stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/qwinff-0.2.1+git20191128/src/converter/audiofilter.cpp
Examining data/qwinff-0.2.1+git20191128/src/converter/audiofilter.h
Examining data/qwinff-0.2.1+git20191128/src/converter/conversionparameters.cpp
Examining data/qwinff-0.2.1+git20191128/src/converter/conversionparameters.h
Examining data/qwinff-0.2.1+git20191128/src/converter/converterinterface.cpp
Examining data/qwinff-0.2.1+git20191128/src/converter/converterinterface.h
Examining data/qwinff-0.2.1+git20191128/src/converter/exepath.cpp
Examining data/qwinff-0.2.1+git20191128/src/converter/exepath.h
Examining data/qwinff-0.2.1+git20191128/src/converter/ffmpeginterface.cpp
Examining data/qwinff-0.2.1+git20191128/src/converter/ffmpeginterface.h
Examining data/qwinff-0.2.1+git20191128/src/converter/mediaconverter.cpp
Examining data/qwinff-0.2.1+git20191128/src/converter/mediaconverter.h
Examining data/qwinff-0.2.1+git20191128/src/converter/mediaprobe.cpp
Examining data/qwinff-0.2.1+git20191128/src/converter/mediaprobe.h
Examining data/qwinff-0.2.1+git20191128/src/converter/presets.cpp
Examining data/qwinff-0.2.1+git20191128/src/converter/presets.h
Examining data/qwinff-0.2.1+git20191128/src/extra-translations.h
Examining data/qwinff-0.2.1+git20191128/src/main.cpp
Examining data/qwinff-0.2.1+git20191128/src/qmpwidget/qmpwidget.cpp
Examining data/qwinff-0.2.1+git20191128/src/qmpwidget/qmpwidget.h
Examining data/qwinff-0.2.1+git20191128/src/qmpwidget/qmpyuvreader.h
Examining data/qwinff-0.2.1+git20191128/src/services/abstractpreviewer.cpp
Examining data/qwinff-0.2.1+git20191128/src/services/abstractpreviewer.h
Examining data/qwinff-0.2.1+git20191128/src/services/constants.cpp
Examining data/qwinff-0.2.1+git20191128/src/services/constants.h
Examining data/qwinff-0.2.1+git20191128/src/services/extensions.cpp
Examining data/qwinff-0.2.1+git20191128/src/services/extensions.h
Examining data/qwinff-0.2.1+git20191128/src/services/ffplaypreviewer.cpp
Examining data/qwinff-0.2.1+git20191128/src/services/ffplaypreviewer.h
Examining data/qwinff-0.2.1+git20191128/src/services/filepathoperations.cpp
Examining data/qwinff-0.2.1+git20191128/src/services/filepathoperations.h
Examining data/qwinff-0.2.1+git20191128/src/services/httpdownloader.cpp
Examining data/qwinff-0.2.1+git20191128/src/services/httpdownloader.h
Examining data/qwinff-0.2.1+git20191128/src/services/mplayerpreviewer.cpp
Examining data/qwinff-0.2.1+git20191128/src/services/mplayerpreviewer.h
Examining data/qwinff-0.2.1+git20191128/src/services/notification.cpp
Examining data/qwinff-0.2.1+git20191128/src/services/notification.h
Examining data/qwinff-0.2.1+git20191128/src/services/notificationservice-libnotify.cpp
Examining data/qwinff-0.2.1+git20191128/src/services/notificationservice-libnotify.h
Examining data/qwinff-0.2.1+git20191128/src/services/notificationservice-notifysend.cpp
Examining data/qwinff-0.2.1+git20191128/src/services/notificationservice-notifysend.h
Examining data/qwinff-0.2.1+git20191128/src/services/notificationservice-qt.cpp
Examining data/qwinff-0.2.1+git20191128/src/services/notificationservice-qt.h
Examining data/qwinff-0.2.1+git20191128/src/services/notificationservice.cpp
Examining data/qwinff-0.2.1+git20191128/src/services/notificationservice.h
Examining data/qwinff-0.2.1+git20191128/src/services/paths.cpp
Examining data/qwinff-0.2.1+git20191128/src/services/paths.h
Examining data/qwinff-0.2.1+git20191128/src/services/powermanagement-dummy.cpp
