Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libbson-xs-perl-0.8.4/bson/b64_ntop.h
Examining data/libbson-xs-perl-0.8.4/bson/bson-context.c
Examining data/libbson-xs-perl-0.8.4/bson/bson-oid.c
Examining data/libbson-xs-perl-0.8.4/bson/bson.h
Examining data/libbson-xs-perl-0.8.4/bson/bson-error.c
Examining data/libbson-xs-perl-0.8.4/bson/bson-atomic.c
Examining data/libbson-xs-perl-0.8.4/bson/bson-string.c
Examining data/libbson-xs-perl-0.8.4/bson/bson-keys.c
Examining data/libbson-xs-perl-0.8.4/bson/bson-timegm-private.h
Examining data/libbson-xs-perl-0.8.4/bson/bson-iter.c
Examining data/libbson-xs-perl-0.8.4/bson/bson-iso8601.c
Examining data/libbson-xs-perl-0.8.4/bson/bson-endian.h
Examining data/libbson-xs-perl-0.8.4/bson/bson-decimal128.h
Examining data/libbson-xs-perl-0.8.4/bson/bson-md5.c
Examining data/libbson-xs-perl-0.8.4/bson/bson-memory.c
Examining data/libbson-xs-perl-0.8.4/bson/bson-writer.c
Examining data/libbson-xs-perl-0.8.4/bson/bson-iso8601-private.h
Examining data/libbson-xs-perl-0.8.4/bson/bson-clock.h
Examining data/libbson-xs-perl-0.8.4/bson/bson-value.c
Examining data/libbson-xs-perl-0.8.4/bson/bson-reader.h
Examining data/libbson-xs-perl-0.8.4/bson/bson-version.c
Examining data/libbson-xs-perl-0.8.4/bson/bson-utf8.h
Examining data/libbson-xs-perl-0.8.4/bson/bson-string.h
Examining data/libbson-xs-perl-0.8.4/bson/bson-atomic.h
Examining data/libbson-xs-perl-0.8.4/bson/bson-keys.h
Examining data/libbson-xs-perl-0.8.4/bson/bson.c
Examining data/libbson-xs-perl-0.8.4/bson/bson-error.h
Examining data/libbson-xs-perl-0.8.4/bson/bson-oid.h
Examining data/libbson-xs-perl-0.8.4/bson/bson-stdint.h
Examining data/libbson-xs-perl-0.8.4/bson/bson-context.h
Examining data/libbson-xs-perl-0.8.4/bson/bson-private.h
Examining data/libbson-xs-perl-0.8.4/bson/bson-context-private.h
Examining data/libbson-xs-perl-0.8.4/bson/bson-types.h
Examining data/libbson-xs-perl-0.8.4/bson/bson-stdint-win32.h
Examining data/libbson-xs-perl-0.8.4/bson/bson-iter.h
Examining data/libbson-xs-perl-0.8.4/bson/bson-thread-private.h
Examining data/libbson-xs-perl-0.8.4/bson/bson-writer.h
Examining data/libbson-xs-perl-0.8.4/bson/bson-memory.h
Examining data/libbson-xs-perl-0.8.4/bson/b64_pton.h
Examining data/libbson-xs-perl-0.8.4/bson/bson-compat.h
Examining data/libbson-xs-perl-0.8.4/bson/bson-decimal128.c
Examining data/libbson-xs-perl-0.8.4/bson/bson-macros.h
Examining data/libbson-xs-perl-0.8.4/bson/bson-md5.h
Examining data/libbson-xs-perl-0.8.4/bson/bson-timegm.c
Examining data/libbson-xs-perl-0.8.4/bson/bson-version.h
Examining data/libbson-xs-perl-0.8.4/bson/bson-utf8.c
Examining data/libbson-xs-perl-0.8.4/bson/bson-reader.c
Examining data/libbson-xs-perl-0.8.4/bson/bson-clock.c
Examining data/libbson-xs-perl-0.8.4/bson/bson-value.h
Examining data/libbson-xs-perl-0.8.4/ppport.h
Examining data/libbson-xs-perl-0.8.4/pstdint.h
FINAL RESULTS:
data/libbson-xs-perl-0.8.4/bson/bson-decimal128.c:543:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
# define SSCANF sscanf
data/libbson-xs-perl-0.8.4/bson/bson-macros.h:194:57: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define BSON_GNUC_PRINTF(f, v) __attribute__((format (printf, f, v)))
data/libbson-xs-perl-0.8.4/bson/bson-string.c:620:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
r = vsnprintf (str, size, format, ap);
data/libbson-xs-perl-0.8.4/ppport.h:7585:14: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
retval = vsnprintf(buffer, len, format, ap);
data/libbson-xs-perl-0.8.4/ppport.h:7587:14: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
retval = vsprintf(buffer, format, ap);
data/libbson-xs-perl-0.8.4/ppport.h:7617:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buffer, pat, args);
data/libbson-xs-perl-0.8.4/bson/bson-context.c:351:4: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(real_seed);
data/libbson-xs-perl-0.8.4/bson/bson-thread-private.h:56:43: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
# define bson_mutex_init InitializeCriticalSection
data/libbson-xs-perl-0.8.4/bson/bson-thread-private.h:57:43: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
# define bson_mutex_lock EnterCriticalSection
data/libbson-xs-perl-0.8.4/bson/bson-context.c:82:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[HOST_NAME_MAX];
data/libbson-xs-perl-0.8.4/bson/bson-context.c:231:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&oid->bytes[9], ((uint8_t *)&seq) + 1, 3);
data/libbson-xs-perl-0.8.4/bson/bson-context.c:258:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&oid->bytes[9], ((uint8_t *)&seq) + 1, 3);
