Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/starlink-pal-0.9.8/pal.h Examining data/starlink-pal-0.9.8/pal1.h Examining data/starlink-pal-0.9.8/pal1Atms.c Examining data/starlink-pal-0.9.8/pal1Atmt.c Examining data/starlink-pal-0.9.8/pal1sofa.h Examining data/starlink-pal-0.9.8/palAddet.c Examining data/starlink-pal-0.9.8/palAirmas.c Examining data/starlink-pal-0.9.8/palAltaz.c Examining data/starlink-pal-0.9.8/palAmp.c Examining data/starlink-pal-0.9.8/palAmpqk.c Examining data/starlink-pal-0.9.8/palAop.c Examining data/starlink-pal-0.9.8/palAoppa.c Examining data/starlink-pal-0.9.8/palAoppat.c Examining data/starlink-pal-0.9.8/palAopqk.c Examining data/starlink-pal-0.9.8/palAtmdsp.c Examining data/starlink-pal-0.9.8/palCaldj.c Examining data/starlink-pal-0.9.8/palDafin.c Examining data/starlink-pal-0.9.8/palDat.c Examining data/starlink-pal-0.9.8/palDe2h.c Examining data/starlink-pal-0.9.8/palDeuler.c Examining data/starlink-pal-0.9.8/palDfltin.c Examining data/starlink-pal-0.9.8/palDh2e.c Examining data/starlink-pal-0.9.8/palDjcal.c Examining data/starlink-pal-0.9.8/palDmat.c Examining data/starlink-pal-0.9.8/palDmoon.c Examining data/starlink-pal-0.9.8/palDrange.c Examining data/starlink-pal-0.9.8/palDs2tp.c Examining data/starlink-pal-0.9.8/palDt.c Examining data/starlink-pal-0.9.8/palDtp2s.c Examining data/starlink-pal-0.9.8/palDtps2c.c Examining data/starlink-pal-0.9.8/palDtt.c Examining data/starlink-pal-0.9.8/palEcleq.c Examining data/starlink-pal-0.9.8/palEcmat.c Examining data/starlink-pal-0.9.8/palEl2ue.c Examining data/starlink-pal-0.9.8/palEpco.c Examining data/starlink-pal-0.9.8/palEpv.c Examining data/starlink-pal-0.9.8/palEqecl.c Examining data/starlink-pal-0.9.8/palEqgal.c Examining data/starlink-pal-0.9.8/palEtrms.c Examining data/starlink-pal-0.9.8/palEvp.c Examining data/starlink-pal-0.9.8/palFk45z.c Examining data/starlink-pal-0.9.8/palFk524.c Examining data/starlink-pal-0.9.8/palFk54z.c Examining data/starlink-pal-0.9.8/palGaleq.c Examining data/starlink-pal-0.9.8/palGalsup.c Examining data/starlink-pal-0.9.8/palGe50.c Examining data/starlink-pal-0.9.8/palGeoc.c Examining data/starlink-pal-0.9.8/palIntin.c Examining data/starlink-pal-0.9.8/palMap.c Examining data/starlink-pal-0.9.8/palMappa.c Examining data/starlink-pal-0.9.8/palMapqk.c Examining data/starlink-pal-0.9.8/palMapqkz.c Examining data/starlink-pal-0.9.8/palNut.c Examining data/starlink-pal-0.9.8/palNutc.c Examining data/starlink-pal-0.9.8/palOap.c Examining data/starlink-pal-0.9.8/palOapqk.c Examining data/starlink-pal-0.9.8/palObs.c Examining data/starlink-pal-0.9.8/palOne2One.c Examining data/starlink-pal-0.9.8/palPa.c Examining data/starlink-pal-0.9.8/palPcd.c Examining data/starlink-pal-0.9.8/palPertel.c Examining data/starlink-pal-0.9.8/palPertue.c Examining data/starlink-pal-0.9.8/palPlanel.c Examining data/starlink-pal-0.9.8/palPlanet.c Examining data/starlink-pal-0.9.8/palPlante.c Examining data/starlink-pal-0.9.8/palPlantu.c Examining data/starlink-pal-0.9.8/palPm.c Examining data/starlink-pal-0.9.8/palPolmo.c Examining data/starlink-pal-0.9.8/palPrebn.c Examining data/starlink-pal-0.9.8/palPrec.c Examining data/starlink-pal-0.9.8/palPreces.c Examining data/starlink-pal-0.9.8/palPrenut.c Examining data/starlink-pal-0.9.8/palPv2el.c Examining data/starlink-pal-0.9.8/palPv2ue.c Examining data/starlink-pal-0.9.8/palPvobs.c Examining data/starlink-pal-0.9.8/palRanorm.c Examining data/starlink-pal-0.9.8/palRdplan.c Examining data/starlink-pal-0.9.8/palRefco.c Examining data/starlink-pal-0.9.8/palRefro.c Examining data/starlink-pal-0.9.8/palRefv.c Examining data/starlink-pal-0.9.8/palRefz.c Examining data/starlink-pal-0.9.8/palRverot.c Examining data/starlink-pal-0.9.8/palRvgalc.c Examining data/starlink-pal-0.9.8/palRvlg.c Examining data/starlink-pal-0.9.8/palRvlsrd.c Examining data/starlink-pal-0.9.8/palRvlsrk.c Examining data/starlink-pal-0.9.8/palSubet.c Examining data/starlink-pal-0.9.8/palSupgal.c Examining data/starlink-pal-0.9.8/palTest.c Examining data/starlink-pal-0.9.8/palUe2el.c Examining data/starlink-pal-0.9.8/palUe2pv.c Examining data/starlink-pal-0.9.8/palUnpcd.c Examining data/starlink-pal-0.9.8/palVers.c Examining data/starlink-pal-0.9.8/palmac.h FINAL RESULTS: data/starlink-pal-0.9.8/pal.h:119:38: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void