Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pianobooster-0.7.2b/src/3rdparty/rtmidi/RtMidi.cpp
Examining data/pianobooster-0.7.2b/src/3rdparty/rtmidi/RtMidi.h
Examining data/pianobooster-0.7.2b/src/Bar.cpp
Examining data/pianobooster-0.7.2b/src/Bar.h
Examining data/pianobooster-0.7.2b/src/Cfg.cpp
Examining data/pianobooster-0.7.2b/src/Cfg.h
Examining data/pianobooster-0.7.2b/src/Chord.cpp
Examining data/pianobooster-0.7.2b/src/Chord.h
Examining data/pianobooster-0.7.2b/src/Conductor.cpp
Examining data/pianobooster-0.7.2b/src/Conductor.h
Examining data/pianobooster-0.7.2b/src/Draw.cpp
Examining data/pianobooster-0.7.2b/src/Draw.h
Examining data/pianobooster-0.7.2b/src/GlView.cpp
Examining data/pianobooster-0.7.2b/src/GlView.h
Examining data/pianobooster-0.7.2b/src/GuiKeyboardSetupDialog.cpp
Examining data/pianobooster-0.7.2b/src/GuiKeyboardSetupDialog.h
Examining data/pianobooster-0.7.2b/src/GuiLoopingPopup.cpp
Examining data/pianobooster-0.7.2b/src/GuiLoopingPopup.h
Examining data/pianobooster-0.7.2b/src/GuiMidiSetupDialog.cpp
Examining data/pianobooster-0.7.2b/src/GuiMidiSetupDialog.h
Examining data/pianobooster-0.7.2b/src/GuiPreferencesDialog.cpp
Examining data/pianobooster-0.7.2b/src/GuiPreferencesDialog.h
Examining data/pianobooster-0.7.2b/src/GuiSidePanel.cpp
Examining data/pianobooster-0.7.2b/src/GuiSidePanel.h
Examining data/pianobooster-0.7.2b/src/GuiSongDetailsDialog.cpp
Examining data/pianobooster-0.7.2b/src/GuiSongDetailsDialog.h
Examining data/pianobooster-0.7.2b/src/GuiTopBar.cpp
Examining data/pianobooster-0.7.2b/src/GuiTopBar.h
Examining data/pianobooster-0.7.2b/src/Merge.cpp
Examining data/pianobooster-0.7.2b/src/Merge.h
Examining data/pianobooster-0.7.2b/src/MidiDevice.cpp
Examining data/pianobooster-0.7.2b/src/MidiDevice.h
Examining data/pianobooster-0.7.2b/src/MidiDeviceBase.h
Examining data/pianobooster-0.7.2b/src/MidiDeviceFluidSynth.cpp
Examining data/pianobooster-0.7.2b/src/MidiDeviceFluidSynth.h
Examining data/pianobooster-0.7.2b/src/MidiDeviceRt.cpp
Examining data/pianobooster-0.7.2b/src/MidiDeviceRt.h
Examining data/pianobooster-0.7.2b/src/MidiEvent.h
Examining data/pianobooster-0.7.2b/src/MidiFile.cpp
Examining data/pianobooster-0.7.2b/src/MidiFile.h
Examining data/pianobooster-0.7.2b/src/MidiTrack.cpp
Examining data/pianobooster-0.7.2b/src/MidiTrack.h
Examining data/pianobooster-0.7.2b/src/Notation.cpp
Examining data/pianobooster-0.7.2b/src/Notation.h
Examining data/pianobooster-0.7.2b/src/Piano.cpp
Examining data/pianobooster-0.7.2b/src/Piano.h
Examining data/pianobooster-0.7.2b/src/QtMain.cpp
Examining data/pianobooster-0.7.2b/src/QtWindow.cpp
Examining data/pianobooster-0.7.2b/src/QtWindow.h
Examining data/pianobooster-0.7.2b/src/Queue.h
Examining data/pianobooster-0.7.2b/src/Rating.cpp
Examining data/pianobooster-0.7.2b/src/Rating.h
Examining data/pianobooster-0.7.2b/src/Score.cpp
Examining data/pianobooster-0.7.2b/src/Score.h
Examining data/pianobooster-0.7.2b/src/Scroll.cpp
Examining data/pianobooster-0.7.2b/src/Scroll.h
Examining data/pianobooster-0.7.2b/src/Settings.cpp
Examining data/pianobooster-0.7.2b/src/Settings.h
Examining data/pianobooster-0.7.2b/src/Song.cpp
Examining data/pianobooster-0.7.2b/src/Song.h
Examining data/pianobooster-0.7.2b/src/StavePosition.cpp
Examining data/pianobooster-0.7.2b/src/StavePosition.h
Examining data/pianobooster-0.7.2b/src/Symbol.h
Examining data/pianobooster-0.7.2b/src/Tempo.cpp
Examining data/pianobooster-0.7.2b/src/Tempo.h
Examining data/pianobooster-0.7.2b/src/TrackList.cpp
Examining data/pianobooster-0.7.2b/src/TrackList.h
Examining data/pianobooster-0.7.2b/src/Util.cpp
Examining data/pianobooster-0.7.2b/src/Util.h
FINAL RESULTS:
data/pianobooster-0.7.2b/src/GuiPreferencesDialog.cpp:122:59: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (m_settings->value("General/lang",QLocale::system().bcp47Name()).toString()==lang_code){
data/pianobooster-0.7.2b/src/MidiTrack.cpp:89:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, msg, ap);
data/pianobooster-0.7.2b/src/QtWindow.cpp:775:64: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QString locale = m_settings->value("General/lang",QLocale::system().bcp47Name()).toString();
data/pianobooster-0.7.2b/src/Settings.cpp:291:52: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QString locale = value("General/lang",QLocale::system().bcp47Name()).toString();
data/pianobooster-0.7.2b/src/Util.cpp:99:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(logErrorFile, msg, ap);
data/pianobooster-0.7.2b/src/Util.cpp:113:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(logInfoFile, msg, ap);
data/pianobooster-0.7.2b/src/Util.cpp:131:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(logInfoFile, msg, ap);
