Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/lablgl-1.06/LablGlut/examples/glut3.7/demos/underwater/texload.c
Examining data/lablgl-1.06/LablGlut/examples/glut3.7/demos/underwater/texload.h
Examining data/lablgl-1.06/LablGlut/examples/glut3.7/demos/underwater/underwater.c
Examining data/lablgl-1.06/LablGlut/examples/glut3.7/not_yet_ported/dinospin.c
Examining data/lablgl-1.06/LablGlut/examples/glut3.7/not_yet_ported/scube.c
Examining data/lablgl-1.06/LablGlut/examples/glut3.7/not_yet_ported/splatlogo.c
Examining data/lablgl-1.06/LablGlut/examples/glut3.7/not_yet_ported/spots.c
Examining data/lablgl-1.06/LablGlut/examples/glut3.7/not_yet_ported/stars.c
Examining data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c
Examining data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/over_test.c
Examining data/lablgl-1.06/LablGlut/src/ml_gl.h
Examining data/lablgl-1.06/LablGlut/src/wrap_gl.c
Examining data/lablgl-1.06/LablGlut/src/wrap_glut.c
Examining data/lablgl-1.06/Togl/src/Togl/double.c
Examining data/lablgl-1.06/Togl/src/Togl/gears.c
Examining data/lablgl-1.06/Togl/src/Togl/image.c
Examining data/lablgl-1.06/Togl/src/Togl/image.h
Examining data/lablgl-1.06/Togl/src/Togl/index.c
Examining data/lablgl-1.06/Togl/src/Togl/overlay.c
Examining data/lablgl-1.06/Togl/src/Togl/stereo.c
Examining data/lablgl-1.06/Togl/src/Togl/texture.c
Examining data/lablgl-1.06/Togl/src/Togl/tkFont.h
Examining data/lablgl-1.06/Togl/src/Togl/togl.c
Examining data/lablgl-1.06/Togl/src/Togl/togl.h
Examining data/lablgl-1.06/Togl/src/ml_togl.c
Examining data/lablgl-1.06/src/ml_gl.c
Examining data/lablgl-1.06/src/ml_gl.h
Examining data/lablgl-1.06/src/ml_glarray.c
Examining data/lablgl-1.06/src/ml_glu.c
Examining data/lablgl-1.06/src/ml_glu.h
Examining data/lablgl-1.06/src/ml_glutess.c
Examining data/lablgl-1.06/src/ml_raw.c
Examining data/lablgl-1.06/src/ml_raw.h
Examining data/lablgl-1.06/src/ml_shader.c

FINAL RESULTS:

data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:86:25:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define PR     if(debug)printf
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:224:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(copy, string);
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:540:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(str, "%srequest %s", (modes[i] ? "+ " : "   "), modeNames[i]);
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:798:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(textPtr[0], text);                  \
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:811:11:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
          sprintf(str, # name);                    \
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:816:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat(str, str2);                       \
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:817:4:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	  printf(str);                             \
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:869:11:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
          sprintf(str, # name);                  \
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:875:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat(str, str2);                     \
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:876:4:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	  printf(str);                           \
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:902:11:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
          sprintf(str, # name);                  \
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:906:11:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
          sprintf(str2, ": %s\n",                \
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:909:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat(str, str2);                     \
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:910:4:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	  printf(str);                           \
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:2318:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(VERSIONLONG "\n");
data/lablgl-1.06/Togl/src/Togl/double.c:183:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(interp->result, argv[2]);
data/lablgl-1.06/Togl/src/Togl/double.c:213:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(interp->result, argv[2]);
data/lablgl-1.06/Togl/src/Togl/gears.c:365:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(interp->result, argv[2]);
data/lablgl-1.06/Togl/src/Togl/stereo.c:229:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(interp->result, argv[2]);
data/lablgl-1.06/Togl/src/Togl/stereo.c:258:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(interp->result, argv[2]);
data/lablgl-1.06/Togl/src/Togl/stereo.c:299:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(interp->result, argv[2]);