palCd2tf ( int ndp, float days, char *sign, int ihmsf[4] ); data/starlink-pal-0.9.8/pal.h:127:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void palCr2af ( int ndp, float angle, char *sign, int idmsf[4] ); data/starlink-pal-0.9.8/pal.h:129:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void palCr2tf ( int ndp, float angle, char *sign, int ihmsf[4] ); data/starlink-pal-0.9.8/pal.h:163:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void palDd2tf ( int ndp, double days, char *sign, int ihmsf[4] ); data/starlink-pal-0.9.8/pal.h:168:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void palDeuler ( const char *order, double phi, double theta, double psi, data/starlink-pal-0.9.8/pal.h:193:40: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void palDr2af ( int ndp, double angle, char *sign, int idmsf[4] ); data/starlink-pal-0.9.8/pal.h:195:40: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void palDr2tf ( int ndp, double angle, char *sign, int ihmsf[4] ); data/starlink-pal-0.9.8/pal.h:277:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void palEuler ( const char *order, float phi, float theta, float psi, data/starlink-pal-0.9.8/pal.h:375:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void palOapqk ( const char *type, double ob1, double ob2, const double aoprms[14], data/starlink-pal-0.9.8/pal.h:433:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void palPreces ( const char sys[3], double ep0, double ep1, data/starlink-pal-0.9.8/palDeuler.c:95:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. palDeuler( const char *order, double phi, double theta, double psi, data/starlink-pal-0.9.8/palDfltin.c:157:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempbuf[256]; data/starlink-pal-0.9.8/palOapqk.c:150:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void palOapqk ( const char *type, double ob1, double ob2, const double aoprms[14], data/starlink-pal-0.9.8/palObs.c:175:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shortname[11]; data/starlink-pal-0.9.8/palObs.c:176:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char longname[41]; data/starlink-pal-0.9.8/palOne2One.c:408:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void palDd2tf ( int ndp, double days, char *sign, int ihmsf[4] ) { data/starlink-pal-0.9.8/palOne2One.c:689:40: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void palDr2af ( int ndp, double angle, char *sign, int idmsf[4] ) { data/starlink-pal-0.9.8/palOne2One.c:729:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void palDr2tf( int ndp, double angle, char *sign, int ihmsf[4] ) { data/starlink-pal-0.9.8/palPreces.c:99:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void palPreces ( const char sys[3], double ep0, double ep1, data/starlink-pal-0.9.8/palTest.c:161:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[10]; data/starlink-pal-0.9.8/palTest.c:165:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "%d,%d", i, j ); data/starlink-pal-0.9.8/palTest.c:176:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[10]; data/starlink-pal-0.9.8/palTest.c:178:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "%d", i ); data/starlink-pal-0.9.8/palTest.c:1430:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shortname[11]; data/starlink-pal-0.9.8/palTest.c:1431:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char longname[41]; data/starlink-pal-0.9.8/palTest.c:2020:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char verstring[32]; data/starlink-pal-0.9.8/palDfltin.c:188:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( tempbuf, &(string[*nstrt-1]), sizeof(tempbuf)); data/starlink-pal-0.9.8/palObs.c:150:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( dest, src, size ); data/starlink-pal-0.9.8/palVers.c:83:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( dest, src, size ); ANALYSIS SUMMARY: Hits = 29 Lines analyzed = 20242 in approximately 0.63 seconds (32118 lines/second) Physical Source Lines of Code (SLOC) = 6689 Hits@level = [0] 7 [1] 3 [2] 26 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 36 [1+] 29 [2+] 26 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 5.38197 [1+] 4.33548 [2+] 3.88698 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.