Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libcypher-parser-0.6.0/tests/check_call.c
Examining data/libcypher-parser-0.6.0/tests/check_statement.c
Examining data/libcypher-parser-0.6.0/tests/memstream.c
Examining data/libcypher-parser-0.6.0/tests/check_reduce.c
Examining data/libcypher-parser-0.6.0/tests/check_quick_fparse.c
Examining data/libcypher-parser-0.6.0/tests/check_expression.c
Examining data/libcypher-parser-0.6.0/tests/check_union.c
Examining data/libcypher-parser-0.6.0/tests/check_libcypher-parser.c
Examining data/libcypher-parser-0.6.0/tests/check_command.c
Examining data/libcypher-parser-0.6.0/tests/check_create.c
Examining data/libcypher-parser-0.6.0/tests/check_match.c
Examining data/libcypher-parser-0.6.0/tests/check_foreach.c
Examining data/libcypher-parser-0.6.0/tests/check_list_comprehensions.c
Examining data/libcypher-parser-0.6.0/tests/check_pattern_comprehension.c
Examining data/libcypher-parser-0.6.0/tests/check_eof.c
Examining data/libcypher-parser-0.6.0/tests/check_pattern.c
Examining data/libcypher-parser-0.6.0/tests/check_segments.c
Examining data/libcypher-parser-0.6.0/tests/check_map_projection.c
Examining data/libcypher-parser-0.6.0/tests/memstream.h
Examining data/libcypher-parser-0.6.0/tests/check_indexes.c
Examining data/libcypher-parser-0.6.0/tests/check_start.c
Examining data/libcypher-parser-0.6.0/tests/check_constraints.c
Examining data/libcypher-parser-0.6.0/tests/check_case.c
Examining data/libcypher-parser-0.6.0/tests/check_unwind.c
Examining data/libcypher-parser-0.6.0/tests/check_libcypher-parser_suite.c
Examining data/libcypher-parser-0.6.0/tests/check_merge.c
Examining data/libcypher-parser-0.6.0/tests/check_error_tracking.c
Examining data/libcypher-parser-0.6.0/tests/check_util.c
Examining data/libcypher-parser-0.6.0/tests/check_errors.c
Examining data/libcypher-parser-0.6.0/tests/check_return.c
Examining data/libcypher-parser-0.6.0/tests/check_quick_parse.c
Examining data/libcypher-parser-0.6.0/tests/check_query.c
Examining data/libcypher-parser-0.6.0/tests/check_load_csv.c
Examining data/libcypher-parser-0.6.0/tests/check_set.c
Examining data/libcypher-parser-0.6.0/tests/check_with.c
Examining data/libcypher-parser-0.6.0/tests/check_remove.c
Examining data/libcypher-parser-0.6.0/tests/check_delete.c
Examining data/libcypher-parser-0.6.0/src/bin/cypher-lint.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_reduce.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_true.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_remove_property.c
Examining data/libcypher-parser-0.6.0/src/lib/string_buffer.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_map_projection_literal.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_slice_operator.c
Examining data/libcypher-parser-0.6.0/src/lib/ast.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_remove_labels.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_identifier.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_drop_node_prop_constraint.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_map_projection_property.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_drop_rel_prop_constraint.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_line_comment.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_statement.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_drop_node_prop_index.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_set.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_node_index_lookup.c
Examining data/libcypher-parser-0.6.0/src/lib/segment.h
Examining data/libcypher-parser-0.6.0/src/lib/util.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_function_name.c
Examining data/libcypher-parser-0.6.0/src/lib/operators.h
Examining data/libcypher-parser-0.6.0/src/lib/ast_query_clause.c
Examining data/libcypher-parser-0.6.0/src/lib/cypher-parser.h
Examining data/libcypher-parser-0.6.0/src/lib/ast_any.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_sort_item.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_rel_id_lookup.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_using_scan.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_set_item.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_match.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_merge_action.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_case.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_using_join.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_rel_index_query.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_rel_index_lookup.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_create.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_filter.c
Examining data/libcypher-parser-0.6.0/src/lib/vector.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_parameter.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_query_option.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_start_point.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_node_index_query.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_schema_command.c
