Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/draganddrop/delayedencoding/main.cpp
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/draganddrop/delayedencoding/mimedata.cpp
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/draganddrop/delayedencoding/mimedata.h
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/draganddrop/delayedencoding/sourcewidget.cpp
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/draganddrop/delayedencoding/sourcewidget.h
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/embedded/desktopservices/contenttab.cpp
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/embedded/desktopservices/contenttab.h
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/embedded/desktopservices/desktopwidget.cpp
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/embedded/desktopservices/desktopwidget.h
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/embedded/desktopservices/linktab.cpp
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/embedded/desktopservices/linktab.h
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/embedded/desktopservices/main.cpp
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/embedded/fluidlauncher/demoapplication.cpp
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/embedded/fluidlauncher/demoapplication.h
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/embedded/fluidlauncher/fluidlauncher.cpp
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/embedded/fluidlauncher/fluidlauncher.h
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/embedded/fluidlauncher/main.cpp
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/embedded/fluidlauncher/pictureflow.cpp
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/embedded/fluidlauncher/pictureflow.h
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/embedded/fluidlauncher/slideshow.cpp
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/embedded/fluidlauncher/slideshow.h
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/embedded/weatherinfo/weatherinfo.cpp
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/embeddedsvgviewer/embeddedsvgviewer.cpp
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/embeddedsvgviewer/embeddedsvgviewer.h
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/embeddedsvgviewer/main.cpp
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/opengl/framebufferobject/glwidget.cpp
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/opengl/framebufferobject/glwidget.h
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/opengl/framebufferobject/main.cpp
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/richtext/textobject/main.cpp
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/richtext/textobject/svgtextobject.cpp
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/richtext/textobject/svgtextobject.h
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/richtext/textobject/window.cpp
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/richtext/textobject/window.h
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/svggenerator/displaywidget.cpp
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/svggenerator/displaywidget.h
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/svggenerator/main.cpp
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/svggenerator/window.cpp
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/svggenerator/window.h
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/svgviewer/exportdialog.cpp
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/svgviewer/exportdialog.h
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/svgviewer/main.cpp
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/svgviewer/mainwindow.cpp
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/svgviewer/mainwindow.h
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/svgviewer/svgview.cpp
Examining data/qtsvg-opensource-src-5.15.2/examples/svg/svgviewer/svgview.h
Examining data/qtsvg-opensource-src-5.15.2/include/QtSvg/5.15.2/QtSvg/private/qsvgfont_p.h
Examining data/qtsvg-opensource-src-5.15.2/include/QtSvg/5.15.2/QtSvg/private/qsvggraphics_p.h
Examining data/qtsvg-opensource-src-5.15.2/include/QtSvg/5.15.2/QtSvg/private/qsvghandler_p.h
Examining data/qtsvg-opensource-src-5.15.2/include/QtSvg/5.15.2/QtSvg/private/qsvgnode_p.h
Examining data/qtsvg-opensource-src-5.15.2/include/QtSvg/5.15.2/QtSvg/private/qsvgstructure_p.h
Examining data/qtsvg-opensource-src-5.15.2/include/QtSvg/5.15.2/QtSvg/private/qsvgstyle_p.h
Examining data/qtsvg-opensource-src-5.15.2/include/QtSvg/5.15.2/QtSvg/private/qsvgtinydocument_p.h
Examining data/qtsvg-opensource-src-5.15.2/include/QtSvg/5.15.2/QtSvg/private/qtsvgglobal_p.h