data/lablgl-1.06/Togl/src/Togl/texture.c:311:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(interp->result, argv[2]);
data/lablgl-1.06/Togl/src/Togl/texture.c:334:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(interp->result, argv[2]);
data/lablgl-1.06/Togl/src/Togl/texture.c:357:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(interp->result, argv[2]);
data/lablgl-1.06/Togl/src/Togl/texture.c:391:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(interp->result, argv[2]);
data/lablgl-1.06/Togl/src/Togl/texture.c:425:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(interp->result, argv[2]);
data/lablgl-1.06/Togl/src/Togl/texture.c:461:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(interp->result, argv[2]);
data/lablgl-1.06/Togl/src/Togl/texture.c:489:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(interp->result, argv[2]);
data/lablgl-1.06/Togl/src/Togl/texture.c:524:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(interp->result, argv[2]);
data/lablgl-1.06/Togl/src/Togl/texture.c:553:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(interp->result, argv[2]);
data/lablgl-1.06/LablGlut/examples/glut3.7/not_yet_ported/stars.c:258:3:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  srand((unsigned int) time(NULL));
data/lablgl-1.06/LablGlut/examples/glut3.7/demos/underwater/texload.c:19:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[80];
data/lablgl-1.06/LablGlut/examples/glut3.7/demos/underwater/texload.c:70:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char testByte[4];
data/lablgl-1.06/LablGlut/examples/glut3.7/demos/underwater/texload.c:88:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((image->file = fopen(fileName, "rb")) == NULL) {
data/lablgl-1.06/LablGlut/examples/glut3.7/demos/underwater/underwater.c:531:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[80];
data/lablgl-1.06/LablGlut/examples/glut3.7/demos/underwater/underwater.c:533:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(filename, "caust%02d.bw", i);
data/lablgl-1.06/LablGlut/examples/glut3.7/not_yet_ported/scube.c:105:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char shadowPattern[128] =
data/lablgl-1.06/LablGlut/examples/glut3.7/not_yet_ported/scube.c:125:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char sgiPattern[128] =
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:122:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *textPtr[1000] =
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:532:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char str[100];
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:809:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char str[100], str2[100];                \
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:815:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(str2, ": %d\n",glutGet(name));   \
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:867:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char str[100], str2[100];              \
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:873:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(str2, ": %d\n",                \
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:900:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char str[100], str2[100];              \
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:1688:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char str[99];
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:1711:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(str, "window %d (RGB)", index);
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:1713:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(str, "icon %d", index);
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:1778:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(str, "window %d (color index)", index);
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:1780:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(str, "icon %d", index);
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:1924:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(textPtr[i], "no current text");
data/lablgl-1.06/Togl/src/Togl/double.c:220:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(interp->result, "%d", (int) xAngle);
data/lablgl-1.06/Togl/src/Togl/double.c:227:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(interp->result, "%d", (int) yAngle);
data/lablgl-1.06/Togl/src/Togl/gears.c:329:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    Result[100];
data/lablgl-1.06/Togl/src/Togl/gears.c:340:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(Result, "%g %g", Wg->Roty, Wg->Rotx);
data/lablgl-1.06/Togl/src/Togl/image.c:33:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    name[80];
data/lablgl-1.06/Togl/src/Togl/image.c:81:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char    testByte[4];
