Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/starlink-pal-0.9.8/pal.h
Examining data/starlink-pal-0.9.8/pal1.h
Examining data/starlink-pal-0.9.8/pal1Atms.c
Examining data/starlink-pal-0.9.8/pal1Atmt.c
Examining data/starlink-pal-0.9.8/pal1sofa.h
Examining data/starlink-pal-0.9.8/palAddet.c
Examining data/starlink-pal-0.9.8/palAirmas.c
Examining data/starlink-pal-0.9.8/palAltaz.c
Examining data/starlink-pal-0.9.8/palAmp.c
Examining data/starlink-pal-0.9.8/palAmpqk.c
Examining data/starlink-pal-0.9.8/palAop.c
Examining data/starlink-pal-0.9.8/palAoppa.c
Examining data/starlink-pal-0.9.8/palAoppat.c
Examining data/starlink-pal-0.9.8/palAopqk.c
Examining data/starlink-pal-0.9.8/palAtmdsp.c
Examining data/starlink-pal-0.9.8/palCaldj.c
Examining data/starlink-pal-0.9.8/palDafin.c
Examining data/starlink-pal-0.9.8/palDat.c
Examining data/starlink-pal-0.9.8/palDe2h.c
Examining data/starlink-pal-0.9.8/palDeuler.c
Examining data/starlink-pal-0.9.8/palDfltin.c
Examining data/starlink-pal-0.9.8/palDh2e.c
Examining data/starlink-pal-0.9.8/palDjcal.c
Examining data/starlink-pal-0.9.8/palDmat.c
Examining data/starlink-pal-0.9.8/palDmoon.c
Examining data/starlink-pal-0.9.8/palDrange.c
Examining data/starlink-pal-0.9.8/palDs2tp.c
Examining data/starlink-pal-0.9.8/palDt.c
Examining data/starlink-pal-0.9.8/palDtp2s.c
Examining data/starlink-pal-0.9.8/palDtps2c.c
Examining data/starlink-pal-0.9.8/palDtt.c
Examining data/starlink-pal-0.9.8/palEcleq.c
Examining data/starlink-pal-0.9.8/palEcmat.c
Examining data/starlink-pal-0.9.8/palEl2ue.c
Examining data/starlink-pal-0.9.8/palEpco.c
Examining data/starlink-pal-0.9.8/palEpv.c
Examining data/starlink-pal-0.9.8/palEqecl.c
Examining data/starlink-pal-0.9.8/palEqgal.c
Examining data/starlink-pal-0.9.8/palEtrms.c
Examining data/starlink-pal-0.9.8/palEvp.c
Examining data/starlink-pal-0.9.8/palFk45z.c
Examining data/starlink-pal-0.9.8/palFk524.c
Examining data/starlink-pal-0.9.8/palFk54z.c
Examining data/starlink-pal-0.9.8/palGaleq.c
Examining data/starlink-pal-0.9.8/palGalsup.c
Examining data/starlink-pal-0.9.8/palGe50.c
Examining data/starlink-pal-0.9.8/palGeoc.c
Examining data/starlink-pal-0.9.8/palIntin.c
Examining data/starlink-pal-0.9.8/palMap.c
Examining data/starlink-pal-0.9.8/palMappa.c
Examining data/starlink-pal-0.9.8/palMapqk.c
Examining data/starlink-pal-0.9.8/palMapqkz.c
Examining data/starlink-pal-0.9.8/palNut.c
Examining data/starlink-pal-0.9.8/palNutc.c
Examining data/starlink-pal-0.9.8/palOap.c
Examining data/starlink-pal-0.9.8/palOapqk.c
Examining data/starlink-pal-0.9.8/palObs.c
Examining data/starlink-pal-0.9.8/palOne2One.c
Examining data/starlink-pal-0.9.8/palPa.c
Examining data/starlink-pal-0.9.8/palPcd.c
Examining data/starlink-pal-0.9.8/palPertel.c
Examining data/starlink-pal-0.9.8/palPertue.c
Examining data/starlink-pal-0.9.8/palPlanel.c
Examining data/starlink-pal-0.9.8/palPlanet.c
Examining data/starlink-pal-0.9.8/palPlante.c
Examining data/starlink-pal-0.9.8/palPlantu.c
Examining data/starlink-pal-0.9.8/palPm.c
Examining data/starlink-pal-0.9.8/palPolmo.c
Examining data/starlink-pal-0.9.8/palPrebn.c
Examining data/starlink-pal-0.9.8/palPrec.c
Examining data/starlink-pal-0.9.8/palPreces.c
Examining data/starlink-pal-0.9.8/palPrenut.c
Examining data/starlink-pal-0.9.8/palPv2el.c
Examining data/starlink-pal-0.9.8/palPv2ue.c
Examining data/starlink-pal-0.9.8/palPvobs.c
Examining data/starlink-pal-0.9.8/palRanorm.c
Examining data/starlink-pal-0.9.8/palRdplan.c
Examining data/starlink-pal-0.9.8/palRefco.c
Examining data/starlink-pal-0.9.8/palRefro.c
Examining data/starlink-pal-0.9.8/palRefv.c
Examining data/starlink-pal-0.9.8/palRefz.c
Examining data/starlink-pal-0.9.8/palRverot.c
Examining data/starlink-pal-0.9.8/palRvgalc.c
Examining data/starlink-pal-0.9.8/palRvlg.c
Examining data/starlink-pal-0.9.8/palRvlsrd.c
Examining data/starlink-pal-0.9.8/palRvlsrk.c
Examining data/starlink-pal-0.9.8/palSubet.c
Examining data/starlink-pal-0.9.8/palSupgal.c
Examining data/starlink-pal-0.9.8/palTest.c
Examining data/starlink-pal-0.9.8/palUe2el.c
Examining data/starlink-pal-0.9.8/palUe2pv.c
Examining data/starlink-pal-0.9.8/palUnpcd.c
Examining data/starlink-pal-0.9.8/palVers.c
Examining data/starlink-pal-0.9.8/palmac.h
FINAL RESULTS:
data/starlink-pal-0.9.8/pal.h:119:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void palCd2tf ( int ndp, float days, char *sign, int ihmsf[4] );
data/starlink-pal-0.9.8/pal.h:127:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void palCr2af ( int ndp, float angle, char *sign, int idmsf[4] );
data/starlink-pal-0.9.8/pal.h:129:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void palCr2tf ( int ndp, float angle, char *sign, int ihmsf[4] );
data/starlink-pal-0.9.8/pal.h:163:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void palDd2tf ( int ndp, double days, char *sign, int ihmsf[4] );
data/starlink-pal-0.9.8/pal.h:168:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void palDeuler ( const char *order, double phi, double theta, double psi,
data/starlink-pal-0.9.8/pal.h:193:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void palDr2af ( int ndp, double angle, char *sign, int idmsf[4] );
data/starlink-pal-0.9.8/pal.h:195:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void palDr2tf ( int ndp, double angle, char *sign, int ihmsf[4] );
data/starlink-pal-0.9.8/pal.h:277:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void palEuler ( const char *order, float phi, float theta, float psi,
data/starlink-pal-0.9.8/pal.h:375:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void palOapqk ( const char *type, double ob1, double ob2, const double aoprms[14],
data/starlink-pal-0.9.8/pal.h:433:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void palPreces ( const char sys[3], double ep0, double ep1,
data/starlink-pal-0.9.8/palDeuler.c:95:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
palDeuler( const char *order, double phi, double theta, double psi,
data/starlink-pal-0.9.8/palDfltin.c:157:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempbuf[256];
data/starlink-pal-0.9.8/palOapqk.c:150:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void palOapqk ( const char *type, double ob1, double ob2, const double aoprms[14],
data/starlink-pal-0.9.8/palObs.c:175:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shortname[11];
data/starlink-pal-0.9.8/palObs.c:176:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char longname[41];
data/starlink-pal-0.9.8/palOne2One.c:408:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void palDd2tf ( int ndp, double days, char *sign, int ihmsf[4] ) {
data/starlink-pal-0.9.8/palOne2One.c:689:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void palDr2af ( int ndp, double angle, char *sign, int idmsf[4] ) {
data/starlink-pal-0.9.8/palOne2One.c:729:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void palDr2tf( int ndp, double angle, char *sign, int ihmsf[4] ) {
data/starlink-pal-0.9.8/palPreces.c:99:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void palPreces ( const char sys[3], double ep0, double ep1,
data/starlink-pal-0.9.8/palTest.c:161:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/starlink-pal-0.9.8/palTest.c:165:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf, "%d,%d", i, j );
data/starlink-pal-0.9.8/palTest.c:176:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/starlink-pal-0.9.8/palTest.c:178:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf, "%d", i );
data/starlink-pal-0.9.8/palTest.c:1430:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shortname[11];
data/starlink-pal-0.9.8/palTest.c:1431:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char longname[41];
data/starlink-pal-0.9.8/palTest.c:2020:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char verstring[32];
data/starlink-pal-0.9.8/palDfltin.c:188:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( tempbuf, &(string[*nstrt-1]), sizeof(tempbuf));
data/starlink-pal-0.9.8/palObs.c:150:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( dest, src, size );
data/starlink-pal-0.9.8/palVers.c:83:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( dest, src, size );
ANALYSIS SUMMARY:
Hits = 29
Lines analyzed = 20242 in approximately 0.63 seconds (32118 lines/second)
Physical Source Lines of Code (SLOC) = 6689
Hits@level = [0] 7 [1] 3 [2] 26 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 36 [1+] 29 [2+] 26 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 5.38197 [1+] 4.33548 [2+] 3.88698 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.