Examining data/libcypher-parser-0.6.0/src/lib/astnode.h
Examining data/libcypher-parser-0.6.0/src/lib/ast_comment.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_prop_name.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_create_rel_prop_constraint.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_projection.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_pattern_comprehension.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_union.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_string.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_with.c
Examining data/libcypher-parser-0.6.0/src/lib/result.h
Examining data/libcypher-parser-0.6.0/src/lib/errors.h
Examining data/libcypher-parser-0.6.0/src/lib/ast_on_match.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_profile_option.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_create_node_prop_constraint.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_binary_operator.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_shortest_path.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_statement_option.c
Examining data/libcypher-parser-0.6.0/src/lib/parser_config.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_map_projection_identifier.c
Examining data/libcypher-parser-0.6.0/src/lib/quick_parser_leg.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_single.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_comparison.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_pattern.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_pattern_path.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_explain_option.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_map_projection_all_properties.c
Examining data/libcypher-parser-0.6.0/src/lib/parser_leg.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_list_comprehension.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_extract.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_boolean.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_all_nodes_scan.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_cypher_option_param.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_float.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_call.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_index_name.c
Examining data/libcypher-parser-0.6.0/src/lib/ast.h
Examining data/libcypher-parser-0.6.0/src/lib/ast_query.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_using_index.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_on_create.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_merge_properties.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_using_periodic_commit.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_all.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_set_property.c
Examining data/libcypher-parser-0.6.0/src/lib/string_buffer.h
Examining data/libcypher-parser-0.6.0/src/lib/ast_proc_name.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_property_operator.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_false.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_labels_operator.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_apply_operator.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_cypher_option.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_error.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_foreach.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_collection.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_map_projection.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_named_path.c
Examining data/libcypher-parser-0.6.0/src/lib/util.h
Examining data/libcypher-parser-0.6.0/src/lib/segment.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_apply_all_operator.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_null.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_match_hint.c
Examining data/libcypher-parser-0.6.0/src/lib/operators.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_block_comment.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_label.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_unwind.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_range.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_return.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_merge.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_rel_pattern.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_command.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_create_node_prop_index.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_map_projection_selector.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_unary_operator.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_none.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_node_id_lookup.c
Examining data/libcypher-parser-0.6.0/src/lib/vector.h