data/lablgl-1.06/Togl/src/Togl/image.c:99:22:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((raw->file = fopen(fileName, "rb")) == NULL) {
data/lablgl-1.06/Togl/src/Togl/stereo.c:267:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(interp->result, "%d", (int) xAngle);
data/lablgl-1.06/Togl/src/Togl/stereo.c:276:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(interp->result, "%d", (int) yAngle);
data/lablgl-1.06/Togl/src/Togl/texture.c:482:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    polycolor[0] = atoi(argv[2]);
data/lablgl-1.06/Togl/src/Togl/texture.c:483:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    polycolor[1] = atoi(argv[3]);
data/lablgl-1.06/Togl/src/Togl/texture.c:484:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    polycolor[2] = atoi(argv[4]);
data/lablgl-1.06/Togl/src/Togl/togl.c:646:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char threeto8[8] = {
data/lablgl-1.06/Togl/src/Togl/togl.c:650:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char twoto8[4] = {
data/lablgl-1.06/Togl/src/Togl/togl.c:654:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char oneto8[2] = {
data/lablgl-1.06/Togl/src/Togl/togl.c:1377:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            Togl_UnloadBitmapFont(togl, atoi(argv[2]));
data/lablgl-1.06/Togl/src/Togl/togl.c:3554:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(filename, "w");
data/lablgl-1.06/src/ml_glutess.c:126:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg[80];
data/lablgl-1.06/src/ml_glutess.c:127:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(msg, "Unknown primitive format %d in tesselation.\n", (int)type);
data/lablgl-1.06/src/ml_raw.c:166:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (String_val(ret), Bp_val(Addr_raw(raw))+s, l);
data/lablgl-1.06/src/ml_raw.c:177:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (Bp_val(Addr_raw(raw))+s, String_val(data), l);
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:221:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  copy = malloc(strlen(string) + 1);
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:797:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        textPtr[0] = (char *)malloc(strlen(text)+1); \
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:812:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          len = (int) strlen(# name);              \
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:814:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat(str, " ");                      \
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:870:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          len = (int) strlen(# name);            \
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:872:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat(str, " ");                    \
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:903:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          len = (int) strlen(# name);            \
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:905:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat(str, " ");                    \
data/lablgl-1.06/LablGlut/examples/glut3.7/test/not_yet_ported/bigtest.c:2007:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (msg[strlen(msg)] != '\n')
data/lablgl-1.06/Togl/src/Togl/double.c:76:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    glCallLists(strlen(s), GL_UNSIGNED_BYTE, s);
data/lablgl-1.06/Togl/src/Togl/stereo.c:78:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    glCallLists(strlen(s), GL_UNSIGNED_BYTE, s);
data/lablgl-1.06/Togl/src/Togl/togl.c:1323:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!strncmp(argv[1], "configure", MAX(1, strlen(argv[1])))) {
data/lablgl-1.06/Togl/src/Togl/togl.c:1346:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    } else if (!strncmp(argv[1], "render", MAX(1, strlen(argv[1])))) {
data/lablgl-1.06/Togl/src/Togl/togl.c:1349:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    } else if (!strncmp(argv[1], "swapbuffers", MAX(1, strlen(argv[1])))) {
data/lablgl-1.06/Togl/src/Togl/togl.c:1352:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    } else if (!strncmp(argv[1], "makecurrent", MAX(1, strlen(argv[1])))) {
data/lablgl-1.06/Togl/src/Togl/togl.c:1357:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if (!strncmp(argv[1], "loadbitmapfont", MAX(1, strlen(argv[1])))) {
data/lablgl-1.06/Togl/src/Togl/togl.c:1375:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    } else if (!strncmp(argv[1], "unloadbitmapfont", MAX(1, strlen(argv[1])))) {

ANALYSIS SUMMARY:

Hits = 89
Lines analyzed = 16853 in approximately 0.76 seconds (22074 lines/second)
Physical Source Lines of Code (SLOC) = 12853
Hits@level = [0] 167 [1]  17 [2]  41 [3]   1 [4]  30 [5]   0
Hits@level+ = [0+] 256 [1+]  89 [2+]  72 [3+]  31 [4+]  30 [5+]   0
Hits/KSLOC@level+ = [0+] 19.9175 [1+] 6.92445 [2+] 5.60181 [3+] 2.41189 [4+] 2.33409 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.