Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libepubgen-0.1.1/src/lib/EPUBTextElements.h
Examining data/libepubgen-0.1.1/src/lib/EPUBImageManager.cpp
Examining data/libepubgen-0.1.1/src/lib/EPUBManifest.h
Examining data/libepubgen-0.1.1/src/lib/EPUBPagedGenerator.h
Examining data/libepubgen-0.1.1/src/lib/EPUBListStyleManager.cpp
Examining data/libepubgen-0.1.1/src/lib/EPUBBinaryContent.cpp
Examining data/libepubgen-0.1.1/src/lib/EPUBTableStyleManager.h
Examining data/libepubgen-0.1.1/src/lib/EPUBSplitGuard.cpp
Examining data/libepubgen-0.1.1/src/lib/EPUBXMLContent.cpp
Examining data/libepubgen-0.1.1/src/lib/EPUBParagraphStyleManager.cpp
Examining data/libepubgen-0.1.1/src/lib/libepubgen_utils.cpp
Examining data/libepubgen-0.1.1/src/lib/EPUBCounter.h
Examining data/libepubgen-0.1.1/src/lib/EPUBTextElements.cpp
Examining data/libepubgen-0.1.1/src/lib/EPUBImageManager.h
Examining data/libepubgen-0.1.1/src/lib/EPUBCounter.cpp
Examining data/libepubgen-0.1.1/src/lib/EPUBCSSProperties.h
Examining data/libepubgen-0.1.1/src/lib/EPUBDrawingGenerator.cpp
Examining data/libepubgen-0.1.1/src/lib/EPUBTableStyleManager.cpp
Examining data/libepubgen-0.1.1/src/lib/EPUBPath.h
Examining data/libepubgen-0.1.1/src/lib/EPUBSpanStyleManager.h
Examining data/libepubgen-0.1.1/src/lib/EPUBBodyStyleManager.cpp
Examining data/libepubgen-0.1.1/src/lib/EPUBBinaryContent.h
Examining data/libepubgen-0.1.1/src/lib/EPUBCSSProperties.cpp
Examining data/libepubgen-0.1.1/src/lib/EPUBGenerator.cpp
Examining data/libepubgen-0.1.1/src/lib/EPUBListStyleManager.h
Examining data/libepubgen-0.1.1/src/lib/EPUBPresentationGenerator.cpp
Examining data/libepubgen-0.1.1/src/lib/EPUBPagedGenerator.cpp
Examining data/libepubgen-0.1.1/src/lib/EPUBSplitGuard.h
Examining data/libepubgen-0.1.1/src/lib/EPUBBodyStyleManager.h
Examining data/libepubgen-0.1.1/src/lib/EPUBSpanStyleManager.cpp
Examining data/libepubgen-0.1.1/src/lib/EPUBHTMLManager.cpp
Examining data/libepubgen-0.1.1/src/lib/EPUBFontManager.h
Examining data/libepubgen-0.1.1/src/lib/EPUBManifest.cpp
Examining data/libepubgen-0.1.1/src/lib/EPUBHTMLGenerator.h
Examining data/libepubgen-0.1.1/src/lib/EPUBPath.cpp
Examining data/libepubgen-0.1.1/src/lib/EPUBCSSContent.h
Examining data/libepubgen-0.1.1/src/lib/EPUBFontManager.cpp
Examining data/libepubgen-0.1.1/src/lib/EPUBXMLContent.h
Examining data/libepubgen-0.1.1/src/lib/EPUBTextGenerator.cpp
Examining data/libepubgen-0.1.1/src/lib/EPUBGenerator.h
Examining data/libepubgen-0.1.1/src/lib/EPUBHTMLGenerator.cpp
Examining data/libepubgen-0.1.1/src/lib/libepubgen_utils.h
Examining data/libepubgen-0.1.1/src/lib/EPUBHTMLManager.h
Examining data/libepubgen-0.1.1/src/lib/EPUBCSSContent.cpp
Examining data/libepubgen-0.1.1/src/lib/EPUBParagraphStyleManager.h
Examining data/libepubgen-0.1.1/src/test/test.cpp
Examining data/libepubgen-0.1.1/src/test/EPUBTextGeneratorTest.cpp
Examining data/libepubgen-0.1.1/src/test/EPUBPathTest.cpp
Examining data/libepubgen-0.1.1/inc/libepubgen/EPUBPresentationGenerator.h
Examining data/libepubgen-0.1.1/inc/libepubgen/libepubgen-decls.h
Examining data/libepubgen-0.1.1/inc/libepubgen/libepubgen-api.h
Examining data/libepubgen-0.1.1/inc/libepubgen/libepubgen.h
Examining data/libepubgen-0.1.1/inc/libepubgen/EPUBTextGenerator.h
Examining data/libepubgen-0.1.1/inc/libepubgen/EPUBPackage.h
Examining data/libepubgen-0.1.1/inc/libepubgen/EPUBDrawingGenerator.h

FINAL RESULTS:

data/libepubgen-0.1.1/src/lib/libepubgen_utils.cpp:25:8:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  std::vfprintf(stderr, format, args);
data/libepubgen-0.1.1/src/lib/libepubgen_utils.h:23:66:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define EPUBGEN_ATTRIBUTE_PRINTF(fmt, arg) __attribute__((format(printf, fmt, arg)))
data/libepubgen-0.1.1/src/lib/EPUBGenerator.cpp:348:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer[MAX_BUFFER];
data/libepubgen-0.1.1/src/lib/EPUBHTMLGenerator.cpp:539:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char const *wpdMetaFields[9]=
data/libepubgen-0.1.1/src/lib/EPUBHTMLGenerator.cpp:544:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char const *metaFields[9]=
data/libepubgen-0.1.1/src/lib/EPUBFontManager.cpp:65:15:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
  return std::equal(leftData, leftData + left.size(), right.getDataBuffer());
data/libepubgen-0.1.1/src/lib/EPUBImageManager.cpp:68:15:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
  return std::equal(leftData, leftData + left.size(), right.getDataBuffer());
data/libepubgen-0.1.1/src/lib/EPUBPath.cpp:100:43:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
  const std::pair<PathIter_t, PathIter_t> mismatch(
data/libepubgen-0.1.1/src/lib/EPUBPath.cpp:101:10:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    std::mismatch(
data/libepubgen-0.1.1/src/lib/EPUBPath.cpp:110:61:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
  std::fill_n(std::back_inserter(components), std::distance(mismatch.second, baseEnd), std::string(".."));
data/libepubgen-0.1.1/src/lib/EPUBPath.cpp:111:13:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
  std::copy(mismatch.first, m_components.end(), std::back_inserter(components));

ANALYSIS SUMMARY:

Hits = 11
Lines analyzed = 11004 in approximately 0.26 seconds (42825 lines/second)
Physical Source Lines of Code (SLOC) = 8065
Hits@level = [0]   0 [1]   6 [2]   3 [3]   0 [4]   2 [5]   0
Hits@level+ = [0+]  11 [1+]  11 [2+]   5 [3+]   2 [4+]   2 [5+]   0
Hits/KSLOC@level+ = [0+] 1.36392 [1+] 1.36392 [2+] 0.619963 [3+] 0.247985 [4+] 0.247985 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.