Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/qxgedit-0.6.3/skulpture/sk_plugin.h Examining data/qxgedit-0.6.3/skulpture/skulpture.cpp Examining data/qxgedit-0.6.3/skulpture/skulpture_p.h Examining data/qxgedit-0.6.3/skulpture/skulpture.h Examining data/qxgedit-0.6.3/skulpture/sk_factory.h Examining data/qxgedit-0.6.3/src/qxgeditFilter.h Examining data/qxgedit-0.6.3/src/XGParamSysex.cpp Examining data/qxgedit-0.6.3/src/qxgeditScale.h Examining data/qxgedit-0.6.3/src/qxgeditPartEg.h Examining data/qxgedit-0.6.3/src/qxgeditDrumEg.h Examining data/qxgedit-0.6.3/src/qxgeditDial.cpp Examining data/qxgedit-0.6.3/src/qxgeditAmpEg.cpp Examining data/qxgedit-0.6.3/src/qxgeditPartEg.cpp Examining data/qxgedit-0.6.3/src/qxgeditMidiRpn.h Examining data/qxgedit-0.6.3/src/qxgeditPitch.cpp Examining data/qxgedit-0.6.3/src/qxgeditMainForm.cpp Examining data/qxgedit-0.6.3/src/qxgeditCheck.cpp Examining data/qxgedit-0.6.3/src/qxgeditSpin.cpp Examining data/qxgedit-0.6.3/src/qxgeditAbout.h Examining data/qxgedit-0.6.3/src/qxgeditCombo.h Examining data/qxgedit-0.6.3/src/qxgeditOptions.cpp Examining data/qxgedit-0.6.3/src/qxgeditEdit.h Examining data/qxgedit-0.6.3/src/XGParam.h Examining data/qxgedit-0.6.3/src/qxgeditDrumEg.cpp Examining data/qxgedit-0.6.3/src/qxgeditMainForm.h Examining data/qxgedit-0.6.3/src/qxgeditPaletteForm.cpp Examining data/qxgedit-0.6.3/src/qxgeditCombo.cpp Examining data/qxgedit-0.6.3/src/XGParamWidget.h Examining data/qxgedit-0.6.3/src/qxgeditXGMasterMap.h Examining data/qxgedit-0.6.3/src/qxgeditPaletteForm.h Examining data/qxgedit-0.6.3/src/qxgeditUserEg.h Examining data/qxgedit-0.6.3/src/qxgeditAmpEg.h Examining data/qxgedit-0.6.3/src/qxgeditVibra.h Examining data/qxgedit-0.6.3/src/qxgeditMidiDevice.cpp Examining data/qxgedit-0.6.3/src/qxgeditCheck.h Examining data/qxgedit-0.6.3/src/XGParamSysex.h Examining data/qxgedit-0.6.3/src/qxgeditEdit.cpp Examining data/qxgedit-0.6.3/src/qxgeditMidiRpn.cpp Examining data/qxgedit-0.6.3/src/qxgeditMidiDevice.h Examining data/qxgedit-0.6.3/src/qxgeditOptionsForm.h Examining data/qxgedit-0.6.3/src/qxgeditFilter.cpp Examining data/qxgedit-0.6.3/src/qxgeditDrop.h Examining data/qxgedit-0.6.3/src/qxgeditOptionsForm.cpp Examining data/qxgedit-0.6.3/src/main.cpp Examining data/qxgedit-0.6.3/src/qxgeditUserEg.cpp Examining data/qxgedit-0.6.3/src/qxgeditPitch.h Examining data/qxgedit-0.6.3/src/qxgeditKnob.cpp Examining data/qxgedit-0.6.3/src/qxgeditOptions.h Examining data/qxgedit-0.6.3/src/XGParamObserver.h Examining data/qxgedit-0.6.3/src/qxgedit.h Examining data/qxgedit-0.6.3/src/qxgeditVibra.cpp Examining data/qxgedit-0.6.3/src/qxgedit.cpp Examining data/qxgedit-0.6.3/src/XGParamWidget.cpp Examining data/qxgedit-0.6.3/src/XGParam.cpp Examining data/qxgedit-0.6.3/src/qxgeditDial.h Examining data/qxgedit-0.6.3/src/qxgeditDrop.cpp Examining data/qxgedit-0.6.3/src/qxgeditScale.cpp Examining data/qxgedit-0.6.3/src/qxgeditXGMasterMap.cpp Examining data/qxgedit-0.6.3/src/qxgeditKnob.h Examining data/qxgedit-0.6.3/src/XGParamObserver.cpp Examining data/qxgedit-0.6.3/src/qxgeditSpin.h FINAL RESULTS: data/qxgedit-0.6.3/src/XGParam.cpp:1964:19: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. const char * (*gets)(unsigned short); // enumerated string value. data/qxgedit-0.6.3/src/XGParam.cpp:2643:19: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. const char * (*gets)(unsigned short); // enumerated string value. data/qxgedit-0.6.3/src/XGParam.cpp:3460:22: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. const char *XGParam::gets ( unsigned short u ) const data/qxgedit-0.6.3/src/XGParam.cpp:3462:30: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. return (m_param && m_param->gets ? m_param->gets(u) : nullptr); data/qxgedit-0.6.3/src/XGParam.cpp:3462:46: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. return (m_param && m_param->gets ? m_param->gets(u) : nullptr); data/qxgedit-0.6.3/src/XGParam.cpp:3522:6: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. if (gets(min()) && !gets(u)) data/qxgedit-0.6.3/src/XGParam.cpp:3522:22: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. if (gets(min()) && !gets(u)) data/qxgedit-0.6.3/src/XGParam.cpp:3656:6: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. if (gets(v)) data/qxgedit-0.6.3/src/XGParam.cpp:3755:28: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. const char *XGEffectParam::gets ( unsigned short u ) const data/qxgedit-0.6.3/src/XGParam.cpp:3757:32: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. return (m_eparam && m_eparam->gets ? m_eparam->gets(u) : XGParam::gets(u)); data/qxgedit-0.6.3/src/XGParam.cpp:3757:49: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. return (m_eparam && m_eparam->gets ? m_eparam->gets(u) : XGParam::gets(u)); data/qxgedit-0.6.3/src/XGParam.cpp:3757:68: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. return (m_eparam && m_eparam->gets ? m_eparam->gets(u) : XGParam::gets(u)); data/qxgedit-0.6.3/src/XGParam.h:205:22: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. virtual const char *gets(unsigned short u) const; data/qxgedit-0.6.3/src/XGParam.h:293:14: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. const char *gets(unsigned short u) const; data/qxgedit-0.6.3/src/qxgeditDial.cpp:167:15: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. if (pParam->gets(pParam->min())) { data/qxgedit-0.6.3/src/qxgeditDrop.cpp:100:36: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. const char *pszItem = m_pParam->gets(iValue); data/qxgedit-0.6.3/src/qxgeditXGMasterMap.cpp:270:27: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. const char *s = pParam->gets(c); data/qxgedit-0.6.3/skulpture/skulpture.cpp:1639:14: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. pixmapName.sprintf("scp-cbp-%x-%x-%x-%x-%llx-%x", features, uint(bgrole), state, option->direction, option->palette.cacheKey(), r.height()); data/qxgedit-0.6.3/skulpture/skulpture.cpp:1853:14: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. pixmapName.sprintf("scp-icb-%x-%x-%llx-%x-%x", state, option->direction, option->palette.cacheKey(), option->rect.width(), option->rect.height()); data/qxgedit-0.6.3/skulpture/skulpture.cpp:1944:14: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. pixmapName.sprintf("scp-irb-%x-%x-%llx-%x-%x", state, option->direction, option->palette.cacheKey(), option->rect.width(), option->rect.height()); data/qxgedit-0.6.3/skulpture/skulpture.cpp:2140:14: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. pixmapName.sprintf("scp-isg-%x-%x-%s-%x-%x", state, option->direction, colorName.constData(), option->rect.width(), option->rect.height()); data/qxgedit-0.6.3/skulpture/skulpture.cpp:2296:14: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. pixmapName.sprintf("scp-qdb-%x-%x-%llx-%x", state, option->direction, option->palette.cacheKey(), d); data/qxgedit-0.6.3/skulpture/skulpture.cpp:2345:14: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. pixmapName.sprintf("scp-qibc-%x-%x-%llx-%x", state, option->direction, option->palette.cacheKey(), d); data/qxgedit-0.6.3/src/main.cpp:259:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(cmd, sizeof(cmd), format, (int) getpid()); data/qxgedit-0.6.3/src/main.cpp:269:3: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl(shell, shell, "-c", cmd, NULL); data/qxgedit-0.6.3/src/qxgedit.cpp:414:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(cmd, sizeof(cmd), format, (int) getpid()); data/qxgedit-0.6.3/src/qxgedit.cpp:424:3: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl(shell, shell, "-c", cmd, nullptr); data/qxgedit-0.6.3/src/XGParam.cpp:4056:4: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. ::srand(::time(nullptr)); data/qxgedit-0.6.3/skulpture/skulpture.cpp:107:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::ReadOnly)) { data/qxgedit-0.6.3/src/XGParam.cpp:642:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char