Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/qcustomplot-2.0.1+dfsg1/qcustomplot.h
Examining data/qcustomplot-2.0.1+dfsg1/examples/text-document-integration/mainwindow.cpp
Examining data/qcustomplot-2.0.1+dfsg1/examples/text-document-integration/main.cpp
Examining data/qcustomplot-2.0.1+dfsg1/examples/text-document-integration/qcpdocumentobject.cpp
Examining data/qcustomplot-2.0.1+dfsg1/examples/text-document-integration/qcpdocumentobject.h
Examining data/qcustomplot-2.0.1+dfsg1/examples/text-document-integration/mainwindow.h
Examining data/qcustomplot-2.0.1+dfsg1/examples/interactions/mainwindow.cpp
Examining data/qcustomplot-2.0.1+dfsg1/examples/interactions/main.cpp
Examining data/qcustomplot-2.0.1+dfsg1/examples/interactions/mainwindow.h
Examining data/qcustomplot-2.0.1+dfsg1/examples/plots/main.cpp
Examining data/qcustomplot-2.0.1+dfsg1/examples/plots/mainwindow.h
Examining data/qcustomplot-2.0.1+dfsg1/examples/plots/mainwindow.cpp
Examining data/qcustomplot-2.0.1+dfsg1/examples/scrollbar-axis-range-control/mainwindow.cpp
Examining data/qcustomplot-2.0.1+dfsg1/examples/scrollbar-axis-range-control/main.cpp
Examining data/qcustomplot-2.0.1+dfsg1/examples/scrollbar-axis-range-control/mainwindow.h
Examining data/qcustomplot-2.0.1+dfsg1/examples/axis-tags/mainwindow.cpp
Examining data/qcustomplot-2.0.1+dfsg1/examples/axis-tags/main.cpp
Examining data/qcustomplot-2.0.1+dfsg1/examples/axis-tags/axistag.cpp
Examining data/qcustomplot-2.0.1+dfsg1/examples/axis-tags/axistag.h
Examining data/qcustomplot-2.0.1+dfsg1/examples/axis-tags/mainwindow.h
Examining data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp
FINAL RESULTS:
data/qcustomplot-2.0.1+dfsg1/examples/interactions/mainwindow.cpp:8:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(QDateTime::currentDateTime().toTime_t());
data/qcustomplot-2.0.1+dfsg1/examples/plots/mainwindow.cpp:412:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(8); // set the random seed, so we always get the same random data
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:19881:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pixels.at(y), pixels.first(), n*sizeof(QRgb));
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:25108:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mData, other.mData, sizeof(mData[0])*keySize*valueSize);
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:25110:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mAlpha, other.mAlpha, sizeof(mAlpha[0])*keySize*valueSize);
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:26214:3: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(0),
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:26224:55: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QCPFinancialData::QCPFinancialData(double key, double open, double high, double low, double close) :
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:26226:3: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(open),
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:26226:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(open),
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:26357:80: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void QCPFinancial::setData(const QVector<double> &keys, const QVector<double> &open, const QVector<double> &high, const QVector<double> &low, const QVector<double> &close, bool alreadySorted)
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:26360:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
addData(keys, open, high, low, close, alreadySorted);
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:26478:80: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void QCPFinancial::addData(const QVector<double> &keys, const QVector<double> &open, const QVector<double> &high, const QVector<double> &low, const QVector<double> &close, bool alreadySorted)
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:26480:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (keys.size() != open.size() || open.size() != high.size() || high.size() != low.size() || low.size() != close.size() || close.size() != keys.size())
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:26480:37: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (keys.size() != open.size() || open.size() != high.size() || high.size() != low.size() || low.size() != close.size() || close.size() != keys.size())
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:26481:103: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
qDebug() << Q_FUNC_INFO << "keys, open, high, low, close have different sizes:" << keys.size() << open.size() << high.size() << low.size() << close.size();
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:26482:40: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
const int n = qMin(keys.size(), qMin(open.size(), qMin(high.size(), qMin(low.size(), close.size()))));
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:26490:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
it->open = open[i];
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:26510:47: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void QCPFinancial::addData(double key, double open, double high, double low, double close)
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:26512:45: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mDataContainer->add(QCPFinancialData(key, open, high, low, close));
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:26767:42: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
painter->setPen(it->close >= it->open ? mPenPositive : mPenNegative);
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:26771:54: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
