Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/manpages-tr-1.0.5.1/source/xml2man.c
Examining data/manpages-tr-1.0.5.1/isutf8.c

FINAL RESULTS:

data/manpages-tr-1.0.5.1/source/xml2man.c:523:5:  [4] (shell) execlp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    execlp("xsltproc", "xsltproc", "--stringparam", "sostr", sostr, "-", NULL);
data/manpages-tr-1.0.5.1/source/xml2man.c:391:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(buffer);
data/manpages-tr-1.0.5.1/source/xml2man.c:419:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(buffer) - (t - buffer);
data/manpages-tr-1.0.5.1/source/xml2man.c:421:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(buf2, t, len);
data/manpages-tr-1.0.5.1/source/xml2man.c:450:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          len = strlen(buffer) - (src - buffer) - 2;
data/manpages-tr-1.0.5.1/source/xml2man.c:452:11:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
          strncpy(tmp, src + 2, len);
data/manpages-tr-1.0.5.1/source/xml2man.c:453:11:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
          strncpy(src, "\n ", 3);     /* linefeed + nobreakspace */
data/manpages-tr-1.0.5.1/source/xml2man.c:454:11:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
          strncpy(src + 3, tmp, len);
data/manpages-tr-1.0.5.1/source/xml2man.c:459:11:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
          strncpy(tgt, tags[k].end, tags[k].leneo);
data/manpages-tr-1.0.5.1/source/xml2man.c:477:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
  strncpy(tgt, " \n\0", 3);
data/manpages-tr-1.0.5.1/source/xml2man.c:485:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  buffer = xmalloc (strlen(buf2) + 100000);
data/manpages-tr-1.0.5.1/source/xml2man.c:486:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  memset (buffer, 0, strlen(buffer) + 100000);
data/manpages-tr-1.0.5.1/source/xml2man.c:487:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(xslss[0].str);
data/manpages-tr-1.0.5.1/source/xml2man.c:488:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(buffer, xslss[0].str, len);
data/manpages-tr-1.0.5.1/source/xml2man.c:489:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  pos = len; len = strlen(buf2);
data/manpages-tr-1.0.5.1/source/xml2man.c:490:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(buffer + pos, buf2, len);
data/manpages-tr-1.0.5.1/source/xml2man.c:491:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  pos +=len; len = strlen(xslss[1].str);
data/manpages-tr-1.0.5.1/source/xml2man.c:492:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(buffer + pos, xslss[1].str, len);
data/manpages-tr-1.0.5.1/source/xml2man.c:528:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  write(fdw[1], buffer, strlen(buffer));
data/manpages-tr-1.0.5.1/source/xml2man.c:538:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    len = read(fdr[0], buf2[k], size - 4);
data/manpages-tr-1.0.5.1/source/xml2man.c:553:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len += strlen(buf2[i]);
data/manpages-tr-1.0.5.1/source/xml2man.c:559:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(buf2[i]);
data/manpages-tr-1.0.5.1/source/xml2man.c:560:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(buffer + pos, buf2[i], len);
data/manpages-tr-1.0.5.1/source/xml2man.c:589:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len = strlen(table[i].xml);

ANALYSIS SUMMARY:

Hits = 24
Lines analyzed = 677 in approximately 0.05 seconds (12713 lines/second)
Physical Source Lines of Code (SLOC) = 559
Hits@level = [0]   4 [1]  23 [2]   0 [3]   0 [4]   1 [5]   0
Hits@level+ = [0+]  28 [1+]  24 [2+]   1 [3+]   1 [4+]   1 [5+]   0
Hits/KSLOC@level+ = [0+] 50.0894 [1+] 42.9338 [2+] 1.78891 [3+] 1.78891 [4+] 1.78891 [5+]   0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.