data/libbson-xs-perl-0.8.4/bson/bson-context.c:288:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&oid->bytes[4], &seq, sizeof (seq));
data/libbson-xs-perl-0.8.4/bson/bson-context.c:315:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&oid->bytes[4], &seq, sizeof (seq));
data/libbson-xs-perl-0.8.4/bson/bson-context.c:386:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&context->pidbe[0], &pid, 2);
data/libbson-xs-perl-0.8.4/bson/bson-decimal128.c:134:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char significand_str[35]; /* decoded significand digits */
data/libbson-xs-perl-0.8.4/bson/bson-decimal128.c:175:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str_out, "Inf");
data/libbson-xs-perl-0.8.4/bson/bson-decimal128.c:179:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "NaN");
data/libbson-xs-perl-0.8.4/bson/bson-endian.h:222:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&uv, &v, sizeof(v));
data/libbson-xs-perl-0.8.4/bson/bson-iter.c:573:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&val, iter->raw + iter->d1, 1);
data/libbson-xs-perl-0.8.4/bson/bson-iter.c:815:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (binary_len, (iter->raw + iter->d1), sizeof (*binary_len));
data/libbson-xs-perl-0.8.4/bson/bson-iter.c:1219:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret, str, local_length);
data/libbson-xs-perl-0.8.4/bson/bson-iter.c:1388:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (collection_len, (iter->raw + iter->d1), sizeof (*collection_len));
data/libbson-xs-perl-0.8.4/bson/bson-iter.c:1653:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (document_len, (iter->raw + iter->d1), sizeof (*document_len));
data/libbson-xs-perl-0.8.4/bson/bson-iter.c:1715:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (array_len, (iter->raw + iter->d1), sizeof (*array_len));
data/libbson-xs-perl-0.8.4/bson/bson-iter.c:2072:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((void *)(iter->raw + iter->d1), &value, 1);
data/libbson-xs-perl-0.8.4/bson/bson-iter.c:2104:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((void *)(iter->raw + iter->d1), &value, sizeof (value));
data/libbson-xs-perl-0.8.4/bson/bson-iter.c:2136:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((void *)(iter->raw + iter->d1), &value, sizeof (value));
data/libbson-xs-perl-0.8.4/bson/bson-iter.c:2166:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((void *)(iter->raw + iter->d1), &value, sizeof (value));
data/libbson-xs-perl-0.8.4/bson/bson-iter.c:2198:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((void *)(iter->raw + iter->d1), data, sizeof (data));
data/libbson-xs-perl-0.8.4/bson/bson-iter.c:2200:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((void *)(iter->raw + iter->d1), value, sizeof (*value));
data/libbson-xs-perl-0.8.4/bson/bson-iter.h:454:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&val, iter->raw + iter->d1, 1);
data/libbson-xs-perl-0.8.4/bson/bson-md5.c:365:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pms->buf + offset, p, copy);
data/libbson-xs-perl-0.8.4/bson/bson-md5.c:379:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pms->buf, p, left);
data/libbson-xs-perl-0.8.4/bson/bson-oid.c:129:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&oid->bytes[0], &now, sizeof (now));
data/libbson-xs-perl-0.8.4/bson/bson-oid.c:170:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&oid->bytes[0], &now, sizeof (now));
data/libbson-xs-perl-0.8.4/bson/bson-oid.c:208:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (oid, data, 12);
data/libbson-xs-perl-0.8.4/bson/bson-oid.c:294:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[BSON_ENSURE_ARRAY_PARAM_SIZE(25)]) /* OUT */
data/libbson-xs-perl-0.8.4/bson/bson-oid.h:57:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[25]);
data/libbson-xs-perl-0.8.4/bson/bson-oid.h:141:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dst, src, sizeof *src);
data/libbson-xs-perl-0.8.4/bson/bson-reader.c:476:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&blen, &reader->data[reader->offset], sizeof blen);
data/libbson-xs-perl-0.8.4/bson/bson-reader.c:579:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&blen, &reader->data[reader->offset], sizeof blen);
data/libbson-xs-perl-0.8.4/bson/bson-reader.c:790:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg_buf[BSON_ERROR_BUFFER_SIZE];
data/libbson-xs-perl-0.8.4/bson/bson-reader.c:801:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (path, O_RDONLY);
data/libbson-xs-perl-0.8.4/bson/bson-string.c:74:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret->str, str, ret->len);
