Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/hodie-1.5.0/src/version.c
Examining data/hodie-1.5.0/src/includes.h
Examining data/hodie-1.5.0/src/hodie.h
Examining data/hodie-1.5.0/src/help.c
Examining data/hodie-1.5.0/src/date_to_roman.c
Examining data/hodie-1.5.0/src/strings.h
Examining data/hodie-1.5.0/src/to_roman_numerals.c
Examining data/hodie-1.5.0/src/to_roman.c
Examining data/hodie-1.5.0/src/version.h
Examining data/hodie-1.5.0/src/isleap.c
Examining data/hodie-1.5.0/src/parse_date.c
Examining data/hodie-1.5.0/src/to_roman.h
Examining data/hodie-1.5.0/src/hodie.c
FINAL RESULTS:
data/hodie-1.5.0/src/date_to_roman.c:244:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s %s %s",terse[kni],month_terse[month],
data/hodie-1.5.0/src/date_to_roman.c:252:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s %s %s %s",pripost_terse[POS],terse[kni],
data/hodie-1.5.0/src/date_to_roman.c:258:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s %s %s %s",pripost_terse[PR],terse[kni],
data/hodie-1.5.0/src/date_to_roman.c:268:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s %s %s %s bis %s",pripost_terse[AD],
data/hodie-1.5.0/src/date_to_roman.c:274:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s %s %s bis %s", numeral, terse[kni],
data/hodie-1.5.0/src/date_to_roman.c:284:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s %s %s %s %s",pripost_terse[AD],
data/hodie-1.5.0/src/date_to_roman.c:288:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s %s %s %s", numeral, terse[kni],
data/hodie-1.5.0/src/date_to_roman.c:308:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s %s %s",abl[kni],month_abl[month],num_year);
data/hodie-1.5.0/src/date_to_roman.c:315:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s %s %s %s",pripost[POS],ack[kni],
data/hodie-1.5.0/src/date_to_roman.c:321:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s %s %s %s",pripost[PR],ack[kni],
data/hodie-1.5.0/src/date_to_roman.c:342:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s %s %s %s bis %s", pripost[AD], numeral,
data/hodie-1.5.0/src/date_to_roman.c:345:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s %s %s bis %s", numeral,
data/hodie-1.5.0/src/date_to_roman.c:352:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s %s %s %s %s", pripost[AD], numeral, ack[kni],
data/hodie-1.5.0/src/date_to_roman.c:355:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s %s %s %s", numeral, ack[kni],
data/hodie-1.5.0/src/to_roman.c:227:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s %s et %s", tmp1, milia[m.casus], tmp);
data/hodie-1.5.0/src/to_roman.c:229:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s %s %s", tmp1, milia[m.casus], tmp);
data/hodie-1.5.0/src/to_roman.c:237:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "mille et %s", tmp);
data/hodie-1.5.0/src/to_roman.c:239:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "mille %s", tmp);
data/hodie-1.5.0/src/to_roman.c:246:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s%s et %s", cent[(n-(n%100))/100],
data/hodie-1.5.0/src/to_roman.c:249:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s%s %s", cent[(n-(n%100))/100],
data/hodie-1.5.0/src/to_roman.c:258:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s et %s", cent[1], tmp);
data/hodie-1.5.0/src/to_roman.c:260:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s %s", cent[1], tmp);
data/hodie-1.5.0/src/to_roman.c:267:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s et %s", one[n%10], ten[9]);
data/hodie-1.5.0/src/to_roman.c:269:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s %s", one[n%10], ten[9]);
data/hodie-1.5.0/src/to_roman.c:277:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s", ten[n/10]);
data/hodie-1.5.0/src/to_roman.c:281:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s et %s",
data/hodie-1.5.0/src/to_roman.c:284:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s %s", ten[(n-1)/10],
data/hodie-1.5.0/src/to_roman.c:289:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s et %s",
data/hodie-1.5.0/src/to_roman.c:292:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s %s", ten[(n-1)/10],
data/hodie-1.5.0/src/to_roman.c:297:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s et %s",
data/hodie-1.5.0/src/to_roman.c:300:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s %s", ten[(n-1)/10],
data/hodie-1.5.0/src/to_roman.c:304:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s%s", duode[1], ten[(n+2)/10]);
data/hodie-1.5.0/src/to_roman.c:307:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s%s", duode[0], ten[(n+1)/10]);
data/hodie-1.5.0/src/to_roman.c:311:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s et %s", one[n%10],ten[(n-(n%10))/10]);
data/hodie-1.5.0/src/to_roman.c:313:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s %s", ten[(n-(n%10))/10], one[n%10]);
data/hodie-1.5.0/src/to_roman.c:323:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s", unus[15*m.numerus+3*m.casus+m.genus]);
data/hodie-1.5.0/src/to_roman.c:326:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s", duo[3*m.casus+m.genus]);
data/hodie-1.5.0/src/to_roman.c:329:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s", tres[3*m.casus+m.genus]);
data/hodie-1.5.0/src/to_roman.c:332:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s%s", duode[1], ten[2]);
data/hodie-1.5.0/src/to_roman.c:335:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s%s", duode[0], ten[2]);
data/hodie-1.5.0/src/to_roman.c:338:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s", one[n]);
