Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/erfa-1.7.1/src/a2af.c Examining data/erfa-1.7.1/src/a2tf.c Examining data/erfa-1.7.1/src/ab.c Examining data/erfa-1.7.1/src/ae2hd.c Examining data/erfa-1.7.1/src/af2a.c Examining data/erfa-1.7.1/src/anp.c Examining data/erfa-1.7.1/src/anpm.c Examining data/erfa-1.7.1/src/apcg.c Examining data/erfa-1.7.1/src/apcg13.c Examining data/erfa-1.7.1/src/apci.c Examining data/erfa-1.7.1/src/apci13.c Examining data/erfa-1.7.1/src/apco.c Examining data/erfa-1.7.1/src/apco13.c Examining data/erfa-1.7.1/src/apcs.c Examining data/erfa-1.7.1/src/apcs13.c Examining data/erfa-1.7.1/src/aper.c Examining data/erfa-1.7.1/src/aper13.c Examining data/erfa-1.7.1/src/apio.c Examining data/erfa-1.7.1/src/apio13.c Examining data/erfa-1.7.1/src/atci13.c Examining data/erfa-1.7.1/src/atciq.c Examining data/erfa-1.7.1/src/atciqn.c Examining data/erfa-1.7.1/src/atciqz.c Examining data/erfa-1.7.1/src/atco13.c Examining data/erfa-1.7.1/src/atic13.c Examining data/erfa-1.7.1/src/aticq.c Examining data/erfa-1.7.1/src/aticqn.c Examining data/erfa-1.7.1/src/atio13.c Examining data/erfa-1.7.1/src/atioq.c Examining data/erfa-1.7.1/src/atoc13.c Examining data/erfa-1.7.1/src/atoi13.c Examining data/erfa-1.7.1/src/atoiq.c Examining data/erfa-1.7.1/src/bi00.c Examining data/erfa-1.7.1/src/bp00.c Examining data/erfa-1.7.1/src/bp06.c Examining data/erfa-1.7.1/src/bpn2xy.c Examining data/erfa-1.7.1/src/c2i00a.c Examining data/erfa-1.7.1/src/c2i00b.c Examining data/erfa-1.7.1/src/c2i06a.c Examining data/erfa-1.7.1/src/c2ibpn.c Examining data/erfa-1.7.1/src/c2ixy.c Examining data/erfa-1.7.1/src/c2ixys.c Examining data/erfa-1.7.1/src/c2s.c Examining data/erfa-1.7.1/src/c2t00a.c Examining data/erfa-1.7.1/src/c2t00b.c Examining data/erfa-1.7.1/src/c2t06a.c Examining data/erfa-1.7.1/src/c2tcio.c Examining data/erfa-1.7.1/src/c2teqx.c Examining data/erfa-1.7.1/src/c2tpe.c Examining data/erfa-1.7.1/src/c2txy.c Examining data/erfa-1.7.1/src/cal2jd.c Examining data/erfa-1.7.1/src/cp.c Examining data/erfa-1.7.1/src/cpv.c Examining data/erfa-1.7.1/src/cr.c Examining data/erfa-1.7.1/src/d2dtf.c Examining data/erfa-1.7.1/src/d2tf.c Examining data/erfa-1.7.1/src/dat.c Examining data/erfa-1.7.1/src/dtdb.c Examining data/erfa-1.7.1/src/dtf2d.c Examining data/erfa-1.7.1/src/eceq06.c Examining data/erfa-1.7.1/src/ecm06.c Examining data/erfa-1.7.1/src/ee00.c Examining data/erfa-1.7.1/src/ee00a.c Examining data/erfa-1.7.1/src/ee00b.c Examining data/erfa-1.7.1/src/ee06a.c Examining data/erfa-1.7.1/src/eect00.c Examining data/erfa-1.7.1/src/eform.c Examining data/erfa-1.7.1/src/eo06a.c Examining data/erfa-1.7.1/src/eors.c Examining data/erfa-1.7.1/src/epb.c Examining data/erfa-1.7.1/src/epb2jd.c Examining data/erfa-1.7.1/src/epj.c Examining data/erfa-1.7.1/src/epj2jd.c Examining data/erfa-1.7.1/src/epv00.c Examining data/erfa-1.7.1/src/eqec06.c Examining data/erfa-1.7.1/src/eqeq94.c