/libkscreen-5.19.5/src/backendlauncher/backenddbuswrapper.h
Examining data/libkscreen-5.19.5/src/backendlauncher/backendloader.cpp
Examining data/libkscreen-5.19.5/src/backendlauncher/backenddbuswrapper.cpp
Examining data/libkscreen-5.19.5/src/output.cpp
Examining data/libkscreen-5.19.5/src/config.h
Examining data/libkscreen-5.19.5/src/log.cpp
Examining data/libkscreen-5.19.5/src/doctor/doctor.h
Examining data/libkscreen-5.19.5/src/doctor/main.cpp
Examining data/libkscreen-5.19.5/src/doctor/dpmsclient.cpp
Examining data/libkscreen-5.19.5/src/doctor/dpmsclient.h
Examining data/libkscreen-5.19.5/src/doctor/doctor.cpp
Examining data/libkscreen-5.19.5/src/screen.h
Examining data/libkscreen-5.19.5/src/screen.cpp
Examining data/libkscreen-5.19.5/src/output.h
Examining data/libkscreen-5.19.5/src/log.h
Examining data/libkscreen-5.19.5/src/setconfigoperation.cpp
Examining data/libkscreen-5.19.5/src/mode.h
Examining data/libkscreen-5.19.5/src/types.h
Examining data/libkscreen-5.19.5/src/getconfigoperation.cpp
Examining data/libkscreen-5.19.5/src/configserializer.cpp
Examining data/libkscreen-5.19.5/src/config.cpp
FINAL RESULTS:
data/libkscreen-5.19.5/backends/fake/fake.cpp:110:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::ReadOnly);
data/libkscreen-5.19.5/backends/fake/parser.cpp:62:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/libkscreen-5.19.5/backends/xrandr/xrandr.cpp:245:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, xcb_randr_get_output_property_data(reply), reply->num_items);
data/libkscreen-5.19.5/src/edid.cpp:274:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (pnpIds.open(QIODevice::ReadOnly)) {
data/libkscreen-5.19.5/src/log.cpp:132:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::Append | QIODevice::Text)) {
data/libkscreen-5.19.5/tests/kwayland/waylandconfigreader.cpp:40:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::ReadOnly);
ANALYSIS SUMMARY:
Hits = 6
Lines analyzed = 15436 in approximately 0.44 seconds (35148 lines/second)
Physical Source Lines of Code (SLOC) = 10376
Hits@level = [0] 0 [1] 0 [2] 6 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 6 [1+] 6 [2+] 6 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 0.578258 [1+] 0.578258 [2+] 0.578258 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.