Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/fp16-0.0~git20200514.4dfe081/bench/alt-element.cc
Examining data/fp16-0.0~git20200514.4dfe081/bench/from-alt-array.cc
Examining data/fp16-0.0~git20200514.4dfe081/bench/from-ieee-array.cc
Examining data/fp16-0.0~git20200514.4dfe081/bench/ieee-element.cc
Examining data/fp16-0.0~git20200514.4dfe081/bench/to-alt-array.cc
Examining data/fp16-0.0~git20200514.4dfe081/bench/to-ieee-array.cc
Examining data/fp16-0.0~git20200514.4dfe081/include/fp16.h
Examining data/fp16-0.0~git20200514.4dfe081/include/fp16/bitcasts.h
Examining data/fp16-0.0~git20200514.4dfe081/include/fp16/fp16.h
Examining data/fp16-0.0~git20200514.4dfe081/include/fp16/psimd.h
Examining data/fp16-0.0~git20200514.4dfe081/test/alt-from-fp32-value.cc
Examining data/fp16-0.0~git20200514.4dfe081/test/alt-to-fp32-bits.cc
Examining data/fp16-0.0~git20200514.4dfe081/test/alt-to-fp32-psimd.cc
Examining data/fp16-0.0~git20200514.4dfe081/test/alt-to-fp32-value.cc
Examining data/fp16-0.0~git20200514.4dfe081/test/alt-to-fp32x2-psimd.cc
Examining data/fp16-0.0~git20200514.4dfe081/test/bitcasts.cc
Examining data/fp16-0.0~git20200514.4dfe081/test/ieee-from-fp32-value.cc
Examining data/fp16-0.0~git20200514.4dfe081/test/ieee-to-fp32-bits.cc
Examining data/fp16-0.0~git20200514.4dfe081/test/ieee-to-fp32-psimd.cc
Examining data/fp16-0.0~git20200514.4dfe081/test/ieee-to-fp32-value.cc
Examining data/fp16-0.0~git20200514.4dfe081/test/ieee-to-fp32x2-psimd.cc
Examining data/fp16-0.0~git20200514.4dfe081/test/peachpy/alt-xmm-to-fp32-xmm-avx.cc
Examining data/fp16-0.0~git20200514.4dfe081/test/peachpy/alt-xmm-to-fp32-ymm-avx2.cc
Examining data/fp16-0.0~git20200514.4dfe081/test/tables.cc
Examining data/fp16-0.0~git20200514.4dfe081/test/tables.h
Examining data/fp16-0.0~git20200514.4dfe081/third-party/THHalf.h
Examining data/fp16-0.0~git20200514.4dfe081/third-party/eigen-half.h
Examining data/fp16-0.0~git20200514.4dfe081/third-party/float16-compressor.h
Examining data/fp16-0.0~git20200514.4dfe081/third-party/half.hpp
Examining data/fp16-0.0~git20200514.4dfe081/third-party/npy-halffloat.h

FINAL RESULTS:

data/fp16-0.0~git20200514.4dfe081/third-party/half.hpp:466:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			static const unsigned char shift_table[512] = { 
data/fp16-0.0~git20200514.4dfe081/third-party/half.hpp:484:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			std::memcpy(&bits, &value, sizeof(float));
data/fp16-0.0~git20200514.4dfe081/third-party/half.hpp:764:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			std::memcpy(&out, &bits, sizeof(float));
data/fp16-0.0~git20200514.4dfe081/third-party/half.hpp:1092:86:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			template<typename charT,typename traits> static std::basic_istream<charT,traits>& read(std::basic_istream<charT,traits> &in, half &arg)
data/fp16-0.0~git20200514.4dfe081/third-party/half.hpp:2051:84:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			operator>>(std::basic_istream<charT,traits> &in, half &arg) { return functions::read(in, arg); }

ANALYSIS SUMMARY:

Hits = 5
Lines analyzed = 10018 in approximately 0.45 seconds (22505 lines/second)
Physical Source Lines of Code (SLOC) = 7369
Hits@level = [0]   0 [1]   2 [2]   3 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]   5 [1+]   5 [2+]   3 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 0.678518 [1+] 0.678518 [2+] 0.407111 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.