Examining data/qtsvg-opensource-src-5.15.2/include/QtSvg/qgraphicssvgitem.h
Examining data/qtsvg-opensource-src-5.15.2/include/QtSvg/qsvggenerator.h
Examining data/qtsvg-opensource-src-5.15.2/include/QtSvg/qsvgrenderer.h
Examining data/qtsvg-opensource-src-5.15.2/include/QtSvg/qsvgwidget.h
Examining data/qtsvg-opensource-src-5.15.2/include/QtSvg/qtsvgglobal.h
Examining data/qtsvg-opensource-src-5.15.2/include/QtSvg/qtsvgversion.h
Examining data/qtsvg-opensource-src-5.15.2/src/plugins/iconengines/svgiconengine/main.cpp
Examining data/qtsvg-opensource-src-5.15.2/src/plugins/iconengines/svgiconengine/qsvgiconengine.cpp
Examining data/qtsvg-opensource-src-5.15.2/src/plugins/iconengines/svgiconengine/qsvgiconengine.h
Examining data/qtsvg-opensource-src-5.15.2/src/plugins/imageformats/svg/main.cpp
Examining data/qtsvg-opensource-src-5.15.2/src/plugins/imageformats/svg/qsvgiohandler.cpp
Examining data/qtsvg-opensource-src-5.15.2/src/plugins/imageformats/svg/qsvgiohandler.h
Examining data/qtsvg-opensource-src-5.15.2/src/svg/doc/snippets/doc_src_qtsvg.cpp
Examining data/qtsvg-opensource-src-5.15.2/src/svg/doc/snippets/src_svg_qgraphicssvgitem.cpp
Examining data/qtsvg-opensource-src-5.15.2/src/svg/qgraphicssvgitem.cpp
Examining data/qtsvg-opensource-src-5.15.2/src/svg/qgraphicssvgitem.h
Examining data/qtsvg-opensource-src-5.15.2/src/svg/qsvgfont.cpp
Examining data/qtsvg-opensource-src-5.15.2/src/svg/qsvgfont_p.h
Examining data/qtsvg-opensource-src-5.15.2/src/svg/qsvggenerator.cpp
Examining data/qtsvg-opensource-src-5.15.2/src/svg/qsvggenerator.h
Examining data/qtsvg-opensource-src-5.15.2/src/svg/qsvggraphics.cpp
Examining data/qtsvg-opensource-src-5.15.2/src/svg/qsvggraphics_p.h
Examining data/qtsvg-opensource-src-5.15.2/src/svg/qsvghandler.cpp
Examining data/qtsvg-opensource-src-5.15.2/src/svg/qsvghandler_p.h
Examining data/qtsvg-opensource-src-5.15.2/src/svg/qsvgnode.cpp
Examining data/qtsvg-opensource-src-5.15.2/src/svg/qsvgnode_p.h
Examining data/qtsvg-opensource-src-5.15.2/src/svg/qsvgrenderer.cpp
Examining data/qtsvg-opensource-src-5.15.2/src/svg/qsvgrenderer.h
Examining data/qtsvg-opensource-src-5.15.2/src/svg/qsvgstructure.cpp
Examining data/qtsvg-opensource-src-5.15.2/src/svg/qsvgstructure_p.h
Examining data/qtsvg-opensource-src-5.15.2/src/svg/qsvgstyle.cpp
Examining data/qtsvg-opensource-src-5.15.2/src/svg/qsvgstyle_p.h
Examining data/qtsvg-opensource-src-5.15.2/src/svg/qsvgtinydocument.cpp
Examining data/qtsvg-opensource-src-5.15.2/src/svg/qsvgtinydocument_p.h
Examining data/qtsvg-opensource-src-5.15.2/src/svg/qsvgwidget.cpp
Examining data/qtsvg-opensource-src-5.15.2/src/svg/qsvgwidget.h
Examining data/qtsvg-opensource-src-5.15.2/src/svg/qtsvgglobal.h
Examining data/qtsvg-opensource-src-5.15.2/src/svg/qtsvgglobal_p.h
Examining data/qtsvg-opensource-src-5.15.2/tests/auto/qicon_svg/tst_qicon_svg.cpp
Examining data/qtsvg-opensource-src-5.15.2/tests/auto/qsvgdevice/tst_qsvgdevice.cpp
Examining data/qtsvg-opensource-src-5.15.2/tests/auto/qsvggenerator/tst_qsvggenerator.cpp
Examining data/qtsvg-opensource-src-5.15.2/tests/auto/qsvgplugin/tst_qsvgplugin.cpp
Examining data/qtsvg-opensource-src-5.15.2/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp
Examining data/qtsvg-opensource-src-5.15.2/tests/benchmarks/svg/qsvgrenderer/tst_qsvgrenderer.cpp
Examining data/qtsvg-opensource-src-5.15.2/tests/libfuzzer/svg/qsvgrenderer/render/main.cpp
Examining data/qtsvg-opensource-src-5.15.2/tests/manual/rendertestsuite/main.cpp
FINAL RESULTS:
data/qtsvg-opensource-src-5.15.2/examples/svg/draganddrop/delayedencoding/sourcewidget.cpp:60:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
imageFile.open(QIODevice::ReadOnly);
data/qtsvg-opensource-src-5.15.2/examples/svg/draganddrop/delayedencoding/sourcewidget.cpp:102:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::WriteOnly);
data/qtsvg-opensource-src-5.15.2/examples/svg/embedded/fluidlauncher/fluidlauncher.cpp:123:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
xmlFile.open(QIODevice::ReadOnly);
data/qtsvg-opensource-src-5.15.2/examples/svg/embedded/fluidlauncher/pictureflow.cpp:296:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE*f = fopen("table.c","wt");
data/qtsvg-opensource-src-5.15.2/examples/svg/richtext/textobject/window.cpp:70:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/qtsvg-opensource-src-5.15.2/examples/svg/svggenerator/displaywidget.cpp:61:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QFile::ReadOnly);
data/qtsvg-opensource-src-5.15.2/src/plugins/iconengines/svgiconengine/qsvgiconengine.cpp:388:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f.open(QIODevice::ReadOnly))
