Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/stl-manual-3.30/algo.h
Examining data/stl-manual-3.30/algobase.h
Examining data/stl-manual-3.30/alloc.h
Examining data/stl-manual-3.30/bvector.h
Examining data/stl-manual-3.30/char_traits.h
Examining data/stl-manual-3.30/concept_checks.h
Examining data/stl-manual-3.30/container_concepts.h
Examining data/stl-manual-3.30/defalloc.h
Examining data/stl-manual-3.30/deque.h
Examining data/stl-manual-3.30/function.h
Examining data/stl-manual-3.30/hash_map.h
Examining data/stl-manual-3.30/hash_set.h
Examining data/stl-manual-3.30/hashtable.h
Examining data/stl-manual-3.30/heap.h
Examining data/stl-manual-3.30/iterator.h
Examining data/stl-manual-3.30/list.h
Examining data/stl-manual-3.30/map.h
Examining data/stl-manual-3.30/multimap.h
Examining data/stl-manual-3.30/multiset.h
Examining data/stl-manual-3.30/pair.h
Examining data/stl-manual-3.30/pthread_alloc.h
Examining data/stl-manual-3.30/rope.h
Examining data/stl-manual-3.30/ropeimpl.h
Examining data/stl-manual-3.30/sequence_concepts.h
Examining data/stl-manual-3.30/set.h
Examining data/stl-manual-3.30/slist.h
Examining data/stl-manual-3.30/stack.h
Examining data/stl-manual-3.30/stl_algo.h
Examining data/stl-manual-3.30/stl_algobase.h
Examining data/stl-manual-3.30/stl_alloc.h
Examining data/stl-manual-3.30/stl_bvector.h
Examining data/stl-manual-3.30/stl_config.h
Examining data/stl-manual-3.30/stl_construct.h
Examining data/stl-manual-3.30/stl_ctraits_fns.h
Examining data/stl-manual-3.30/stl_deque.h
Examining data/stl-manual-3.30/stl_exception.h
Examining data/stl-manual-3.30/stl_function.h
Examining data/stl-manual-3.30/stl_hash_fun.h
Examining data/stl-manual-3.30/stl_hash_map.h
Examining data/stl-manual-3.30/stl_hash_set.h
Examining data/stl-manual-3.30/stl_hashtable.h
Examining data/stl-manual-3.30/stl_heap.h
Examining data/stl-manual-3.30/stl_iterator.h
Examining data/stl-manual-3.30/stl_iterator_base.h
Examining data/stl-manual-3.30/stl_list.h
Examining data/stl-manual-3.30/stl_map.h
Examining data/stl-manual-3.30/stl_multimap.h
Examining data/stl-manual-3.30/stl_multiset.h
Examining data/stl-manual-3.30/stl_numeric.h
Examining data/stl-manual-3.30/stl_pair.h
Examining data/stl-manual-3.30/stl_queue.h
Examining data/stl-manual-3.30/stl_range_errors.h
Examining data/stl-manual-3.30/stl_raw_storage_iter.h
Examining data/stl-manual-3.30/stl_relops.h
Examining data/stl-manual-3.30/stl_rope.h
Examining data/stl-manual-3.30/stl_set.h
Examining data/stl-manual-3.30/stl_slist.h
Examining data/stl-manual-3.30/stl_stack.h
Examining data/stl-manual-3.30/stl_string_fwd.h
Examining data/stl-manual-3.30/stl_tempbuf.h
Examining data/stl-manual-3.30/stl_threads.h
Examining data/stl-manual-3.30/stl_tree.h
Examining data/stl-manual-3.30/stl_uninitialized.h
Examining data/stl-manual-3.30/stl_vector.h
Examining data/stl-manual-3.30/tempbuf.h
Examining data/stl-manual-3.30/tree.h
Examining data/stl-manual-3.30/type_traits.h
Examining data/stl-manual-3.30/vector.h

FINAL RESULTS:

data/stl-manual-3.30/stl_algo.h:973:10:  [3] (random) lrand48:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  return lrand48() % __n;
data/stl-manual-3.30/char_traits.h:73:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(__s1, __s2, __n * sizeof(_CharT));
data/stl-manual-3.30/stl_alloc.h:306:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char _M_client_data[1];    /* The client sees this.        */
data/stl-manual-3.30/stl_alloc.h:541:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(__result, __p, __copy_sz);
data/stl-manual-3.30/algobase.h:54:14:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
using __STD::mismatch; 
data/stl-manual-3.30/algobase.h:55:14:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
using __STD::equal; 
data/stl-manual-3.30/char_traits.h:130:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  static size_t length(const char* __s) { return strlen(__s); }
data/stl-manual-3.30/stl_algobase.h:503:32:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
pair<_InputIter1, _InputIter2> mismatch(_InputIter1 __first1,
data/stl-manual-3.30/stl_algobase.h:534:13:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
inline bool equal(_InputIter1 __first1, _InputIter1 __last1,
data/stl-manual-3.30/stl_bvector.h:846:11:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
          equal(__x.begin(), __x.end(), __y.begin()));
data/stl-manual-3.30/stl_deque.h:1599:10:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
         equal(__x.begin(), __x.end(), __y.begin());
data/stl-manual-3.30/stl_iterator.h:718:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
  bool equal(const istreambuf_iterator& __i) const {
data/stl-manual-3.30/stl_iterator.h:784:14:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
  return __x.equal(__y);
data/stl-manual-3.30/stl_iterator.h:792:15:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
  return !__x.equal(__y);
data/stl-manual-3.30/stl_tree.h:766:10:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
         equal(__x.begin(), __x.end(), __y.begin());
data/stl-manual-3.30/stl_vector.h:503:10:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
         equal(__x.begin(), __x.end(), __y.begin());

ANALYSIS SUMMARY:

Hits = 16
Lines analyzed = 27395 in approximately 0.65 seconds (42017 lines/second)
Physical Source Lines of Code (SLOC) = 20687
Hits@level = [0]   9 [1]  12 [2]   3 [3]   1 [4]   0 [5]   0
Hits@level+ = [0+]  25 [1+]  16 [2+]   4 [3+]   1 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 1.20849 [1+] 0.773433 [2+] 0.193358 [3+] 0.0483395 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.