Examining data/erfa-1.7.1/src/era00.c Examining data/erfa-1.7.1/src/erfa.h Examining data/erfa-1.7.1/src/erfadatextra.c Examining data/erfa-1.7.1/src/erfadatextra.h Examining data/erfa-1.7.1/src/erfaextra.h Examining data/erfa-1.7.1/src/erfam.h Examining data/erfa-1.7.1/src/erfaversion.c Examining data/erfa-1.7.1/src/fad03.c Examining data/erfa-1.7.1/src/fae03.c Examining data/erfa-1.7.1/src/faf03.c Examining data/erfa-1.7.1/src/faju03.c Examining data/erfa-1.7.1/src/fal03.c Examining data/erfa-1.7.1/src/falp03.c Examining data/erfa-1.7.1/src/fama03.c Examining data/erfa-1.7.1/src/fame03.c Examining data/erfa-1.7.1/src/fane03.c Examining data/erfa-1.7.1/src/faom03.c Examining data/erfa-1.7.1/src/fapa03.c Examining data/erfa-1.7.1/src/fasa03.c Examining data/erfa-1.7.1/src/faur03.c Examining data/erfa-1.7.1/src/fave03.c Examining data/erfa-1.7.1/src/fk425.c Examining data/erfa-1.7.1/src/fk45z.c Examining data/erfa-1.7.1/src/fk524.c Examining data/erfa-1.7.1/src/fk52h.c Examining data/erfa-1.7.1/src/fk54z.c Examining data/erfa-1.7.1/src/fk5hip.c Examining data/erfa-1.7.1/src/fk5hz.c Examining data/erfa-1.7.1/src/fw2m.c Examining data/erfa-1.7.1/src/fw2xy.c Examining data/erfa-1.7.1/src/g2icrs.c Examining data/erfa-1.7.1/src/gc2gd.c Examining data/erfa-1.7.1/src/gc2gde.c Examining data/erfa-1.7.1/src/gd2gc.c Examining data/erfa-1.7.1/src/gd2gce.c Examining data/erfa-1.7.1/src/gmst00.c Examining data/erfa-1.7.1/src/gmst06.c Examining data/erfa-1.7.1/src/gmst82.c Examining data/erfa-1.7.1/src/gst00a.c Examining data/erfa-1.7.1/src/gst00b.c Examining data/erfa-1.7.1/src/gst06.c Examining data/erfa-1.7.1/src/gst06a.c Examining data/erfa-1.7.1/src/gst94.c Examining data/erfa-1.7.1/src/h2fk5.c Examining data/erfa-1.7.1/src/hd2ae.c Examining data/erfa-1.7.1/src/hd2pa.c Examining data/erfa-1.7.1/src/hfk5z.c Examining data/erfa-1.7.1/src/icrs2g.c Examining data/erfa-1.7.1/src/ir.c Examining data/erfa-1.7.1/src/jd2cal.c Examining data/erfa-1.7.1/src/jdcalf.c Examining data/erfa-1.7.1/src/ld.c Examining data/erfa-1.7.1/src/ldn.c Examining data/erfa-1.7.1/src/ldsun.c Examining data/erfa-1.7.1/src/lteceq.c Examining data/erfa-1.7.1/src/ltecm.c Examining data/erfa-1.7.1/src/lteqec.c Examining data/erfa-1.7.1/src/ltp.c Examining data/erfa-1.7.1/src/ltpb.c Examining data/erfa-1.7.1/src/ltpecl.c Examining data/erfa-1.7.1/src/ltpequ.c Examining data/erfa-1.7.1/src/num00a.c Examining data/erfa-1.7.1/src/num00b.c Examining data/erfa-1.7.1/src/num06a.c Examining data/erfa-1.7.1/src/numat.c Examining data/erfa-1.7.1/src/nut00a.c Examining data/erfa-1.7.1/src/nut00b.c Examining data/erfa-1.7.1/src/nut06a.c Examining data/erfa-1.7.1/src/nut80.c Examining data/erfa-1.7.1/src/nutm80.c Examining data/erfa-1.7.1/src/obl06.c Examining data/erfa-1.7.1/src/obl80.c Examining data/erfa-1.7.1/src/p06e.c Examining data/erfa-1.7.1/src/p2pv.c Examining data/erfa-1.7.1/src/p2s.c