Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gle-3.1.0/acconfig.h
Examining data/gle-3.1.0/src/ex_alpha.c
Examining data/gle-3.1.0/src/ex_angle.c
Examining data/gle-3.1.0/src/ex_cut_round.c
Examining data/gle-3.1.0/src/ex_raw.c
Examining data/gle-3.1.0/src/extrude.c
Examining data/gle-3.1.0/src/intersect.c
Examining data/gle-3.1.0/src/qmesh.c
Examining data/gle-3.1.0/src/rot_prince.c
Examining data/gle-3.1.0/src/rotate.c
Examining data/gle-3.1.0/src/round_cap.c
Examining data/gle-3.1.0/src/segment.c
Examining data/gle-3.1.0/src/texgen.c
Examining data/gle-3.1.0/src/urotate.c
Examining data/gle-3.1.0/src/view.c
Examining data/gle-3.1.0/src/copy.h
Examining data/gle-3.1.0/src/extrude.h
Examining data/gle-3.1.0/src/intersect.h
Examining data/gle-3.1.0/src/port.h
Examining data/gle-3.1.0/src/rot.h
Examining data/gle-3.1.0/src/segment.h
Examining data/gle-3.1.0/src/tube_gc.h
Examining data/gle-3.1.0/src/vvector.h
Examining data/gle-3.1.0/src/gle.h
Examining data/gle-3.1.0/examples/alpha.c
Examining data/gle-3.1.0/examples/mainjoin.c
Examining data/gle-3.1.0/examples/beam.c
Examining data/gle-3.1.0/examples/mainsimple.c
Examining data/gle-3.1.0/examples/candlestick.c
Examining data/gle-3.1.0/examples/cone.c
Examining data/gle-3.1.0/examples/cylinder.c
Examining data/gle-3.1.0/examples/helix.c
Examining data/gle-3.1.0/examples/helix2.c
Examining data/gle-3.1.0/examples/helix3.c
Examining data/gle-3.1.0/examples/helix4.c
Examining data/gle-3.1.0/examples/helixtex.c
Examining data/gle-3.1.0/examples/texture.c
Examining data/gle-3.1.0/examples/maintex.c
Examining data/gle-3.1.0/examples/horn.c
Examining data/gle-3.1.0/examples/joinoffset.c
Examining data/gle-3.1.0/examples/screw.c
Examining data/gle-3.1.0/examples/taper.c
Examining data/gle-3.1.0/examples/texas.c
Examining data/gle-3.1.0/examples/transport.c
Examining data/gle-3.1.0/examples/twoid.c
Examining data/gle-3.1.0/examples/twistoid.c
Examining data/gle-3.1.0/examples/main.h
Examining data/gle-3.1.0/examples/texture.h
Examining data/gle-3.1.0/ms-visual-c/config.h
Examining data/gle-3.1.0/swig/gle_wrap.c

FINAL RESULTS:

data/gle-3.1.0/src/vvector.h:398:4:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
   printf (#a " is %f %f length of " #a " is %f \n", 	\
data/gle-3.1.0/src/vvector.h:409:4:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
   printf (#a " is %f %f %f length of " #a " is %f \n", \
data/gle-3.1.0/src/vvector.h:420:4:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
   printf (#a " is %f %f %f %f length of " #a " is %f \n",	\
data/gle-3.1.0/swig/gle_wrap.c:148:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(temp,"C global variable %s not found.", n);
data/gle-3.1.0/swig/gle_wrap.c:170:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(temp,"C global variable %s not found.", n);
data/gle-3.1.0/swig/gle_wrap.c:229:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(v->vars[v->nvars]->name,name);
data/gle-3.1.0/swig/gle_wrap.c:416:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy (_c, type);
data/gle-3.1.0/swig/gle_wrap.c:510:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(temp_type,tp->name);
data/gle-3.1.0/swig/gle_wrap.c:514:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		  strcpy(SwigCache[SwigCacheIndex].mapped,_c);
data/gle-3.1.0/swig/gle_wrap.c:515:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		  strcpy(SwigCache[SwigCacheIndex].name,_t);
data/gle-3.1.0/swig/gle_wrap.c:140:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char temp[128];
data/gle-3.1.0/swig/gle_wrap.c:162:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char temp[128];
data/gle-3.1.0/swig/gle_wrap.c:301:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char                name[256];          /* Given datatype name            */
data/gle-3.1.0/swig/gle_wrap.c:302:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char                mapped[256];        /* Equivalent name                */
data/gle-3.1.0/swig/gle_wrap.c:396:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char _hex[16] =
data/gle-3.1.0/swig/gle_wrap.c:400:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char _result[20], *_r;    /* Note : a 64-bit hex number = 16 digits */
data/gle-3.1.0/swig/gle_wrap.c:413:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy (_c, "NULL");
data/gle-3.1.0/swig/gle_wrap.c:429:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char temp_type[256];
data/gle-3.1.0/swig/gle_wrap.c:593:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[255];
data/gle-3.1.0/swig/gle_wrap.c:601:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(buf,"Failed to make a contiguous array of type %d\n", typecode);
data/gle-3.1.0/swig/gle_wrap.c:632:19:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                  sprintf(buf,"The extent of dimension %d is %d while %d was expected\n",
data/gle-3.1.0/swig/gle_wrap.c:228:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  v->vars[v->nvars]->name = (char *) malloc(strlen(name)+1);
data/gle-3.1.0/swig/gle_wrap.c:365:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    t->len = strlen(t->name);
data/gle-3.1.0/swig/gle_wrap.c:385:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  t1->len = strlen(t1->name);
data/gle-3.1.0/swig/gle_wrap.c:511:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(temp_type,_t+len,255-tp->len);

ANALYSIS SUMMARY:

Hits = 25
Lines analyzed = 14902 in approximately 0.50 seconds (29981 lines/second)
Physical Source Lines of Code (SLOC) = 10007
Hits@level = [0]  39 [1]   4 [2]  11 [3]   0 [4]  10 [5]   0
Hits@level+ = [0+]  64 [1+]  25 [2+]  21 [3+]  10 [4+]  10 [5+]   0
Hits/KSLOC@level+ = [0+] 6.39552 [1+] 2.49825 [2+] 2.09853 [3+] 0.9993 [4+] 0.9993 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.