data/libbson-xs-perl-0.8.4/bson/bson-string.c:159:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (string->str + string->len, str, len);
data/libbson-xs-perl-0.8.4/bson/bson-string.c:188:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cc[2];
data/libbson-xs-perl-0.8.4/bson/bson-string.c:225:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str [8];
data/libbson-xs-perl-0.8.4/bson/bson-string.c:353:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (out, str, len + 1);
data/libbson-xs-perl-0.8.4/bson/bson-string.c:467:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret, str, n_bytes);
data/libbson-xs-perl-0.8.4/bson/bson-timegm.c:212:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char types[TZ_MAX_TIMES];
data/libbson-xs-perl-0.8.4/bson/bson-timegm.c:214:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chars[BIGGEST(BIGGEST(TZ_MAX_CHARS + 1, sizeof gmt),
data/libbson-xs-perl-0.8.4/bson/bson-types.h:522:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[BSON_ERROR_BUFFER_SIZE];
data/libbson-xs-perl-0.8.4/bson/bson-utf8.c:435:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf8[BSON_ENSURE_ARRAY_PARAM_SIZE(6)], /* OUT */
data/libbson-xs-perl-0.8.4/bson/bson-utf8.h:42:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf8[6],
data/libbson-xs-perl-0.8.4/bson/bson-value.c:40:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dst->value.v_utf8.str,
data/libbson-xs-perl-0.8.4/bson/bson-value.c:49:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dst->value.v_doc.data,
data/libbson-xs-perl-0.8.4/bson/bson-value.c:57:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dst->value.v_binary.data,
data/libbson-xs-perl-0.8.4/bson/bson-value.c:77:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dst->value.v_dbpointer.collection,
data/libbson-xs-perl-0.8.4/bson/bson-value.c:86:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dst->value.v_code.code,
data/libbson-xs-perl-0.8.4/bson/bson-value.c:94:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dst->value.v_symbol.symbol,
data/libbson-xs-perl-0.8.4/bson/bson-value.c:102:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dst->value.v_codewscope.code,
data/libbson-xs-perl-0.8.4/bson/bson-value.c:108:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dst->value.v_codewscope.scope_data,
data/libbson-xs-perl-0.8.4/bson/bson.c:122:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data, impl->data, impl->len);
data/libbson-xs-perl-0.8.4/bson/bson.c:266:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (_bson_data (bson), &bson->len, sizeof (bson->len));
data/libbson-xs-perl-0.8.4/bson/bson.c:269:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (_bson_data (bson), &length_le, sizeof (length_le));
data/libbson-xs-perl-0.8.4/bson/bson.c:326:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, data, data_len);
data/libbson-xs-perl-0.8.4/bson/bson.c:1980:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (_bson_data (bson), data, length);
data/libbson-xs-perl-0.8.4/bson/bson.c:2013:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (*buf, &len_le, sizeof (len_le));
data/libbson-xs-perl-0.8.4/bson/bson.c:2065:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dst, src, sizeof *dst);
data/libbson-xs-perl-0.8.4/bson/bson.c:2085:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (adst->alloc, data, src->len);
data/libbson-xs-perl-0.8.4/bson/bson.c:2212:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dst_inline->data, src_inline->data, sizeof src_inline->data);
data/libbson-xs-perl-0.8.4/bson/bson.c:2217:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dst, src, sizeof (bson_t));
data/libbson-xs-perl-0.8.4/bson/bson.c:2262:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret, inl->data, bson->len);
data/libbson-xs-perl-0.8.4/bson/bson.c:2420:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char decimal128_string[BSON_DECIMAL128_STRING];
data/libbson-xs-perl-0.8.4/bson/bson.c:2486:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[25];
data/libbson-xs-perl-0.8.4/bson/bson.c:2601:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[25];
data/libbson-xs-perl-0.8.4/ppport.h:3920:42: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define CopyD(s,d,n,t) memcpy((char*)(d),(char*)(s), (n) * sizeof(t))
data/libbson-xs-perl-0.8.4/ppport.h:7438:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
&& (xdigit = strchr((char *) PL_hexdigit, s[1])))
data/libbson-xs-perl-0.8.4/ppport.h:7664:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst + used, src, copy);