Examining data/libcypher-parser-0.6.0/src/lib/ast_set_labels.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_set_all_properties.c
Examining data/libcypher-parser-0.6.0/src/lib/parser.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_all_rels_scan.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_start.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_integer.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_order_by.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_load_csv.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_remove_item.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_expression.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_map.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_remove.c
Examining data/libcypher-parser-0.6.0/src/lib/parser_config.h
Examining data/libcypher-parser-0.6.0/src/lib/ast_delete.c
Examining data/libcypher-parser-0.6.0/src/lib/errors.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_reltype.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_node_pattern.c
Examining data/libcypher-parser-0.6.0/src/lib/result.c
Examining data/libcypher-parser-0.6.0/src/lib/ast_subscript_operator.c
Examining data/libcypher-parser-0.6.0/src/lib/quick_parser.c
FINAL RESULTS:
data/libcypher-parser-0.6.0/src/lib/cypher-parser.h:39:32: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format (printf, string_index, first)))
data/libcypher-parser-0.6.0/src/lib/errors.c:213:22: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int prefix_len = vsnprintf(*buffer, *cap, prefix_format, ap);
data/libcypher-parser-0.6.0/src/lib/errors.c:251:17: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int r = vsnprintf(*buffer, *cap, prefix_format, ap);
data/libcypher-parser-0.6.0/src/lib/parser_leg.c:44:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define yyprintf(args) fprintf args
data/libcypher-parser-0.6.0/src/lib/quick_parser_leg.c:44:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define yyprintf(args) fprintf args
data/libcypher-parser-0.6.0/src/lib/util.c:31:21: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ssize_t width = vsnprintf(*buf, *bufcap, format, ap);
data/libcypher-parser-0.6.0/src/lib/util.c:47:17: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
width = vsnprintf(*buf, *bufcap, format, ap);
data/libcypher-parser-0.6.0/src/bin/cypher-lint.c:126:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long(argc, argv, shortopts, longopts, NULL)) >= 0)
data/libcypher-parser-0.6.0/tests/check_libcypher-parser.c:30:25: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
unsigned int seed = random();
data/libcypher-parser-0.6.0/tests/check_libcypher-parser.c:32:5: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(seed);
data/libcypher-parser-0.6.0/src/bin/cypher-lint.c:152:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config.width = atoi(optarg);
data/libcypher-parser-0.6.0/src/bin/cypher-lint.c:189:32: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *stream = fopen(*argv, "r");
data/libcypher-parser-0.6.0/src/lib/ast.c:567:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[3] = { '\\', '\0', '\0' };
data/libcypher-parser-0.6.0/src/lib/ast_apply_operator.c:70:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->args, args, nargs * sizeof(cypher_astnode_t *));
data/libcypher-parser-0.6.0/src/lib/ast_block_comment.c:58:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->p, s, n);
data/libcypher-parser-0.6.0/src/lib/ast_case.c:69:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->alternatives, alternatives,
data/libcypher-parser-0.6.0/src/lib/ast_collection.c:64:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->elements, elements, nelements * sizeof(cypher_astnode_t *));
data/libcypher-parser-0.6.0/src/lib/ast_command.c:61:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->args, args, nargs * sizeof(cypher_astnode_t *));
data/libcypher-parser-0.6.0/src/lib/ast_comparison.c:75:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->args, args, (length+1) * sizeof(cypher_astnode_t *));
data/libcypher-parser-0.6.0/src/lib/ast_cypher_option.c:68:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->params, params, nparams * sizeof(cypher_astnode_t *));
data/libcypher-parser-0.6.0/src/lib/ast_delete.c:66:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->expressions, expressions,
data/libcypher-parser-0.6.0/src/lib/ast_error.c:53:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->p, s, n);
data/libcypher-parser-0.6.0/src/lib/ast_float.c:58:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->p, s, n);
data/libcypher-parser-0.6.0/src/lib/ast_foreach.c:70:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->clauses, clauses, nclauses * sizeof(cypher_astnode_t *));
data/libcypher-parser-0.6.0/src/lib/ast_function_name.c:53:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->p, s, n);
data/libcypher-parser-0.6.0/src/lib/ast_identifier.c:58:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->p, s, n);
