Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gccintro-1.0/alpha.c
Examining data/gccintro-1.0/ansi.c
Examining data/gccintro-1.0/bad.c
Examining data/gccintro-1.0/badpow.c
Examining data/gccintro-1.0/bye_fn.c
Examining data/gccintro-1.0/calc.c
Examining data/gccintro-1.0/castqual.c
Examining data/gccintro-1.0/collatz.c
Examining data/gccintro-1.0/cov.c
Examining data/gccintro-1.0/dbmain.c
Examining data/gccintro-1.0/dtest.c
Examining data/gccintro-1.0/dtestval3.c
Examining data/gccintro-1.0/gnuarray.c
Examining data/gccintro-1.0/hello.c
Examining data/gccintro-1.0/hello_fn.c
Examining data/gccintro-1.0/main.c
Examining data/gccintro-1.0/main2.c
Examining data/gccintro-1.0/main3.c
Examining data/gccintro-1.0/main4.c
Examining data/gccintro-1.0/nested.c
Examining data/gccintro-1.0/optim.c
Examining data/gccintro-1.0/shadow.c
Examining data/gccintro-1.0/shadow2.c
Examining data/gccintro-1.0/test.c
Examining data/gccintro-1.0/uninit.c
Examining data/gccintro-1.0/w.c
Examining data/gccintro-1.0/buffer.h
Examining data/gccintro-1.0/hello.h
Examining data/gccintro-1.0/hello1.h
Examining data/gccintro-1.0/templates.cc
Examining data/gccintro-1.0/templates2.cc
Examining data/gccintro-1.0/fptest2.c
Examining data/gccintro-1.0/loop.c
Examining data/gccintro-1.0/msg-assign.c
Examining data/gccintro-1.0/msg-char.c
Examining data/gccintro-1.0/msg-const.c
Examining data/gccintro-1.0/msg-control.c
Examining data/gccintro-1.0/msg-cppheader.c
Examining data/gccintro-1.0/msg-derefincomplete.c
Examining data/gccintro-1.0/msg-eoi.c
Examining data/gccintro-1.0/msg-file.c
Examining data/gccintro-1.0/msg-implicitdecl.c
Examining data/gccintro-1.0/msg-init.c
Examining data/gccintro-1.0/msg-invalidpp.c
Examining data/gccintro-1.0/msg-nest1.h
Examining data/gccintro-1.0/msg-nest2.h
Examining data/gccintro-1.0/msg-null.c
Examining data/gccintro-1.0/msg-parse.c
Examining data/gccintro-1.0/msg-string2.c
Examining data/gccintro-1.0/msg-string2.cc
Examining data/gccintro-1.0/msg-undeclared.c
Examining data/gccintro-1.0/msg-undef.c
Examining data/gccintro-1.0/msg-unknownesc.c
Examining data/gccintro-1.0/msg-unterm.c
Parsing failed to find end of parameter list in  ("Hello World!\n);  /* no closing quote */
  return 0;
}

Examining data/gccintro-1.0/msg-unused.c
Examining data/gccintro-1.0/setfpu.c
Examining data/gccintro-1.0/signed.c
Examining data/gccintro-1.0/testgetc.c
Examining data/gccintro-1.0/testgetc2.c
Examining data/gccintro-1.0/wabs.c
Examining data/gccintro-1.0/dtestval.c
Examining data/gccintro-1.0/dtestval2.c
Examining data/gccintro-1.0/hello.cc
Examining data/gccintro-1.0/hellostr.cc
Examining data/gccintro-1.0/null.c
Examining data/gccintro-1.0/pi.c
Examining data/gccintro-1.0/string.cc
Examining data/gccintro-1.0/tprog.cc
Examining data/gccintro-1.0/bof.c
Examining data/gccintro-1.0/format.c

FINAL RESULTS:

data/gccintro-1.0/bof.c:12:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(dest, argv[1]);
data/gccintro-1.0/format.c:9:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      fprintf(stderr, argv[1]);
data/gccintro-1.0/msg-string2.c:6:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf ('Hello World!\n');  /* wrong quotes */
data/gccintro-1.0/msg-unterm.c:6:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf ("Hello World!\n);  /* no closing quote */
data/gccintro-1.0/bof.c:8:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dest[DESTLEN];
data/gccintro-1.0/testgetc.c:7:15:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while ((c = getchar()) != EOF) /* not portable */
data/gccintro-1.0/testgetc2.c:7:15:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while ((i = getchar()) != EOF)

ANALYSIS SUMMARY:

Hits = 7
Lines analyzed = 725 in approximately 0.08 seconds (8788 lines/second)
Physical Source Lines of Code (SLOC) = 636
Hits@level = [0]  43 [1]   2 [2]   1 [3]   0 [4]   4 [5]   0
Hits@level+ = [0+]  50 [1+]   7 [2+]   5 [3+]   4 [4+]   4 [5+]   0
Hits/KSLOC@level+ = [0+] 78.6164 [1+] 11.0063 [2+] 7.86164 [3+] 6.28931 [4+] 6.28931 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.