data/libbson-xs-perl-0.8.4/ppport.h:7694:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, copy);
data/libbson-xs-perl-0.8.4/ppport.h:7787:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char octbuf[32] = "%123456789ABCDF";
data/libbson-xs-perl-0.8.4/ppport.h:7857:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2];
data/libbson-xs-perl-0.8.4/pstdint.h:765:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str0[256], str1[256];
data/libbson-xs-perl-0.8.4/pstdint.h:767:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str0, "%d %x\n", 0, ~0);
data/libbson-xs-perl-0.8.4/pstdint.h:769:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str1, "%d %x\n", i8, ~0);
data/libbson-xs-perl-0.8.4/pstdint.h:771:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str1, "%u %x\n", u8, ~0);
data/libbson-xs-perl-0.8.4/pstdint.h:773:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str1, "%d %x\n", i16, ~0);
data/libbson-xs-perl-0.8.4/pstdint.h:775:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str1, "%u %x\n", u16, ~0);
data/libbson-xs-perl-0.8.4/pstdint.h:777:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str1, "%" PRINTF_INT32_MODIFIER "d %x\n", i32, ~0);
data/libbson-xs-perl-0.8.4/pstdint.h:779:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str1, "%" PRINTF_INT32_MODIFIER "u %x\n", u32, ~0);
data/libbson-xs-perl-0.8.4/pstdint.h:782:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str1, "%" PRINTF_INT64_MODIFIER "d %x\n", i64, ~0);
data/libbson-xs-perl-0.8.4/pstdint.h:785:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str1, "%" PRINTF_INTMAX_MODIFIER "d %x\n", imax, ~0);
data/libbson-xs-perl-0.8.4/pstdint.h:787:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str1, "%" PRINTF_INTMAX_MODIFIER "u %x\n", umax, ~0);
data/libbson-xs-perl-0.8.4/bson/bson-context.c:91:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_md5_append (&md5, (const uint8_t *)hostname, (uint32_t)strlen (hostname));
data/libbson-xs-perl-0.8.4/bson/bson-iter.c:208:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keylen = (int)strlen (key);
data/libbson-xs-perl-0.8.4/bson/bson-iter.c:325:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sublen = strlen (dotkey);
data/libbson-xs-perl-0.8.4/bson/bson-iter.c:1796:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*key && !bson_utf8_validate (key, strlen (key), false)) {
data/libbson-xs-perl-0.8.4/bson/bson-iter.c:2033:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_utf8_validate (key, strlen (key), false)) {
data/libbson-xs-perl-0.8.4/bson/bson-reader.c:265:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read (fd->fd, buf, len);
data/libbson-xs-perl-0.8.4/bson/bson-string.c:62:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret->len = str ? (int)strlen (str) : 0;
data/libbson-xs-perl-0.8.4/bson/bson-string.c:149:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (uint32_t)strlen (str);
data/libbson-xs-perl-0.8.4/bson/bson-string.c:346:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (long)strlen (str);
data/libbson-xs-perl-0.8.4/bson/bson-string.c:567:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (dst, src, size);
data/libbson-xs-perl-0.8.4/bson/bson-utf8.c:278:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8_len = strlen (utf8);
data/libbson-xs-perl-0.8.4/bson/bson.c:443:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_length = (int)strlen (key);
data/libbson-xs-perl-0.8.4/bson/bson.c:724:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_length = (int)strlen (key);
data/libbson-xs-perl-0.8.4/bson/bson.c:795:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_length = (int)strlen (key);
data/libbson-xs-perl-0.8.4/bson/bson.c:858:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_length = (int)strlen (key);
data/libbson-xs-perl-0.8.4/bson/bson.c:907:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_length = (int)strlen (key);
data/libbson-xs-perl-0.8.4/bson/bson.c:910:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = (int)strlen (javascript) + 1;
data/libbson-xs-perl-0.8.4/bson/bson.c:958:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_length = (int)strlen (key);
data/libbson-xs-perl-0.8.4/bson/bson.c:1014:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_length = (int)strlen (key);
data/libbson-xs-perl-0.8.4/bson/bson.c:1017:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = (int)strlen (collection) + 1;
data/libbson-xs-perl-0.8.4/bson/bson.c:1066:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_length = (int)strlen (key);
data/libbson-xs-perl-0.8.4/bson/bson.c:1090:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_length = (int)strlen (key);