Examining data/qwinff-0.2.1+git20191128/src/services/powermanagement-linux.cpp
Examining data/qwinff-0.2.1+git20191128/src/services/powermanagement-w32.cpp
Examining data/qwinff-0.2.1+git20191128/src/services/powermanagement.h
Examining data/qwinff-0.2.1+git20191128/src/services/settingtimer.cpp
Examining data/qwinff-0.2.1+git20191128/src/services/settingtimer.h
Examining data/qwinff-0.2.1+git20191128/src/services/updatechecker.cpp
Examining data/qwinff-0.2.1+git20191128/src/services/updatechecker.h
Examining data/qwinff-0.2.1+git20191128/src/services/updateinfoparser.cpp
Examining data/qwinff-0.2.1+git20191128/src/services/updateinfoparser.h
Examining data/qwinff-0.2.1+git20191128/src/services/versioncompare.cpp
Examining data/qwinff-0.2.1+git20191128/src/services/versioncompare.h
Examining data/qwinff-0.2.1+git20191128/src/services/xmllookuptable.cpp
Examining data/qwinff-0.2.1+git20191128/src/services/xmllookuptable.h
Examining data/qwinff-0.2.1+git20191128/src/tests/testupdateinfoparser/testupdateinfoparser.cpp
Examining data/qwinff-0.2.1+git20191128/src/tests/testupdateinfoparser/testupdateinfoparser.h
Examining data/qwinff-0.2.1+git20191128/src/tests/testversioncompare/testversioncompare.cpp
Examining data/qwinff-0.2.1+git20191128/src/tests/testversioncompare/testversioncompare.h
Examining data/qwinff-0.2.1+git20191128/src/ui/aboutdialog.cpp
Examining data/qwinff-0.2.1+git20191128/src/ui/aboutdialog.h
Examining data/qwinff-0.2.1+git20191128/src/ui/aboutffmpegdialog.cpp
Examining data/qwinff-0.2.1+git20191128/src/ui/aboutffmpegdialog.h
Examining data/qwinff-0.2.1+git20191128/src/ui/addtaskwizard.cpp
Examining data/qwinff-0.2.1+git20191128/src/ui/addtaskwizard.h
Examining data/qwinff-0.2.1+git20191128/src/ui/conversionparameterdialog.cpp
Examining data/qwinff-0.2.1+git20191128/src/ui/conversionparameterdialog.h
Examining data/qwinff-0.2.1+git20191128/src/ui/convertlist.cpp
Examining data/qwinff-0.2.1+git20191128/src/ui/convertlist.h
Examining data/qwinff-0.2.1+git20191128/src/ui/interactivecuttingdialog.cpp
Examining data/qwinff-0.2.1+git20191128/src/ui/interactivecuttingdialog.h
Examining data/qwinff-0.2.1+git20191128/src/ui/mainwindow.cpp
Examining data/qwinff-0.2.1+git20191128/src/ui/mainwindow.h
Examining data/qwinff-0.2.1+git20191128/src/ui/mediaplayerwidget.cpp
Examining data/qwinff-0.2.1+git20191128/src/ui/mediaplayerwidget.h
Examining data/qwinff-0.2.1+git20191128/src/ui/myqmpwidget.cpp
Examining data/qwinff-0.2.1+git20191128/src/ui/myqmpwidget.h
Examining data/qwinff-0.2.1+git20191128/src/ui/optionsdialog.cpp
Examining data/qwinff-0.2.1+git20191128/src/ui/optionsdialog.h
Examining data/qwinff-0.2.1+git20191128/src/ui/poweroffdialog.cpp
Examining data/qwinff-0.2.1+git20191128/src/ui/poweroffdialog.h
Examining data/qwinff-0.2.1+git20191128/src/ui/previewdialog.cpp
Examining data/qwinff-0.2.1+git20191128/src/ui/previewdialog.h
Examining data/qwinff-0.2.1+git20191128/src/ui/progressbar.cpp
Examining data/qwinff-0.2.1+git20191128/src/ui/progressbar.h
Examining data/qwinff-0.2.1+git20191128/src/ui/rangeselector.cpp
Examining data/qwinff-0.2.1+git20191128/src/ui/rangeselector.h
Examining data/qwinff-0.2.1+git20191128/src/ui/rangewidgetbinder.cpp
Examining data/qwinff-0.2.1+git20191128/src/ui/rangewidgetbinder.h
Examining data/qwinff-0.2.1+git20191128/src/ui/timerangeedit.cpp
Examining data/qwinff-0.2.1+git20191128/src/ui/timerangeedit.h
Examining data/qwinff-0.2.1+git20191128/src/ui/updatedialog.cpp