chan[4]; data/qxgedit-0.6.3/src/XGParam.cpp:664:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char vpan[3]; data/qxgedit-0.6.3/src/XGParam.cpp:680:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char note[8]; data/qxgedit-0.6.3/src/XGParam.cpp:3794:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(m_data, data, len); data/qxgedit-0.6.3/src/XGParamSysex.cpp:124:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(&m_data[i], dataparam->data(), dataparam->size()); data/qxgedit-0.6.3/src/main.cpp:251:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[80]; data/qxgedit-0.6.3/src/qxgedit.cpp:201:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szHostName[255]; data/qxgedit-0.6.3/src/qxgedit.cpp:405:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[80]; data/qxgedit-0.6.3/src/qxgeditMainForm.cpp:1526:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly)) data/qxgedit-0.6.3/src/qxgeditMainForm.cpp:1548:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(pBuff, pTemp, i); data/qxgedit-0.6.3/src/qxgeditMainForm.cpp:1609:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadWrite | QIODevice::Truncate)) data/qxgedit-0.6.3/src/qxgeditMainForm.cpp:2513:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly)) data/qxgedit-0.6.3/src/qxgeditMainForm.cpp:2523:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[len]; data/qxgedit-0.6.3/src/qxgeditMainForm.cpp:2572:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadWrite | QIODevice::Truncate)) data/qxgedit-0.6.3/src/qxgeditMidiRpn.cpp:232:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(new_events + m_read, old_events + m_read, data/qxgedit-0.6.3/src/qxgeditMidiRpn.cpp:237:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(new_events + m_read, old_events + m_read, data/qxgedit-0.6.3/src/qxgeditMidiRpn.cpp:240:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(new_events + old_size, old_events, data/qxgedit-0.6.3/src/qxgeditXGMasterMap.cpp:155:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[pParam->size()]; data/qxgedit-0.6.3/src/qxgedit.cpp:373:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const QByteArray data = pSocket->read(nread); data/qxgedit-0.6.3/src/qxgeditMainForm.cpp:1284:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (::read(g_fdSigusr1[1], &c, sizeof(c)) > 0) data/qxgedit-0.6.3/src/qxgeditMainForm.cpp:1297:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (::read(g_fdSigterm[1], &c, sizeof(c)) > 0) data/qxgedit-0.6.3/src/qxgeditMainForm.cpp:1553:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). unsigned short iRead = file.read((char *) pBuff + i, iBuff - i) + i; data/qxgedit-0.6.3/src/qxgeditMainForm.cpp:2525:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (file.read((char *) data, len)) { ANALYSIS SUMMARY: Hits = 52 Lines analyzed = 31106 in approximately 0.78 seconds (39920 lines/second) Physical Source Lines of Code (SLOC) = 22636 Hits@level = [0] 24 [1] 5 [2] 19 [3] 1 [4] 10 [5] 17 Hits@level+ = [0+] 76 [1+] 52 [2+] 47 [3+] 28 [4+] 27 [5+] 17 Hits/KSLOC@level+ = [0+] 3.35748 [1+] 2.29723 [2+] 2.07634 [3+] 1.23697 [4+] 1.19279 [5+] 0.751016 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.