data/libbson-xs-perl-0.8.4/bson/bson.c:1119:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_length = (int)strlen (key);
data/libbson-xs-perl-0.8.4/bson/bson.c:1146:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_length = (int)strlen (key);
data/libbson-xs-perl-0.8.4/bson/bson.c:1174:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_length = (int)strlen (key);
data/libbson-xs-perl-0.8.4/bson/bson.c:1380:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_length = (int)strlen (key);
data/libbson-xs-perl-0.8.4/bson/bson.c:1402:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_length = (int)strlen (key);
data/libbson-xs-perl-0.8.4/bson/bson.c:1424:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_length = (int)strlen (key);
data/libbson-xs-perl-0.8.4/bson/bson.c:1448:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_length = (int)strlen (key);
data/libbson-xs-perl-0.8.4/bson/bson.c:1475:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_length = (int)strlen (key);
data/libbson-xs-perl-0.8.4/bson/bson.c:1486:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
regex_len = (int)strlen (regex) + 1;
data/libbson-xs-perl-0.8.4/bson/bson.c:1487:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
options_len = (int)strlen (options) + 1;
data/libbson-xs-perl-0.8.4/bson/bson.c:1517:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_length = (int)strlen (key);
data/libbson-xs-perl-0.8.4/bson/bson.c:1521:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = (int)strlen (value);
data/libbson-xs-perl-0.8.4/bson/bson.c:1555:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_length = (int)strlen (key);
data/libbson-xs-perl-0.8.4/bson/bson.c:1559:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length =(int)strlen (value);
data/libbson-xs-perl-0.8.4/bson/bson.c:1608:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_length =(int)strlen (key);
data/libbson-xs-perl-0.8.4/bson/bson.c:1649:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_length =(int)strlen (key);
data/libbson-xs-perl-0.8.4/bson/bson.c:1692:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_length =(int)strlen (key);
data/libbson-xs-perl-0.8.4/bson/bson.h:100:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_append_array (b, key, (int)strlen (key), val)
data/libbson-xs-perl-0.8.4/bson/bson.h:103:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_append_array_begin (b, key, (int)strlen (key), child)
data/libbson-xs-perl-0.8.4/bson/bson.h:106:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_append_binary (b, key, (int) strlen (key), subtype, val, len)
data/libbson-xs-perl-0.8.4/bson/bson.h:109:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_append_bool (b, key, (int) strlen (key), val)
data/libbson-xs-perl-0.8.4/bson/bson.h:112:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_append_code (b, key, (int) strlen (key), val)
data/libbson-xs-perl-0.8.4/bson/bson.h:115:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_append_code_with_scope (b, key, (int) strlen (key), val, (int) strlen (val), scope)
data/libbson-xs-perl-0.8.4/bson/bson.h:115:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_append_code_with_scope (b, key, (int) strlen (key), val, (int) strlen (val), scope)
data/libbson-xs-perl-0.8.4/bson/bson.h:118:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_append_dbpointer (b, key, (int) strlen (key), coll, oid)
data/libbson-xs-perl-0.8.4/bson/bson.h:121:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_append_document_begin (b, key, (int)strlen (key), child)
data/libbson-xs-perl-0.8.4/bson/bson.h:124:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_append_double (b, key, (int) strlen (key), val)
data/libbson-xs-perl-0.8.4/bson/bson.h:127:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_append_document (b, key, (int) strlen (key), val)
data/libbson-xs-perl-0.8.4/bson/bson.h:130:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_append_int32 (b, key, (int) strlen (key), val)
data/libbson-xs-perl-0.8.4/bson/bson.h:133:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_append_int64 (b, key, (int) strlen (key), val)
data/libbson-xs-perl-0.8.4/bson/bson.h:136:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_append_minkey (b, key, (int) strlen (key))
data/libbson-xs-perl-0.8.4/bson/bson.h:139:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_append_decimal128 (b, key, (int)strlen (key), val)
data/libbson-xs-perl-0.8.4/bson/bson.h:142:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_append_maxkey (b, key, (int) strlen (key))