data/libcypher-parser-0.6.0/src/lib/ast_index_name.c:53:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->p, s, n);
data/libcypher-parser-0.6.0/src/lib/ast_integer.c:58:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->p, s, n);
data/libcypher-parser-0.6.0/src/lib/ast_label.c:53:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->p, s, n);
data/libcypher-parser-0.6.0/src/lib/ast_labels_operator.c:68:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->labels, labels, nlabels * sizeof(cypher_astnode_t *));
data/libcypher-parser-0.6.0/src/lib/ast_line_comment.c:58:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->p, s, n);
data/libcypher-parser-0.6.0/src/lib/ast_map.c:110:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->pairs, pairs, nentries * 2 * sizeof(cypher_astnode_t *));
data/libcypher-parser-0.6.0/src/lib/ast_map_projection.c:68:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->selectors, selectors, nselectors * sizeof(cypher_astnode_t *));
data/libcypher-parser-0.6.0/src/lib/ast_match.c:71:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->hints, hints, nhints * sizeof(cypher_astnode_t *));
data/libcypher-parser-0.6.0/src/lib/ast_merge.c:66:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->actions, actions, nactions * sizeof(cypher_astnode_t *));
data/libcypher-parser-0.6.0/src/lib/ast_node_id_lookup.c:67:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->ids, ids, nids * sizeof(cypher_astnode_t *));
data/libcypher-parser-0.6.0/src/lib/ast_node_pattern.c:65:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->labels, labels, nlabels * sizeof(cypher_astnode_t *));
data/libcypher-parser-0.6.0/src/lib/ast_on_create.c:63:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->items, items, nitems * sizeof(cypher_astnode_t *));
data/libcypher-parser-0.6.0/src/lib/ast_on_match.c:63:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->items, items, nitems * sizeof(cypher_astnode_t *));
data/libcypher-parser-0.6.0/src/lib/ast_order_by.c:58:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->items, items, nitems * sizeof(cypher_astnode_t *));
data/libcypher-parser-0.6.0/src/lib/ast_parameter.c:58:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->p, s, n);
data/libcypher-parser-0.6.0/src/lib/ast_pattern.c:58:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->paths, paths, npaths * sizeof(cypher_astnode_t *));
data/libcypher-parser-0.6.0/src/lib/ast_pattern_path.c:91:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->elements, elements, nelements * sizeof(cypher_astnode_t *));
data/libcypher-parser-0.6.0/src/lib/ast_proc_name.c:53:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->p, s, n);
data/libcypher-parser-0.6.0/src/lib/ast_prop_name.c:53:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->p, s, n);
data/libcypher-parser-0.6.0/src/lib/ast_query.c:72:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->clauses, clauses, nclauses * sizeof(cypher_astnode_t *));
data/libcypher-parser-0.6.0/src/lib/ast_rel_id_lookup.c:67:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->ids, ids, nids * sizeof(cypher_astnode_t *));
data/libcypher-parser-0.6.0/src/lib/ast_rel_pattern.c:70:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->reltypes, reltypes, nreltypes * sizeof(cypher_astnode_t *));
data/libcypher-parser-0.6.0/src/lib/ast_reltype.c:53:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->p, s, n);
data/libcypher-parser-0.6.0/src/lib/ast_remove.c:63:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->items, items, nitems * sizeof(cypher_astnode_t *));
data/libcypher-parser-0.6.0/src/lib/ast_remove_labels.c:67:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->labels, labels, nlabels * sizeof(cypher_astnode_t *));
data/libcypher-parser-0.6.0/src/lib/ast_return.c:75:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->projections, projections,
data/libcypher-parser-0.6.0/src/lib/ast_set.c:63:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->items, items, nitems * sizeof(cypher_astnode_t *));
data/libcypher-parser-0.6.0/src/lib/ast_set_labels.c:67:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->labels, labels, nlabels * sizeof(cypher_astnode_t *));
data/libcypher-parser-0.6.0/src/lib/ast_start.c:66:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->points, points, npoints * sizeof(cypher_astnode_t *));
data/libcypher-parser-0.6.0/src/lib/ast_statement.c:60:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->options, options, noptions * sizeof(cypher_astnode_t *));
data/libcypher-parser-0.6.0/src/lib/ast_string.c:58:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->p, s, n);
data/libcypher-parser-0.6.0/src/lib/ast_using_join.c:65:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->identifiers, identifiers,
data/libcypher-parser-0.6.0/src/lib/ast_with.c:77:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->projections, projections,
