Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/tiatracker-1.3/timeline.h Examining data/tiatracker-1.3/tracktab.cpp Examining data/tiatracker-1.3/tiasound/instrumentpitchguide.h Examining data/tiatracker-1.3/tiasound/pitchguide.cpp Examining data/tiatracker-1.3/tiasound/instrumentpitchguide.cpp Examining data/tiatracker-1.3/tiasound/pitchguidefactory.cpp Examining data/tiatracker-1.3/tiasound/tiasound.h Examining data/tiatracker-1.3/tiasound/pitchguidefactory.h Examining data/tiatracker-1.3/tiasound/tiasound.cpp Examining data/tiatracker-1.3/tiasound/pitchguide.h Examining data/tiatracker-1.3/insertpatterndialog.cpp Examining data/tiatracker-1.3/instrumentselector.cpp Examining data/tiatracker-1.3/pianokeyboard.cpp Examining data/tiatracker-1.3/renamepatterndialog.cpp Examining data/tiatracker-1.3/setfrequencydialog.h Examining data/tiatracker-1.3/instrumentselector.h Examining data/tiatracker-1.3/pianokeyboard.h Examining data/tiatracker-1.3/createguidedialog.cpp Examining data/tiatracker-1.3/createpatterndialog.h Examining data/tiatracker-1.3/percussionshaper.h Examining data/tiatracker-1.3/createguidedialog.h Examining data/tiatracker-1.3/mainwindow.h Examining data/tiatracker-1.3/createpatterndialog.cpp Examining data/tiatracker-1.3/insertpatterndialog.h Examining data/tiatracker-1.3/optionstab.cpp Examining data/tiatracker-1.3/waveformshaper.h Examining data/tiatracker-1.3/optionstab.h Examining data/tiatracker-1.3/timeline.cpp Examining data/tiatracker-1.3/renamepatterndialog.h Examining data/tiatracker-1.3/setfrequencydialog.cpp Examining data/tiatracker-1.3/setslidedialog.cpp Examining data/tiatracker-1.3/percussionshaper.cpp Examining data/tiatracker-1.3/instrumentstab.h Examining data/tiatracker-1.3/guidekeyboard.h Examining data/tiatracker-1.3/setslidedialog.h Examining data/tiatracker-1.3/track/track.cpp Examining data/tiatracker-1.3/track/note.cpp Examining data/tiatracker-1.3/track/sequence.cpp Examining data/tiatracker-1.3/track/sequence.h Examining data/tiatracker-1.3/track/pattern.cpp Examining data/tiatracker-1.3/track/sequenceentry.cpp Examining data/tiatracker-1.3/track/instrument.cpp Examining data/tiatracker-1.3/track/percussion.h Examining data/tiatracker-1.3/track/instrument.h Examining data/tiatracker-1.3/track/note.h Examining data/tiatracker-1.3/track/percussion.cpp Examining data/tiatracker-1.3/track/pattern.h Examining data/tiatracker-1.3/track/sequenceentry.h Examining data/tiatracker-1.3/track/track.h Examining data/tiatracker-1.3/guidekeyboard.cpp Examining data/tiatracker-1.3/main.cpp Examining data/tiatracker-1.3/patterneditor.h Examining data/tiatracker-1.3/patterneditor.cpp Examining data/tiatracker-1.3/emulation/player.cpp Examining data/tiatracker-1.3/emulation/player.h Examining data/tiatracker-1.3/emulation/TIASnd.cpp Examining data/tiatracker-1.3/emulation/SoundSDL2.cpp Examining data/tiatracker-1.3/emulation/TIASnd.h Examining data/tiatracker-1.3/emulation/bspf.h Examining data/tiatracker-1.3/emulation/SoundSDL2.h Examining data/tiatracker-1.3/percussiontab.h Examining data/tiatracker-1.3/mainwindow.cpp Examining data/tiatracker-1.3/setgotodialog.cpp Examining data/tiatracker-1.3/waveformshaper.cpp Examining data/tiatracker-1.3/envelopeshaper.h Examining data/tiatracker-1.3/percussiontab.cpp Examining data/tiatracker-1.3/aboutdialog.h Examining data/tiatracker-1.3/instrumentstab.cpp Examining data/tiatracker-1.3/setgotodialog.h Examining data/tiatracker-1.3/tracktab.h Examining data/tiatracker-1.3/aboutdialog.cpp Examining data/tiatracker-1.3/envelopeshaper.cpp FINAL RESULTS: data/tiatracker-1.3/emulation/bspf.h:95:25: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define BSPF_snprintf _snprintf data/tiatracker-1.3/emulation/bspf.h:100:25: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define BSPF_snprintf snprintf data/tiatracker-1.3/emulation/bspf.h:101:26: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define BSPF_vsnprintf vsnprintf data/tiatracker-1.3/emulation/SoundSDL2.cpp:97:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void SoundSDL2::open() data/tiatracker-1.3/emulation/SoundSDL2.h:92:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(); data/tiatracker-1.3/emulation/player.cpp:29:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sdlSound.open(); data/tiatracker-1.3/emulation/player.cpp:56:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sdlSound.open(); data/tiatracker-1.3/instrumentstab.cpp:225:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!saveFile.open(QIODevice::WriteOnly)) { data/tiatracker-1.3/instrumentstab.cpp:277:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!loadFile.open(QIODevice::ReadOnly)) { data/tiatracker-1.3/main.cpp:47:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). styleFile.open(QFile::ReadOnly); data/tiatracker-1.3/mainwindow.cpp:106:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!keymapFile.open(QIODevice::ReadOnly)) { data/tiatracker-1.3/mainwindow.cpp:455:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!saveFile.open(QIODevice::WriteOnly)) { data/tiatracker-1.3/mainwindow.cpp:471:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!loadFile.open(QIODevice::ReadOnly)) { data/tiatracker-1.3/mainwindow.cpp:827:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fileIn.open(QIODevice::ReadOnly)) { data/tiatracker-1.3/mainwindow.cpp:841:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!outFile.open(QIODevice::WriteOnly)) { data/tiatracker-1.3/mainwindow.cpp:2009:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!outFile.open(QIODevice::WriteOnly)) { data/tiatracker-1.3/optionstab.cpp:165:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!loadFile.open(QIODevice::ReadOnly)) { data/tiatracker-1.3/optionstab.cpp:209:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!saveFile.open(QIODevice::WriteOnly)) { data/tiatracker-1.3/percussiontab.cpp:190:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!saveFile.open(QIODevice::WriteOnly)) { data/tiatracker-1.3/percussiontab.cpp:242:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!loadFile.open(QIODevice::ReadOnly)) { data/tiatracker-1.3/emulation/bspf.h:144:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return _strnicmp(s1, s2, strlen(s2)) == 0; data/tiatracker-1.3/emulation/bspf.h:146:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strncasecmp(s1, s2, strlen(s2)) == 0; ANALYSIS SUMMARY: Hits = 22 Lines analyzed = 12701 in approximately 0.33 seconds (37992 lines/second) Physical Source Lines of Code (SLOC) = 8875 Hits@level = [0] 0 [1] 2 [2] 17 [3] 0 [4] 3 [5] 0 Hits@level+ = [0+] 22 [1+] 22 [2+] 20 [3+] 3 [4+] 3 [5+] 0 Hits/KSLOC@level+ = [0+] 2.47887 [1+] 2.47887 [2+] 2.25352 [3+] 0.338028 [4+] 0.338028 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.