Examining data/erfa-1.7.1/src/pap.c Examining data/erfa-1.7.1/src/pas.c Examining data/erfa-1.7.1/src/pb06.c Examining data/erfa-1.7.1/src/pdp.c Examining data/erfa-1.7.1/src/pfw06.c Examining data/erfa-1.7.1/src/plan94.c Examining data/erfa-1.7.1/src/pm.c Examining data/erfa-1.7.1/src/pmat00.c Examining data/erfa-1.7.1/src/pmat06.c Examining data/erfa-1.7.1/src/pmat76.c Examining data/erfa-1.7.1/src/pmp.c Examining data/erfa-1.7.1/src/pmpx.c Examining data/erfa-1.7.1/src/pmsafe.c Examining data/erfa-1.7.1/src/pn.c Examining data/erfa-1.7.1/src/pn00.c Examining data/erfa-1.7.1/src/pn00a.c Examining data/erfa-1.7.1/src/pn00b.c Examining data/erfa-1.7.1/src/pn06.c Examining data/erfa-1.7.1/src/pn06a.c Examining data/erfa-1.7.1/src/pnm00a.c Examining data/erfa-1.7.1/src/pnm00b.c Examining data/erfa-1.7.1/src/pnm06a.c Examining data/erfa-1.7.1/src/pnm80.c Examining data/erfa-1.7.1/src/pom00.c Examining data/erfa-1.7.1/src/ppp.c Examining data/erfa-1.7.1/src/ppsp.c Examining data/erfa-1.7.1/src/pr00.c Examining data/erfa-1.7.1/src/prec76.c Examining data/erfa-1.7.1/src/pv2p.c Examining data/erfa-1.7.1/src/pv2s.c Examining data/erfa-1.7.1/src/pvdpv.c Examining data/erfa-1.7.1/src/pvm.c Examining data/erfa-1.7.1/src/pvmpv.c Examining data/erfa-1.7.1/src/pvppv.c Examining data/erfa-1.7.1/src/pvstar.c Examining data/erfa-1.7.1/src/pvtob.c Examining data/erfa-1.7.1/src/pvu.c Examining data/erfa-1.7.1/src/pvup.c Examining data/erfa-1.7.1/src/pvxpv.c Examining data/erfa-1.7.1/src/pxp.c Examining data/erfa-1.7.1/src/refco.c Examining data/erfa-1.7.1/src/rm2v.c Examining data/erfa-1.7.1/src/rv2m.c Examining data/erfa-1.7.1/src/rx.c Examining data/erfa-1.7.1/src/rxp.c Examining data/erfa-1.7.1/src/rxpv.c Examining data/erfa-1.7.1/src/rxr.c Examining data/erfa-1.7.1/src/ry.c Examining data/erfa-1.7.1/src/rz.c Examining data/erfa-1.7.1/src/s00.c Examining data/erfa-1.7.1/src/s00a.c Examining data/erfa-1.7.1/src/s00b.c Examining data/erfa-1.7.1/src/s06.c Examining data/erfa-1.7.1/src/s06a.c Examining data/erfa-1.7.1/src/s2c.c Examining data/erfa-1.7.1/src/s2p.c Examining data/erfa-1.7.1/src/s2pv.c Examining data/erfa-1.7.1/src/s2xpv.c Examining data/erfa-1.7.1/src/sepp.c Examining data/erfa-1.7.1/src/seps.c Examining data/erfa-1.7.1/src/sp00.c Examining data/erfa-1.7.1/src/starpm.c Examining data/erfa-1.7.1/src/starpv.c Examining data/erfa-1.7.1/src/sxp.c Examining data/erfa-1.7.1/src/sxpv.c Examining data/erfa-1.7.1/src/t_erfa_c.c Examining data/erfa-1.7.1/src/t_erfa_c_extra.c Examining data/erfa-1.7.1/src/taitt.c Examining data/erfa-1.7.1/src/taiut1.c Examining data/erfa-1.7.1/src/taiutc.c Examining data/erfa-1.7.1/src/tcbtdb.c Examining data/erfa-1.7.1/src/tcgtt.c Examining data/erfa-1.7.1/src/tdbtcb.c Examining data/erfa-1.7.1/src/tdbtt.c Examining data/erfa-1.7.1/src/tf2a.c Examining data/erfa-1.7.1/src/tf2d.c Examining data/erfa-1.7.1/src/tpors.c Examining