data/hodie-1.5.0/src/to_roman.c:353:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s%s",primus[n],regular[m.numerus*15+m.casus*3+m.genus]);
data/hodie-1.5.0/src/to_roman.c:358:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s%s %s%s",decimus[1],
data/hodie-1.5.0/src/to_roman.c:370:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s %s%s", tmp, millesimus,
data/hodie-1.5.0/src/to_roman.c:375:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s%s", millesimus,
data/hodie-1.5.0/src/to_roman.c:385:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s %s%s %s", tmp1, millesimus,
data/hodie-1.5.0/src/to_roman.c:390:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s%s %s", millesimus,
data/hodie-1.5.0/src/to_roman.c:400:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp1,"%s%s",centesimus[(n-(n%100))/100],
data/hodie-1.5.0/src/to_roman.c:403:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s %s",tmp1, tmp);
data/hodie-1.5.0/src/to_roman.c:405:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s",tmp1);
data/hodie-1.5.0/src/to_roman.c:412:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s%s%s",duode[9-n%10],decimus[(n+(10-n%10))/10],
data/hodie-1.5.0/src/to_roman.c:418:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s%s",decimus[n/10],
data/hodie-1.5.0/src/to_roman.c:422:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s%s %s%s",decimus[(n-(n%10))/10],
data/hodie-1.5.0/src/to_roman.c:446:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s",milies);
data/hodie-1.5.0/src/to_roman.c:455:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s %s %s",tmp1, milies, tmp);
data/hodie-1.5.0/src/to_roman.c:457:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s %s",tmp1, milies);
data/hodie-1.5.0/src/to_roman.c:467:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s %s", centies[n_hi], tmp);
data/hodie-1.5.0/src/to_roman.c:475:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s",decies[n/10]);
data/hodie-1.5.0/src/to_roman.c:484:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s et %s", semel[n%10], decies[(n-(n%10))/10]);
data/hodie-1.5.0/src/to_roman.c:488:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s%s", duode[9-(n%10)], decies[(n+10-(n%10))/10]);
data/hodie-1.5.0/src/to_roman.c:493:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s", semel[n]);
data/hodie-1.5.0/src/to_roman_numerals.c:15:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s",naught);
data/hodie-1.5.0/src/to_roman_numerals.c:33:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s%s%s%s",mils[m],cents[c],tens[t],ones[o]);
data/hodie-1.5.0/src/hodie.c:56:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv,
data/hodie-1.5.0/src/date_to_roman.c:63:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numeral[80], num_year[80];
data/hodie-1.5.0/src/hodie.c:9:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sec[16],min[16],hrs[16],day[16],mon[16],year[16],verbose[80],datetype[16],dateval[16];
data/hodie-1.5.0/src/hodie.c:102:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
auc_base = atoi(optarg);
data/hodie-1.5.0/src/hodie.c:106:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p_ts->tm_year = atoi(optarg);
data/hodie-1.5.0/src/hodie.c:110:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p_ts->tm_mon = atoi(optarg)-1; // 0-indexed months
data/hodie-1.5.0/src/hodie.c:114:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p_ts->tm_mday = atoi(optarg);
data/hodie-1.5.0/src/to_roman.c:3:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *unus[32]={
data/hodie-1.5.0/src/to_roman.c:16:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *duo[16]={
data/hodie-1.5.0/src/to_roman.c:23:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *tres[16]={
data/hodie-1.5.0/src/to_roman.c:30:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *duode[2]={"unde","duode"};
data/hodie-1.5.0/src/to_roman.c:32:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *one[20]={"",
data/hodie-1.5.0/src/to_roman.c:51:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *ten[15]={"",
data/hodie-1.5.0/src/to_roman.c:62:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *cent[15]={"",
data/hodie-1.5.0/src/to_roman.c:73:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *regular[32]={"us","a","um",
data/hodie-1.5.0/src/to_roman.c:85:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *milia[16]={"milia",
data/hodie-1.5.0/src/to_roman.c:91:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *primus[13]={"",
data/hodie-1.5.0/src/to_roman.c:210:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[80], tmp1[80];
data/hodie-1.5.0/src/to_roman.c:349:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[80], tmp1[80];
data/hodie-1.5.0/src/to_roman.c:431:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str,"Distributives coming soon");
data/hodie-1.5.0/src/to_roman.c:437:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[80], tmp1[80];
data/hodie-1.5.0/src/hodie.c:95:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(datetype,optarg,16);
data/hodie-1.5.0/src/hodie.c:134:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dateval,argv[optind++],16);
data/hodie-1.5.0/src/to_roman.c:217:2: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(str, " ");
ANALYSIS SUMMARY:
Hits = 87
Lines analyzed = 1260 in approximately 0.13 seconds (9862 lines/second)
Physical Source Lines of Code (SLOC) = 1132
Hits@level = [0] 31 [1] 3 [2] 20 [3] 1 [4] 63 [5] 0
Hits@level+ = [0+] 118 [1+] 87 [2+] 84 [3+] 64 [4+] 63 [5+] 0
Hits/KSLOC@level+ = [0+] 104.24 [1+] 76.8551 [2+] 74.2049 [3+] 56.5371 [4+] 55.6537 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.