data/qtsvg-opensource-src-5.15.2/src/plugins/iconengines/svgiconengine/qsvgiconengine.cpp:409:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f.open(QIODevice::ReadOnly))
data/qtsvg-opensource-src-5.15.2/src/svg/qsvggenerator.cpp:882:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!d->outputDevice->open(QIODevice::WriteOnly | QIODevice::Text)) {
data/qtsvg-opensource-src-5.15.2/src/svg/qsvggenerator.cpp:982:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QBuffer::ReadWrite);
data/qtsvg-opensource-src-5.15.2/src/svg/qsvghandler.cpp:171:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[16];
data/qtsvg-opensource-src-5.15.2/src/svg/qsvghandler.cpp:606:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[maxLen+1];
data/qtsvg-opensource-src-5.15.2/src/svg/qsvghandler.cpp:4071:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/qtsvg-opensource-src-5.15.2/src/svg/qsvgtinydocument.cpp:90:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
device->open(QIODevice::ReadOnly);
data/qtsvg-opensource-src-5.15.2/src/svg/qsvgtinydocument.cpp:194:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::ReadOnly)) {
data/qtsvg-opensource-src-5.15.2/src/svg/qsvgtinydocument.cpp:234:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/qtsvg-opensource-src-5.15.2/tests/auto/qsvggenerator/tst_qsvggenerator.cpp:123:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::ReadOnly));
data/qtsvg-opensource-src-5.15.2/tests/auto/qsvggenerator/tst_qsvggenerator.cpp:126:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(referenceFile.open(QIODevice::ReadOnly));
data/qtsvg-opensource-src-5.15.2/tests/auto/qsvggenerator/tst_qsvggenerator.cpp:167:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::WriteOnly);
data/qtsvg-opensource-src-5.15.2/tests/auto/qsvggenerator/tst_qsvggenerator.cpp:180:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::ReadOnly);
data/qtsvg-opensource-src-5.15.2/tests/auto/qsvgplugin/tst_qsvgplugin.cpp:103:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::ReadOnly);
data/qtsvg-opensource-src-5.15.2/tests/auto/qsvgplugin/tst_qsvgplugin.cpp:123:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::ReadOnly);
data/qtsvg-opensource-src-5.15.2/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp:808:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
largeFileGz.open(QIODevice::ReadOnly);
data/qtsvg-opensource-src-5.15.2/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp:830:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
largeFileGz.open(QIODevice::ReadOnly);
data/qtsvg-opensource-src-5.15.2/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp:832:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
largeFile.open(QIODevice::ReadOnly);
data/qtsvg-opensource-src-5.15.2/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp:855:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/qtsvg-opensource-src-5.15.2/tests/benchmarks/svg/qsvgrenderer/tst_qsvgrenderer.cpp:77:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::ReadOnly))
data/qtsvg-opensource-src-5.15.2/src/plugins/iconengines/svgiconengine/qsvgiconengine.cpp:317:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool QSvgIconEngine::read(QDataStream &in)
data/qtsvg-opensource-src-5.15.2/src/plugins/iconengines/svgiconengine/qsvgiconengine.h:70:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(QDataStream &in) override;
data/qtsvg-opensource-src-5.15.2/src/plugins/imageformats/svg/qsvgiohandler.cpp:143:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool QSvgIOHandler::read(QImage *image)
data/qtsvg-opensource-src-5.15.2/src/plugins/imageformats/svg/qsvgiohandler.h:61:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(QImage *image) override;
data/qtsvg-opensource-src-5.15.2/src/svg/qsvgtinydocument.cpp:120:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
source = device->read(CHUNK_SIZE);
data/qtsvg-opensource-src-5.15.2/tests/auto/qsvgplugin/tst_qsvgplugin.cpp:109:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
plugin.read(&image);
data/qtsvg-opensource-src-5.15.2/tests/auto/qsvgplugin/tst_qsvgplugin.cpp:120:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const QString path = filename.left(filename.size() - strlen("imageInclude.svg"));
data/qtsvg-opensource-src-5.15.2/tests/auto/qsvgplugin/tst_qsvgplugin.cpp:130:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
plugin.read(&image);
ANALYSIS SUMMARY:
Hits = 35
Lines analyzed = 23379 in approximately 0.65 seconds (35790 lines/second)
Physical Source Lines of Code (SLOC) = 15372
Hits@level = [0] 10 [1] 8 [2] 27 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 45 [1+] 35 [2+] 27 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 2.9274 [1+] 2.27687 [2+] 1.75644 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.