Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/stretchplayer-0.503/src/AudioSystem.hpp Examining data/stretchplayer-0.503/src/Engine.cpp Examining data/stretchplayer-0.503/src/Engine.hpp Examining data/stretchplayer-0.503/src/JackAudioSystem.hpp Examining data/stretchplayer-0.503/src/Marquee.cpp Examining data/stretchplayer-0.503/src/Marquee.hpp Examining data/stretchplayer-0.503/src/PlayerSizes.cpp Examining data/stretchplayer-0.503/src/PlayerSizes.hpp Examining data/stretchplayer-0.503/src/PlayerWidget.cpp Examining data/stretchplayer-0.503/src/PlayerWidget.hpp Examining data/stretchplayer-0.503/src/RingBuffer.hpp Examining data/stretchplayer-0.503/src/StatusWidget.cpp Examining data/stretchplayer-0.503/src/StatusWidget.hpp Examining data/stretchplayer-0.503/src/ThinSlider.cpp Examining data/stretchplayer-0.503/src/ThinSlider.hpp Examining data/stretchplayer-0.503/src/main.cpp Examining data/stretchplayer-0.503/src/JackAudioSystem.cpp FINAL RESULTS: data/stretchplayer-0.503/src/PlayerWidget.cpp:416:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _ico.open.addFile(":img/file.png"); data/stretchplayer-0.503/src/PlayerWidget.cpp:457:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _act.open->setIcon( _ico.open ); data/stretchplayer-0.503/src/PlayerWidget.cpp:458:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). addAction(_act.open); data/stretchplayer-0.503/src/PlayerWidget.cpp:459:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). connect(_act.open, SIGNAL(triggered()), data/stretchplayer-0.503/src/PlayerWidget.cpp:552:35: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _btn.open->setDefaultAction(_act.open); data/stretchplayer-0.503/src/PlayerWidget.hpp:103:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QIcon open; data/stretchplayer-0.503/src/PlayerWidget.hpp:110:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QAction *open; data/stretchplayer-0.503/src/PlayerWidget.hpp:125:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QToolButton *open; data/stretchplayer-0.503/src/RingBuffer.hpp:156:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dest, &buf[priv_read_idx], n1 * sizeof (T)); data/stretchplayer-0.503/src/RingBuffer.hpp:160:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dest+n1, buf, n2 * sizeof (T)); data/stretchplayer-0.503/src/RingBuffer.hpp:196:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&buf[priv_write_idx], src, n1 * sizeof (T)); data/stretchplayer-0.503/src/RingBuffer.hpp:200:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, src+n1, n2 * sizeof (T)); data/stretchplayer-0.503/src/Engine.cpp:259:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). sf_count_t read, k; data/stretchplayer-0.503/src/Engine.cpp:263:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if( read < 1 ) break; data/stretchplayer-0.503/src/Engine.cpp:264:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for(k=0 ; k<read ; ++k) { data/stretchplayer-0.503/src/RingBuffer.hpp:65:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). guint read (T *dest, guint cnt); data/stretchplayer-0.503/src/RingBuffer.hpp:130:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). RingBuffer<T>::read (T *dest, guint cnt) ANALYSIS SUMMARY: Hits = 17 Lines analyzed = 3308 in approximately 0.08 seconds (42003 lines/second) Physical Source Lines of Code (SLOC) = 2344 Hits@level = [0] 0 [1] 5 [2] 12 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 17 [1+] 17 [2+] 12 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 7.25256 [1+] 7.25256 [2+] 5.11945 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.