data/libcypher-parser-0.6.0/src/lib/cypher-parser.h:90:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *normal[2];
data/libcypher-parser-0.6.0/src/lib/cypher-parser.h:91:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *error[2];
data/libcypher-parser-0.6.0/src/lib/cypher-parser.h:92:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *error_token[2];
data/libcypher-parser-0.6.0/src/lib/cypher-parser.h:93:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *error_message[2];
data/libcypher-parser-0.6.0/src/lib/cypher-parser.h:94:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *ast_ordinal[2];
data/libcypher-parser-0.6.0/src/lib/cypher-parser.h:95:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *ast_range[2];
data/libcypher-parser-0.6.0/src/lib/cypher-parser.h:96:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *ast_indent[2];
data/libcypher-parser-0.6.0/src/lib/cypher-parser.h:97:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *ast_type[2];
data/libcypher-parser-0.6.0/src/lib/cypher-parser.h:98:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *ast_desc[2];
data/libcypher-parser-0.6.0/src/lib/errors.c:153:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4];
data/libcypher-parser-0.6.0/src/lib/errors.c:261:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, et->colorization->error_message[0], color_start_len);
data/libcypher-parser-0.6.0/src/lib/errors.c:263:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, "expected", 8);
data/libcypher-parser-0.6.0/src/lib/errors.c:270:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, et->labels[i], n);
data/libcypher-parser-0.6.0/src/lib/errors.c:279:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, " or", 3);
data/libcypher-parser-0.6.0/src/lib/errors.c:284:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, et->colorization->error_message[1], color_end_len);
data/libcypher-parser-0.6.0/src/lib/parser.c:79:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, input->buffer, len);
data/libcypher-parser-0.6.0/src/lib/parser_leg.c:212:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(yy->__text, yy->__buf + begin, yyleng);
data/libcypher-parser-0.6.0/src/lib/quick_parser.c:53:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, input->buffer, len);
data/libcypher-parser-0.6.0/src/lib/quick_parser_leg.c:212:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(yy->__text, yy->__buf + begin, yyleng);
data/libcypher-parser-0.6.0/src/lib/result.c:107:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(errors + result->nerrors, segment->errors,
data/libcypher-parser-0.6.0/src/lib/result.c:123:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(roots + result->nroots, segment->roots,
data/libcypher-parser-0.6.0/src/lib/string_buffer.c:43:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sb->buffer + sb->length, s, n);
data/libcypher-parser-0.6.0/src/lib/util.c:121:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context, startp, n);
data/libcypher-parser-0.6.0/src/lib/util.h:148:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return memcpy(dst, src, n);
data/libcypher-parser-0.6.0/src/lib/vector.c:79:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vec->elements + (vec->length * vec->element_size), element,
data/libcypher-parser-0.6.0/tests/check_quick_fparse.c:30:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *segments[MAX_SEGMENTS];
data/libcypher-parser-0.6.0/tests/check_quick_parse.c:28:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *segments[MAX_SEGMENTS];
data/libcypher-parser-0.6.0/tests/memstream.c:110:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ms->buffer + ms->position, n);
data/libcypher-parser-0.6.0/tests/memstream.c:130:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ms->buffer + ms->position, buf, nbytes);
data/libcypher-parser-0.6.0/src/lib/ast.c:536:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*name_width = maxu(*name_width, strlen(typestr) + (depth * 2));
data/libcypher-parser-0.6.0/src/lib/ast.c:661:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int consumed = depth * 2 + strlen(typestr);
data/libcypher-parser-0.6.0/src/lib/ast_call.c:177:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str + n, ", args=", size-n);
data/libcypher-parser-0.6.0/src/lib/ast_call.c:195:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str + n, ", YIELD=", size-n);
data/libcypher-parser-0.6.0/src/lib/ast_match.c:148:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str + n, ", hints=", (n < size)? size-n : 0);
data/libcypher-parser-0.6.0/src/lib/ast_merge.c:124:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str + n, ", actions=", (n < size)? size-n : 0);
data/libcypher-parser-0.6.0/src/lib/ast_on_create.c:102:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "items=", size);
data/libcypher-parser-0.6.0/src/lib/ast_on_match.c:102:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "items=", size);
data/libcypher-parser-0.6.0/src/lib/ast_order_by.c:97:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "items=", size);