double openPixel = valueAxis->coordToPixel(it->open);
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:26788:42: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
painter->setPen(it->close >= it->open ? mPenPositive : mPenNegative);
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:26792:54: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
double openPixel = valueAxis->coordToPixel(it->open);
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:26827:42: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
painter->setPen(it->close >= it->open ? mPenPositive : mPenNegative);
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:26828:44: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
painter->setBrush(it->close >= it->open ? mBrushPositive : mBrushNegative);
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:26835:54: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
double openPixel = valueAxis->coordToPixel(it->open);
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:26838:130: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
painter->drawLine(QPointF(keyPixel, valueAxis->coordToPixel(it->high)), QPointF(keyPixel, valueAxis->coordToPixel(qMax(it->open, it->close))));
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:26840:129: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
painter->drawLine(QPointF(keyPixel, valueAxis->coordToPixel(it->low)), QPointF(keyPixel, valueAxis->coordToPixel(qMin(it->open, it->close))));
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:26855:42: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
painter->setPen(it->close >= it->open ? mPenPositive : mPenNegative);
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:26856:44: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
painter->setBrush(it->close >= it->open ? mBrushPositive : mBrushNegative);
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:26863:54: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
double openPixel = valueAxis->coordToPixel(it->open);
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:26866:120: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
painter->drawLine(QPointF(valueAxis->coordToPixel(it->high), keyPixel), QPointF(valueAxis->coordToPixel(qMax(it->open, it->close)), keyPixel));
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:26868:119: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
painter->drawLine(QPointF(valueAxis->coordToPixel(it->low), keyPixel), QPointF(valueAxis->coordToPixel(qMin(it->open, it->close)), keyPixel));
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:26993:45: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QCPRange boxValueRange(it->close, it->open);
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:27003:186: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
double highLineDistSqr = QCPVector2D(pos).distanceSquaredToLine(QCPVector2D(keyPixel, valueAxis->coordToPixel(it->high)), QCPVector2D(keyPixel, valueAxis->coordToPixel(qMax(it->open, it->close))));
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:27004:184: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
double lowLineDistSqr = QCPVector2D(pos).distanceSquaredToLine(QCPVector2D(keyPixel, valueAxis->coordToPixel(it->low)), QCPVector2D(keyPixel, valueAxis->coordToPixel(qMin(it->open, it->close))));
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:27020:45: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QCPRange boxValueRange(it->close, it->open);
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:27030:176: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
double highLineDistSqr = QCPVector2D(pos).distanceSquaredToLine(QCPVector2D(valueAxis->coordToPixel(it->high), keyPixel), QCPVector2D(valueAxis->coordToPixel(qMax(it->open, it->close)), keyPixel));
data/qcustomplot-2.0.1+dfsg1/qcustomplot.cpp:27031:174: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
double lowLineDistSqr = QCPVector2D(pos).distanceSquaredToLine(QCPVector2D(valueAxis->coordToPixel(it->low), keyPixel), QCPVector2D(valueAxis->coordToPixel(qMin(it->open, it->close)), keyPixel));
data/qcustomplot-2.0.1+dfsg1/qcustomplot.h:5831:39: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QCPFinancialData(double key, double open, double high, double low, double close);
data/qcustomplot-2.0.1+dfsg1/qcustomplot.h:5838:44: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inline double mainValue() const { return open; }
data/qcustomplot-2.0.1+dfsg1/qcustomplot.h:5842:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
double key, open, high, low, close;
data/qcustomplot-2.0.1+dfsg1/qcustomplot.h:5910:68: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void setData(const QVector<double> &keys, const QVector<double> &open, const QVector<double> &high, const QVector<double> &low, const QVector<double> &close, bool alreadySorted=false);
data/qcustomplot-2.0.1+dfsg1/qcustomplot.h:5921:68: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void addData(const QVector<double> &keys, const QVector<double> &open, const QVector<double> &high, const QVector<double> &low, const QVector<double> &close, bool alreadySorted=false);
data/qcustomplot-2.0.1+dfsg1/qcustomplot.h:5922:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void addData(double key, double open, double high, double low, double close);
ANALYSIS SUMMARY:
Hits = 45
Lines analyzed = 39747 in approximately 1.12 seconds (35386 lines/second)
Physical Source Lines of Code (SLOC) = 21764
Hits@level = [0] 0 [1] 0 [2] 43 [3] 2 [4] 0 [5] 0
Hits@level+ = [0+] 45 [1+] 45 [2+] 45 [3+] 2 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 2.06763 [1+] 2.06763 [2+] 2.06763 [3+] 0.0918949 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.