Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/stl-manual-3.30/algo.h Examining data/stl-manual-3.30/algobase.h Examining data/stl-manual-3.30/alloc.h Examining data/stl-manual-3.30/bvector.h Examining data/stl-manual-3.30/char_traits.h Examining data/stl-manual-3.30/concept_checks.h Examining data/stl-manual-3.30/container_concepts.h Examining data/stl-manual-3.30/defalloc.h Examining data/stl-manual-3.30/deque.h Examining data/stl-manual-3.30/function.h Examining data/stl-manual-3.30/hash_map.h Examining data/stl-manual-3.30/hash_set.h Examining data/stl-manual-3.30/hashtable.h Examining data/stl-manual-3.30/heap.h Examining data/stl-manual-3.30/iterator.h Examining data/stl-manual-3.30/list.h Examining data/stl-manual-3.30/map.h Examining data/stl-manual-3.30/multimap.h Examining data/stl-manual-3.30/multiset.h Examining data/stl-manual-3.30/pair.h Examining data/stl-manual-3.30/pthread_alloc.h Examining data/stl-manual-3.30/rope.h Examining data/stl-manual-3.30/ropeimpl.h Examining data/stl-manual-3.30/sequence_concepts.h Examining data/stl-manual-3.30/set.h Examining data/stl-manual-3.30/slist.h Examining data/stl-manual-3.30/stack.h Examining data/stl-manual-3.30/stl_algo.h Examining data/stl-manual-3.30/stl_algobase.h Examining data/stl-manual-3.30/stl_alloc.h Examining data/stl-manual-3.30/stl_bvector.h Examining data/stl-manual-3.30/stl_config.h Examining data/stl-manual-3.30/stl_construct.h Examining data/stl-manual-3.30/stl_ctraits_fns.h Examining data/stl-manual-3.30/stl_deque.h Examining data/stl-manual-3.30/stl_exception.h Examining data/stl-manual-3.30/stl_function.h Examining data/stl-manual-3.30/stl_hash_fun.h Examining data/stl-manual-3.30/stl_hash_map.h Examining data/stl-manual-3.30/stl_hash_set.h Examining data/stl-manual-3.30/stl_hashtable.h Examining data/stl-manual-3.30/stl_heap.h Examining data/stl-manual-3.30/stl_iterator.h Examining data/stl-manual-3.30/stl_iterator_base.h Examining data/stl-manual-3.30/stl_list.h Examining data/stl-manual-3.30/stl_map.h Examining data/stl-manual-3.30/stl_multimap.h Examining data/stl-manual-3.30/stl_multiset.h Examining data/stl-manual-3.30/stl_numeric.h Examining data/stl-manual-3.30/stl_pair.h Examining data/stl-manual-3.30/stl_queue.h Examining data/stl-manual-3.30/stl_range_errors.h Examining data/stl-manual-3.30/stl_raw_storage_iter.h Examining data/stl-manual-3.30/stl_relops.h Examining data/stl-manual-3.30/stl_rope.h Examining data/stl-manual-3.30/stl_set.h Examining data/stl-manual-3.30/stl_slist.h Examining data/stl-manual-3.30/stl_stack.h Examining data/stl-manual-3.30/stl_string_fwd.h Examining data/stl-manual-3.30/stl_tempbuf.h Examining data/stl-manual-3.30/stl_threads.h Examining data/stl-manual-3.30/stl_tree.h Examining data/stl-manual-3.30/stl_uninitialized.h Examining data/stl-manual-3.30/stl_vector.h Examining data/stl-manual-3.30/tempbuf.h Examining data/stl-manual-3.30/tree.h Examining data/stl-manual-3.30/type_traits.h Examining data/stl-manual-3.30/vector.h FINAL RESULTS: data/stl-manual-3.30/stl_algo.h:973:10: [3] (random) lrand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. return lrand48() % __n; data/stl-manual-3.30/char_traits.h:73:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(__s1, __s2, __n * sizeof(_CharT)); data/stl-manual-3.30/stl_alloc.h:306:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _M_client_data[1]; /* The client sees this. */ data/stl-manual-3.30/stl_alloc.h:541:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(__result, __p, __copy_sz); data/stl-manual-3.30/algobase.h:54:14: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. using __STD::mismatch; data/stl-manual-3.30/algobase.h:55:14: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. using __STD::equal; data/stl-manual-3.30/char_traits.h:130:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). static size_t length(const char* __s) { return strlen(__s); } data/stl-manual-3.30/stl_algobase.h:503:32: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. pair<_InputIter1, _InputIter2> mismatch(_InputIter1 __first1, data/stl-manual-3.30/stl_algobase.h:534:13: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. inline bool equal(_InputIter1 __first1, _InputIter1 __last1, data/stl-manual-3.30/stl_bvector.h:846:11: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal(__x.begin(), __x.end(), __y.begin())); data/stl-manual-3.30/stl_deque.h:1599:10: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal(__x.begin(), __x.end(), __y.begin()); data/stl-manual-3.30/stl_iterator.h:718:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. bool equal(const istreambuf_iterator& __i) const { data/stl-manual-3.30/stl_iterator.h:784:14: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return __x.equal(__y); data/stl-manual-3.30/stl_iterator.h:792:15: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return !__x.equal(__y); data/stl-manual-3.30/stl_tree.h:766:10: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal(__x.begin(), __x.end(), __y.begin()); data/stl-manual-3.30/stl_vector.h:503:10: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal(__x.begin(), __x.end(), __y.begin()); ANALYSIS SUMMARY: Hits = 16 Lines analyzed = 27395 in approximately 0.65 seconds (42017 lines/second) Physical Source Lines of Code (SLOC) = 20687 Hits@level = [0] 9 [1] 12 [2] 3 [3] 1 [4] 0 [5] 0 Hits@level+ = [0+] 25 [1+] 16 [2+] 4 [3+] 1 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.20849 [1+] 0.773433 [2+] 0.193358 [3+] 0.0483395 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.