data/libcypher-parser-0.6.0/src/lib/ast_pattern.c:97:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "paths=", size);
data/libcypher-parser-0.6.0/src/lib/ast_query.c:140:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "clauses=", size);
data/libcypher-parser-0.6.0/src/lib/ast_remove.c:102:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "items=", size);
data/libcypher-parser-0.6.0/src/lib/ast_set.c:102:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "items=", size);
data/libcypher-parser-0.6.0/src/lib/ast_start.c:118:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str+n, "points=", size-n);
data/libcypher-parser-0.6.0/src/lib/ast_statement.c:116:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str + n, "options=", size - n);
data/libcypher-parser-0.6.0/src/lib/ast_statement.c:131:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str + n, ", ", size - n);
data/libcypher-parser-0.6.0/src/lib/ast_union.c:81:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "ALL", size);
data/libcypher-parser-0.6.0/src/lib/ast_using_join.c:107:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "on=", size);
data/libcypher-parser-0.6.0/src/lib/cypher-parser.h:5476:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define cypher_parse_each(s,b,d,l,c,f) (cypher_uparse_each(s,strlen(s),b,d,l,c,f))
data/libcypher-parser-0.6.0/src/lib/cypher-parser.h:5497:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define cypher_parse(s,l,c,f) (cypher_uparse(s,strlen(s),l,c,f))
data/libcypher-parser-0.6.0/src/lib/cypher-parser.h:5928:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define cypher_quick_parse(s,c,u,f) (cypher_quick_uparse(s,strlen(s),c,u,f))
data/libcypher-parser-0.6.0/src/lib/errors.c:220:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t color_start_len = strlen(et->colorization->error_message[0]);
data/libcypher-parser-0.6.0/src/lib/errors.c:221:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t color_end_len = strlen(et->colorization->error_message[1]);
data/libcypher-parser-0.6.0/src/lib/errors.c:227:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(et->labels[i]) + 2;
data/libcypher-parser-0.6.0/src/lib/errors.c:269:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = strlen(et->labels[i]);
data/libcypher-parser-0.6.0/src/lib/parser.c:110:13: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = getc(stream);
data/libcypher-parser-0.6.0/src/lib/parser_leg.c:95:14: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int yyc= getchar(); \
data/libcypher-parser-0.6.0/src/lib/parser_leg.c:110:14: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int yyc= getchar(); \
data/libcypher-parser-0.6.0/src/lib/quick_parser.c:61:13: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = getc(stream);
data/libcypher-parser-0.6.0/src/lib/quick_parser_leg.c:95:14: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int yyc= getchar(); \
data/libcypher-parser-0.6.0/src/lib/quick_parser_leg.c:110:14: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int yyc= getchar(); \
data/libcypher-parser-0.6.0/tests/check_util.c:51:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ctx = line_context(sample_text, strlen(sample_text)+1, &offset, 80);
data/libcypher-parser-0.6.0/tests/check_util.c:61:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ctx = line_context(sample_text, strlen(sample_text)+1, &offset, 40);
data/libcypher-parser-0.6.0/tests/check_util.c:71:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ctx = line_context(sample_text, strlen(sample_text)+1, &offset, 40);
data/libcypher-parser-0.6.0/tests/check_util.c:81:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ctx = line_context(sample_text, strlen(sample_text)+1, &offset, 40);
data/libcypher-parser-0.6.0/tests/check_util.c:91:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ctx = line_context(sample_text, strlen(sample_text)+1, &offset, 80);
data/libcypher-parser-0.6.0/tests/check_util.c:97:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ctx = line_context(sample_text, strlen(sample_text)+1, &offset, 80);
data/libcypher-parser-0.6.0/tests/check_util.c:107:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ctx = line_context(sample_text, strlen(sample_text)+1, &offset, 80);
data/libcypher-parser-0.6.0/tests/check_util.c:118:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t offset = strlen(sample_text);
data/libcypher-parser-0.6.0/tests/check_util.c:119:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ctx = line_context(sample_text, strlen(sample_text)+1, &offset, 80);
ANALYSIS SUMMARY:
Hits = 128
Lines analyzed = 49239 in approximately 1.60 seconds (30693 lines/second)
Physical Source Lines of Code (SLOC) = 37162
Hits@level = [0] 147 [1] 40 [2] 78 [3] 3 [4] 7 [5] 0
Hits@level+ = [0+] 275 [1+] 128 [2+] 88 [3+] 10 [4+] 7 [5+] 0
Hits/KSLOC@level+ = [0+] 7.40003 [1+] 3.44438 [2+] 2.36801 [3+] 0.269092 [4+] 0.188364 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.