data/libbson-xs-perl-0.8.4/bson/bson.h:145:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_append_null (b, key, (int) strlen (key))
data/libbson-xs-perl-0.8.4/bson/bson.h:148:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_append_oid (b, key, (int) strlen (key), val)
data/libbson-xs-perl-0.8.4/bson/bson.h:151:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_append_regex (b, key, (int) strlen (key), val, opt)
data/libbson-xs-perl-0.8.4/bson/bson.h:154:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_append_utf8 (b, key, (int) strlen (key), val, (int) strlen (val))
data/libbson-xs-perl-0.8.4/bson/bson.h:154:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_append_utf8 (b, key, (int) strlen (key), val, (int) strlen (val))
data/libbson-xs-perl-0.8.4/bson/bson.h:157:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_append_symbol (b, key, (int) strlen (key), val, (int) strlen (val))
data/libbson-xs-perl-0.8.4/bson/bson.h:157:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_append_symbol (b, key, (int) strlen (key), val, (int) strlen (val))
data/libbson-xs-perl-0.8.4/bson/bson.h:160:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_append_time_t (b, key, (int) strlen (key), val)
data/libbson-xs-perl-0.8.4/bson/bson.h:163:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_append_timeval (b, key, (int) strlen (key), val)
data/libbson-xs-perl-0.8.4/bson/bson.h:166:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_append_date_time (b, key, (int) strlen (key), val)
data/libbson-xs-perl-0.8.4/bson/bson.h:169:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_append_timestamp (b, key, (int) strlen (key), val, inc)
data/libbson-xs-perl-0.8.4/bson/bson.h:172:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_append_undefined (b, key, (int) strlen (key))
data/libbson-xs-perl-0.8.4/bson/bson.h:175:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_append_value (b, key, (int) strlen (key), (val))
data/libbson-xs-perl-0.8.4/ppport.h:5964:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sv_vsetpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*));
data/libbson-xs-perl-0.8.4/ppport.h:5972:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define sv_vcatpvf(sv, pat, args) sv_vcatpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*))
data/libbson-xs-perl-0.8.4/ppport.h:5976:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define sv_vsetpvf(sv, pat, args) sv_vsetpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*))
data/libbson-xs-perl-0.8.4/ppport.h:5997:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sv_vcatpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*));
data/libbson-xs-perl-0.8.4/ppport.h:6026:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sv_vcatpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*));
data/libbson-xs-perl-0.8.4/ppport.h:6047:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sv_vcatpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*)); \
data/libbson-xs-perl-0.8.4/ppport.h:6070:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sv_vsetpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*));
data/libbson-xs-perl-0.8.4/ppport.h:6099:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sv_vsetpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*));
data/libbson-xs-perl-0.8.4/ppport.h:6120:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sv_vsetpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*)); \
data/libbson-xs-perl-0.8.4/ppport.h:6175:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define HvNAMELEN_get(hv) (HvNAME_get(hv) ? (I32)strlen(HvNAME_get(hv)) : 0)
data/libbson-xs-perl-0.8.4/ppport.h:7029:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
STRLEN len = strlen(radix);
data/libbson-xs-perl-0.8.4/ppport.h:7619:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(buffer);
data/libbson-xs-perl-0.8.4/ppport.h:7660:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
used = strlen(dst);
data/libbson-xs-perl-0.8.4/ppport.h:7661:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(src);
data/libbson-xs-perl-0.8.4/ppport.h:7691:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(src);
ANALYSIS SUMMARY:
Hits = 177
Lines analyzed = 26113 in approximately 0.73 seconds (35643 lines/second)
Physical Source Lines of Code (SLOC) = 13350
Hits@level = [0] 17 [1] 83 [2] 85 [3] 3 [4] 6 [5] 0
Hits@level+ = [0+] 194 [1+] 177 [2+] 94 [3+] 9 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 14.5318 [1+] 13.2584 [2+] 7.0412 [3+] 0.674157 [4+] 0.449438 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.