Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_osd_display_widget.h Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_monitor_window_thread.cpp Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_volume_slider.cpp Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_volume_slider.h Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_mini_master_volume_widget.cpp Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_slider_tip_label_helper.cpp Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_monitor_window_thread.h Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_device_volume_widget.cpp Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/customstyle.cpp Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/QtSingleApplication/qtsingleapplication.h Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/QtSingleApplication/qtsinglecoreapplication.h Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/QtSingleApplication/qtlockedfile_win.cpp Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/QtSingleApplication/qtlocalpeer.h Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/QtSingleApplication/qtlocalpeer.cpp Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/QtSingleApplication/qtlockedfile.h Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/QtSingleApplication/qtlockedfile.cpp Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/QtSingleApplication/qtsingleapplication.cpp Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/QtSingleApplication/qtsinglecoreapplication.cpp Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/QtSingleApplication/qtlockedfile_unix.cpp Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_slider_tip_label_helper.h Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_device_switch_widget.h Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_mini_master_volume_widget.h Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/customstyle.h Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_application_volume_widget.h Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/main.cpp Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_application_volume_widget.cpp Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_device_volume_widget.h Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_device_switch_widget.cpp Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_osd_display_widget.cpp Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-utils.h Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-stream-status-icon.c Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-mixer-dialog.c Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-sound-theme-chooser.c Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-level-bar.c Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-applet.h Examining data/ukui-media-3.0.2/ukui-volume-control/sound-theme-file-utils.h Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-balance-bar.h Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-speaker-test.c Examining data/ukui-media-3.0.2/ukui-volume-control/sound-theme-file-utils.c Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-level-bar.h Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-balance-bar.c Examining data/ukui-media-3.0.2/ukui-volume-control/applet-main.c Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-combo-box.c Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-channel-bar.h Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-applet.c Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-speaker-test.h Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-channel-bar.c Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-stream-status-icon.h Examining data/ukui-media-3.0.2/ukui-volume-control/dialog-main.c Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-sound-theme-chooser.h Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-combo-box.h Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-mixer-dialog.h Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-utils.c FINAL RESULTS: data/ukui-media-3.0.2/ukui-volume-control-applet-qt/main.cpp:96:70: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. translator.load("/usr/share/ukui-media/translations/" + QLocale::system().name()); data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_device_switch_widget.cpp:2452:19: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. int ret = system(SOUND_MODE_SCRIPTS); data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_device_switch_widget.cpp:2621:30: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). char * allpath = strcat(prepath, path); data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_device_switch_widget.cpp:2656:19: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. int ret = system(SOUND_MODE_SCRIPTS); data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_device_switch_widget.cpp:3133:26: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). char * allpath = strcat(prepath, path); data/ukui-media-3.0.2/ukui-volume-control-applet-qt/QtSingleApplication/qtlocalpeer.cpp:108:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). lockFile.open(QIODevice::ReadWrite); data/ukui-media-3.0.2/ukui-volume-control-applet-qt/QtSingleApplication/qtlockedfile.cpp:123:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool QtLockedFile::open(OpenMode mode) data/ukui-media-3.0.2/ukui-volume-control-applet-qt/QtSingleApplication/qtlockedfile.cpp:129:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return QFile::open(mode); data/ukui-media-3.0.2/ukui-volume-control-applet-qt/QtSingleApplication/qtlockedfile.h:76:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(OpenMode mode); data/ukui-media-3.0.2/ukui-volume-control-applet-qt/main.cpp:67:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outFile.open(QIODevice::WriteOnly | QIODevice::Append); data/ukui-media-3.0.2/ukui-volume-control-applet-qt/main.cpp:103:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). qss.open(QFile::ReadOnly); data/ukui-media-3.0.2/ukui-volume-control/gvc-channel-bar.c:836:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char percentage_text[10] = {0}; data/ukui-media-3.0.2/ukui-volume-control/gvc-channel-bar.c:837:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(percentage_text, " %d%%", percentage); data/ukui-media-3.0.2/ukui-volume-control/gvc-sound-theme-chooser.c:518:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *sounds[3] = { "bell-terminal", "bell-window-system", NULL }; data/ukui-media-3.0.2/ukui-volume-control-applet-qt/QtSingleApplication/qtlocalpeer.cpp:167:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). res &= (socket.read(qstrlen(ack)) == ack); ANALYSIS SUMMARY: Hits = 15 Lines analyzed = 17044 in approximately 0.39 seconds (43617 lines/second) Physical Source Lines of Code (SLOC) = 11851 Hits@level = [0] 1 [1] 1 [2] 9 [3] 0 [4] 5 [5] 0 Hits@level+ = [0+] 16 [1+] 15 [2+] 14 [3+] 5 [4+] 5 [5+] 0 Hits/KSLOC@level+ = [0+] 1.3501 [1+] 1.26572 [2+] 1.18133 [3+] 0.421905 [4+] 0.421905 [5+] 0 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.