stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/qjoypad-4.3.1/src/axis.cpp
Examining data/qjoypad-4.3.1/src/axis.h
Examining data/qjoypad-4.3.1/src/axis_edit.cpp
Examining data/qjoypad-4.3.1/src/axis_edit.h
Examining data/qjoypad-4.3.1/src/axisw.cpp
Examining data/qjoypad-4.3.1/src/axisw.h
Examining data/qjoypad-4.3.1/src/button.cpp
Examining data/qjoypad-4.3.1/src/button.h
Examining data/qjoypad-4.3.1/src/button_edit.cpp
Examining data/qjoypad-4.3.1/src/button_edit.h
Examining data/qjoypad-4.3.1/src/buttonw.cpp
Examining data/qjoypad-4.3.1/src/buttonw.h
Examining data/qjoypad-4.3.1/src/constant.h
Examining data/qjoypad-4.3.1/src/error.h
Examining data/qjoypad-4.3.1/src/event.cpp
Examining data/qjoypad-4.3.1/src/event.h
Examining data/qjoypad-4.3.1/src/flash.cpp
Examining data/qjoypad-4.3.1/src/flash.h
Examining data/qjoypad-4.3.1/src/icon.cpp
Examining data/qjoypad-4.3.1/src/icon.h
Examining data/qjoypad-4.3.1/src/joypad.cpp
Examining data/qjoypad-4.3.1/src/joypad.h
Examining data/qjoypad-4.3.1/src/joypadw.cpp
Examining data/qjoypad-4.3.1/src/joypadw.h
Examining data/qjoypad-4.3.1/src/joyslider.cpp
Examining data/qjoypad-4.3.1/src/joyslider.h
Examining data/qjoypad-4.3.1/src/keycode.cpp
Examining data/qjoypad-4.3.1/src/keycode.h
Examining data/qjoypad-4.3.1/src/keydialog.cpp
Examining data/qjoypad-4.3.1/src/keydialog.hpp
Examining data/qjoypad-4.3.1/src/layout.cpp
Examining data/qjoypad-4.3.1/src/layout.h
Examining data/qjoypad-4.3.1/src/layout_edit.cpp
Examining data/qjoypad-4.3.1/src/layout_edit.h
Examining data/qjoypad-4.3.1/src/main.cpp
Examining data/qjoypad-4.3.1/src/quickset.cpp
Examining data/qjoypad-4.3.1/src/quickset.h

FINAL RESULTS:

data/qjoypad-4.3.1/src/error.h:15:68:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
inline void debug_mesg(const char *fmt, ...) __attribute__((format(printf,1,2)));
data/qjoypad-4.3.1/src/error.h:21:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, fmt, ap);
data/qjoypad-4.3.1/src/main.cpp:55:34:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    if (translator.load(QLocale::system(), "qjoypad", "_", QJOYPAD_L10N_DIR)) {
data/qjoypad-4.3.1/src/main.cpp:59:75:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        debug_mesg("no translation for locale: %s\n", qPrintable(QLocale::system().name()));
data/qjoypad-4.3.1/src/main.cpp:99:17:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
        int c = getopt_long(argc, argv, "hd:tTu", long_options, NULL);
data/qjoypad-4.3.1/src/joypad.cpp:24:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        open(dev);
data/qjoypad-4.3.1/src/joypad.cpp:63:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
void JoyPad::open(int dev) {
data/qjoypad-4.3.1/src/joypad.cpp:69:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char id[256];
data/qjoypad-4.3.1/src/joypad.h:43:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        void open( int dev );
data/qjoypad-4.3.1/src/layout.cpp:177:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!file.open(QIODevice::ReadOnly)) {
data/qjoypad-4.3.1/src/layout.cpp:266:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (file.open(QIODevice::ReadOnly)) {
data/qjoypad-4.3.1/src/layout.cpp:311:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (file.open(QIODevice::WriteOnly)) {
data/qjoypad-4.3.1/src/layout.cpp:426:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (file.open(QIODevice::WriteOnly)) {
data/qjoypad-4.3.1/src/layout.cpp:690:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int joydev = open(qPrintable(devpath), O_RDONLY | O_NONBLOCK);
data/qjoypad-4.3.1/src/layout.cpp:702:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            joypad->open(joydev);
data/qjoypad-4.3.1/src/main.cpp:173:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if (file.open(QIODevice::WriteOnly))
data/qjoypad-4.3.1/src/main.cpp:190:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if (pidFile.open( QIODevice::ReadOnly ))
data/qjoypad-4.3.1/src/main.cpp:219:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (pidFile.open( QIODevice::WriteOnly ))
data/qjoypad-4.3.1/src/axis.cpp:26:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
bool Axis::read( QTextStream &stream ) {
data/qjoypad-4.3.1/src/axis.h:35:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		bool read( QTextStream &stream );
data/qjoypad-4.3.1/src/button.cpp:17:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
bool Button::read( QTextStream &stream ) {
data/qjoypad-4.3.1/src/button.h:20:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		bool read( QTextStream &stream );
data/qjoypad-4.3.1/src/joypad.cpp:158:38:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                if (!buttons[num-1]->read( stream )) {
data/qjoypad-4.3.1/src/joypad.cpp:178:35:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                if (!axes[num-1]->read(stream)) {
data/qjoypad-4.3.1/src/joypad.cpp:257:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ssize_t len = read(joydev, &msg, sizeof(js_event));

ANALYSIS SUMMARY:

Hits = 25
Lines analyzed = 4175 in approximately 0.10 seconds (40021 lines/second)
Physical Source Lines of Code (SLOC) = 3121
Hits@level = [0]   3 [1]   7 [2]  13 [3]   1 [4]   4 [5]   0
Hits@level+ = [0+]  28 [1+]  25 [2+]  18 [3+]   5 [4+]   4 [5+]   0
Hits/KSLOC@level+ = [0+] 8.97148 [1+] 8.01025 [2+] 5.76738 [3+] 1.60205 [4+] 1.28164 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.