Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/g3data-1.5.3/drawing.c
Examining data/g3data-1.5.3/sort.c
Examining data/g3data-1.5.3/points.c
Examining data/g3data-1.5.3/vardefs.h
Examining data/g3data-1.5.3/strings.h
Examining data/g3data-1.5.3/main.h
Examining data/g3data-1.5.3/main.c

FINAL RESULTS:

data/g3data-1.5.3/main.c:137:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(ttbuf, sizeof(ttbuf), printfilett, gtk_entry_get_text(GTK_ENTRY (file_entry[TabNum])));
data/g3data-1.5.3/main.c:709:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(buf, Window_Title, filename);						/* Print window title in buffer */
data/g3data-1.5.3/main.c:1143:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(buf, 256, Window_Title, FileNames[TabNum]);				/* Print window title in buffer */
data/g3data-1.5.3/main.c:1476:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(buf, Window_Title, FileNames[ViewedTabNum]);                        	/* Print window title in buffer */
data/g3data-1.5.3/main.c:134:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ttbuf[256];
data/g3data-1.5.3/main.c:340:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buf,"%16.10g",CalcVal.Xv);
data/g3data-1.5.3/main.c:342:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buf,"%16.10g",CalcVal.Yv);
data/g3data-1.5.3/main.c:344:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buf,"%16.10g",CalcVal.Xerr);
data/g3data-1.5.3/main.c:346:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buf,"%16.10g",CalcVal.Yerr);
data/g3data-1.5.3/main.c:1195:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buf,"%lf",realcoords[TabNum][i]);
data/g3data-1.5.3/points.c:56:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[128];
data/g3data-1.5.3/points.c:58:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf,"%d",np);
data/g3data-1.5.3/points.c:161:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FP = fopen(file_name[ViewedTabNum],"w");					/* Open file for writing */
data/g3data-1.5.3/main.c:490:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    file_name_length[TabNum] = strlen(file_name[TabNum]);			/* Get length of string */
data/g3data-1.5.3/main.c:843:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(buf2,filename,256);
data/g3data-1.5.3/main.c:1137:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(FileNames[TabNum], basename(filename), 256);
data/g3data-1.5.3/main.c:1140:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(FileNames[TabNum], filename, 256);
data/g3data-1.5.3/main.c:1245:6:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	    strncpy(filename,&(c[strlen(URI_IDENTIFIER)]),256);
data/g3data-1.5.3/main.c:1245:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    strncpy(filename,&(c[strlen(URI_IDENTIFIER)]),256);
data/g3data-1.5.3/main.c:1246:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    for (i=0;i<strlen(filename);i++) if (filename[i] == '\n') filename[i] = '\0';

ANALYSIS SUMMARY:

Hits = 20
Lines analyzed = 2374 in approximately 0.10 seconds (24427 lines/second)
Physical Source Lines of Code (SLOC) = 1635
Hits@level = [0]  39 [1]   7 [2]   9 [3]   0 [4]   4 [5]   0
Hits@level+ = [0+]  59 [1+]  20 [2+]  13 [3+]   4 [4+]   4 [5+]   0
Hits/KSLOC@level+ = [0+] 36.0856 [1+] 12.2324 [2+] 7.95107 [3+] 2.44648 [4+] 2.44648 [5+]   0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.