data/pianobooster-0.7.2b/src/Util.cpp:148:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(logInfoFile, msg, ap);
data/pianobooster-0.7.2b/src/Util.cpp:163:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(logInfoFile, msg, ap);
data/pianobooster-0.7.2b/src/Util.cpp:181:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(logInfoFile, msg, ap);
data/pianobooster-0.7.2b/src/Util.cpp:194:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(logErrorFile, msg, ap);
data/pianobooster-0.7.2b/src/Util.cpp:208:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(logInfoFile, msg, ap);
data/pianobooster-0.7.2b/src/3rdparty/rtmidi/RtMidi.cpp:2475:7: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection( &(apiData->_mutex) );
data/pianobooster-0.7.2b/src/3rdparty/rtmidi/RtMidi.cpp:2629:5: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection( &(data->_mutex) );
data/pianobooster-0.7.2b/src/3rdparty/rtmidi/RtMidi.cpp:1188:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/pianobooster-0.7.2b/src/3rdparty/rtmidi/RtMidi.cpp:1263:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/pianobooster-0.7.2b/src/3rdparty/rtmidi/RtMidi.cpp:2370:17: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
int wlength = MultiByteToWideChar( CP_ACP, 0, str, -1, NULL, 0 );
data/pianobooster-0.7.2b/src/3rdparty/rtmidi/RtMidi.cpp:2375:5: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar( CP_ACP, 0, str, -1, &wstrtemp[0], wlength );
data/pianobooster-0.7.2b/src/GlView.cpp:152:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufferTop[10], bufferBottom[10];
data/pianobooster-0.7.2b/src/GlView.cpp:153:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufferTop, "%d", topNumber);
data/pianobooster-0.7.2b/src/GlView.cpp:154:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufferBottom, "%d", bottomNumber);
data/pianobooster-0.7.2b/src/GuiPreferencesDialog.cpp:65:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly | QIODevice::Text)){
data/pianobooster-0.7.2b/src/MidiDeviceFluidSynth.cpp:256:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[200];
data/pianobooster-0.7.2b/src/MidiDeviceFluidSynth.h:65:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_savedRawBytes[40]; // Raw data is used for used for a SYSTEM_EVENT
data/pianobooster-0.7.2b/src/MidiDeviceRt.h:72:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_savedRawBytes[40]; // Raw data is used for used for a SYSTEM_EVENT
data/pianobooster-0.7.2b/src/MidiEvent.h:287:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[16];
data/pianobooster-0.7.2b/src/MidiEvent.h:288:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%2x", atype);
data/pianobooster-0.7.2b/src/MidiFile.cpp:89:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_file.open(filename.c_str(), ios_base::in | ios_base::binary);
data/pianobooster-0.7.2b/src/QtWindow.cpp:239:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly))
data/pianobooster-0.7.2b/src/QtWindow.cpp:335:56: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
connect(m_openAct, SIGNAL(triggered()), this, SLOT(open()));
data/pianobooster-0.7.2b/src/QtWindow.cpp:666:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void QtWindow::open()
data/pianobooster-0.7.2b/src/QtWindow.cpp:751:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) return;
data/pianobooster-0.7.2b/src/QtWindow.h:81:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open();
data/pianobooster-0.7.2b/src/Score.cpp:114:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state[keysCount];
data/pianobooster-0.7.2b/src/Settings.cpp:237:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly))
data/pianobooster-0.7.2b/src/Settings.cpp:273:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly | QIODevice::Text))
data/pianobooster-0.7.2b/src/Settings.cpp:491:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/pianobooster-0.7.2b/src/Util.cpp:53:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logInfoFile = fopen ("pb.log","w");
data/pianobooster-0.7.2b/src/3rdparty/rtmidi/RtMidi.cpp:1551:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int res = read( poll_fds[0].fd, &dummy, sizeof(dummy) );
data/pianobooster-0.7.2b/src/QtWindow.cpp:243:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray bytes = file.read(4);
ANALYSIS SUMMARY:
Hits = 40
Lines analyzed = 19204 in approximately 0.45 seconds (42962 lines/second)
Physical Source Lines of Code (SLOC) = 13205
Hits@level = [0] 20 [1] 2 [2] 24 [3] 2 [4] 12 [5] 0
Hits@level+ = [0+] 60 [1+] 40 [2+] 38 [3+] 14 [4+] 12 [5+] 0
Hits/KSLOC@level+ = [0+] 4.54373 [1+] 3.02916 [2+] 2.8777 [3+] 1.0602 [4+] 0.908747 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.