data/erfa-1.7.1/src/tporv.c Examining data/erfa-1.7.1/src/tpsts.c Examining data/erfa-1.7.1/src/tpstv.c Examining data/erfa-1.7.1/src/tpxes.c Examining data/erfa-1.7.1/src/tpxev.c Examining data/erfa-1.7.1/src/tr.c Examining data/erfa-1.7.1/src/trxp.c Examining data/erfa-1.7.1/src/trxpv.c Examining data/erfa-1.7.1/src/tttai.c Examining data/erfa-1.7.1/src/tttcg.c Examining data/erfa-1.7.1/src/tttdb.c Examining data/erfa-1.7.1/src/ttut1.c Examining data/erfa-1.7.1/src/ut1tai.c Examining data/erfa-1.7.1/src/ut1tt.c Examining data/erfa-1.7.1/src/ut1utc.c Examining data/erfa-1.7.1/src/utctai.c Examining data/erfa-1.7.1/src/utcut1.c Examining data/erfa-1.7.1/src/xy06.c Examining data/erfa-1.7.1/src/xys00a.c Examining data/erfa-1.7.1/src/xys00b.c Examining data/erfa-1.7.1/src/xys06a.c Examining data/erfa-1.7.1/src/zp.c Examining data/erfa-1.7.1/src/zpv.c Examining data/erfa-1.7.1/src/zr.c FINAL RESULTS: data/erfa-1.7.1/src/a2af.c:3:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void eraA2af(int ndp, double angle, char *sign, int idmsf[4]) data/erfa-1.7.1/src/a2tf.c:3:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void eraA2tf(int ndp, double angle, char *sign, int ihmsf[4]) data/erfa-1.7.1/src/d2dtf.c:4:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int eraD2dtf(const char *scale, int ndp, double d1, double d2, data/erfa-1.7.1/src/d2tf.c:3:36: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void eraD2tf(int ndp, double days, char *sign, int ihmsf[4]) data/erfa-1.7.1/src/erfa.h:356:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int eraD2dtf(const char *scale, int ndp, double d1, double d2, data/erfa-1.7.1/src/erfa.h:408:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void eraA2af(int ndp, double angle, char *sign, int idmsf[4]); data/erfa-1.7.1/src/erfa.h:409:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void eraA2tf(int ndp, double angle, char *sign, int ihmsf[4]); data/erfa-1.7.1/src/erfa.h:413:36: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void eraD2tf(int ndp, double days, char *sign, int ihmsf[4]); data/erfa-1.7.1/src/t_erfa_c_extra.c:27:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[3]; data/erfa-1.7.1/src/t_erfa_c_extra.c:31:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", eraVersionMajor()); data/erfa-1.7.1/src/t_erfa_c_extra.c:38:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", eraVersionMinor()); data/erfa-1.7.1/src/t_erfa_c_extra.c:45:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", eraVersionMicro()); ANALYSIS SUMMARY: Hits = 12 Lines analyzed = 56763 in approximately 2.59 seconds (21925 lines/second) Physical Source Lines of Code (SLOC) = 17227 Hits@level = [0] 16 [1] 0 [2] 12 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 28 [1+] 12 [2+] 12 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.62536 [1+] 0.696581 [2+] 0.696581 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.