Examining data/qwinff-0.2.1+git20191128/src/ui/updatedialog.h
Examining data/qwinff-0.2.1+git20191128/src/version.h

FINAL RESULTS:

data/qwinff-0.2.1+git20191128/src/main.cpp:41:31:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    QString locale = QLocale::system().name(); // language code + country code (xx_XX)
data/qwinff-0.2.1+git20191128/src/main.cpp:186:41:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    translator_qt.load("qt_" + QLocale::system().name(), Paths::qtTranslationPath());
data/qwinff-0.2.1+git20191128/src/qmpwidget/qmpyuvreader.h:47:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(temp, tdir.toLocal8Bit().data());
data/qwinff-0.2.1+git20191128/src/ui/aboutdialog.cpp:159:39:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    QString current_locale = QLocale::system().name();
data/qwinff-0.2.1+git20191128/src/ui/convertlist.cpp:955:39:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    columns[COL_DURATION] = QString().sprintf("%02d:%02d:%02.0f"   // duration
data/qwinff-0.2.1+git20191128/src/ui/mediaplayerwidget.cpp:39:12:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    result.sprintf("%02d:%02d:%02d", h, m, s);
data/qwinff-0.2.1+git20191128/src/ui/previewdialog.cpp:32:12:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    result.sprintf("%02d:%02d:%02d", h, m, s);
data/qwinff-0.2.1+git20191128/src/converter/presets.cpp:220:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!xmlfile.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/qwinff-0.2.1+git20191128/src/main.cpp:76:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    constant_xml.open(QIODevice::ReadOnly);
data/qwinff-0.2.1+git20191128/src/qmpwidget/qmpwidget.cpp:279:27:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
					if (m_fakeInputconf->open()) {
data/qwinff-0.2.1+git20191128/src/qmpwidget/qmpyuvreader.h:48:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(temp, "/XXXXXX");
data/qwinff-0.2.1+git20191128/src/qmpwidget/qmpyuvreader.h:53:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(temp, "/fifo");
data/qwinff-0.2.1+git20191128/src/qmpwidget/qmpyuvreader.h:87:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			FILE *f = fopen(m_pipe.toLocal8Bit().data(), "rb");
data/qwinff-0.2.1+git20191128/src/qmpwidget/qmpyuvreader.h:103:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			unsigned char *yuv[3];
data/qwinff-0.2.1+git20191128/src/qmpwidget/qmpyuvreader.h:163:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(m_saveme, buffer, width);
data/qwinff-0.2.1+git20191128/src/services/xmllookuptable.cpp:65:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    buffer.open(QIODevice::ReadOnly);
data/qwinff-0.2.1+git20191128/src/converter/ffmpeginterface.cpp:81:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        begin += strlen(keyword_begin);
data/qwinff-0.2.1+git20191128/src/services/httpdownloader.cpp:83:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        reply->read(buffer.data(), m_sizeLimit); // buffer.data() is char*

ANALYSIS SUMMARY:

Hits = 18
Lines analyzed = 14060 in approximately 0.34 seconds (41642 lines/second)
Physical Source Lines of Code (SLOC) = 8929
Hits@level = [0]   5 [1]   2 [2]   9 [3]   0 [4]   7 [5]   0
Hits@level+ = [0+]  23 [1+]  18 [2+]  16 [3+]   7 [4+]   7 [5+]   0
Hits/KSLOC@level+ = [0+] 2.57588 [1+] 2.0159 [2+] 1.79191 [3+] 0.783962 [4+] 0.783962 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.