Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libdbd-firebird-perl-1.32/Firebird.h
Examining data/libdbd-firebird-perl-1.32/dbdimp.h
Examining data/libdbd-firebird-perl-1.32/dbdimp.c

FINAL RESULTS:

data/libdbd-firebird-perl-1.32/dbdimp.c:33:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(frmt, buf);                                                \
data/libdbd-firebird-perl-1.32/dbdimp.c:1449:25:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
                        snprintf(buf, sizeof(buf), "%"DBD_IB_INT64f, i);
data/libdbd-firebird-perl-1.32/dbdimp.c:1459:25:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
                        snprintf(buf+1, sizeof(buf)-1,
data/libdbd-firebird-perl-1.32/dbdimp.c:2369:22:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
                if (!sscanf(svalue, format, &p, &q, &r))
data/libdbd-firebird-perl-1.32/dbdimp.c:2373:26:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
                    if (!sscanf(svalue, format, &q, &r) && DBIc_WARN(imp_sth))
data/libdbd-firebird-perl-1.32/dbdimp.c:2400:22:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
                if (!sscanf(svalue, format, &p, &r))
data/libdbd-firebird-perl-1.32/dbdimp.c:2403:26:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
                    if (!sscanf(svalue, format, &r) && DBIc_WARN(imp_sth))
data/libdbd-firebird-perl-1.32/dbdimp.c:2490:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
                snprintf(format, sizeof(format), S_INT64_FULL, -ivar->sqlscale);
data/libdbd-firebird-perl-1.32/dbdimp.c:2500:22:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
                if (!sscanf(svalue, format, &p, &q, &r))
data/libdbd-firebird-perl-1.32/dbdimp.c:2503:21:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
                    snprintf(format, sizeof(format), S_INT64_DEC_FULL, -ivar->sqlscale);
data/libdbd-firebird-perl-1.32/dbdimp.c:2504:26:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
                    if (!sscanf(svalue, format, &q, &r) && DBIc_WARN(imp_sth))
data/libdbd-firebird-perl-1.32/dbdimp.c:2529:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
                snprintf(format, sizeof(format), S_INT64_NOSCALE);
data/libdbd-firebird-perl-1.32/dbdimp.c:2531:22:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
                if (!sscanf(svalue, format, &p, &r))
data/libdbd-firebird-perl-1.32/dbdimp.c:2533:21:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
                    snprintf(format, sizeof(format), S_INT64_DEC_NOSCALE);
data/libdbd-firebird-perl-1.32/dbdimp.c:2534:26:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
                    if (!sscanf(svalue, format, &r) && DBIc_WARN(imp_sth))
data/libdbd-firebird-perl-1.32/dbdimp.c:163:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg[1024];
data/libdbd-firebird-perl-1.32/dbdimp.c:327:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(imp_dbh->dateformat, "%x");
data/libdbd-firebird-perl-1.32/dbdimp.c:330:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(imp_dbh->timeformat, "%X");
data/libdbd-firebird-perl-1.32/dbdimp.c:333:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(imp_dbh->timestampformat, "%c");
data/libdbd-firebird-perl-1.32/dbdimp.c:523:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[100];
data/libdbd-firebird-perl-1.32/dbdimp.c:809:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char stmt_info[1];
data/libdbd-firebird-perl-1.32/dbdimp.c:810:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        info_buffer[20], count_item;
data/libdbd-firebird-perl-1.32/dbdimp.c:1431:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char buf[22]; /* NUMERIC(18,2) = -92233720368547758.08 + '\0' */
data/libdbd-firebird-perl-1.32/dbdimp.c:1654:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(((char *)&times) + 9*sizeof(int),
data/libdbd-firebird-perl-1.32/dbdimp.c:1669:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char blob_info_buffer[32], *p,
data/libdbd-firebird-perl-1.32/dbdimp.c:2024:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char s[20];
data/libdbd-firebird-perl-1.32/dbdimp.c:2248:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char err[ERRBUFSIZE];
data/libdbd-firebird-perl-1.32/dbdimp.c:2289:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char err[ERRBUFSIZE];
data/libdbd-firebird-perl-1.32/dbdimp.c:2312:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char err[ERRBUFSIZE];
data/libdbd-firebird-perl-1.32/dbdimp.c:2333:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char format[64];
data/libdbd-firebird-perl-1.32/dbdimp.c:2433:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char     format[64];
data/libdbd-firebird-perl-1.32/dbdimp.c:2919:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char count_info[1], count_buffer[33];
data/libdbd-firebird-perl-1.32/dbdimp.h:284:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  vary_string [1];
data/libdbd-firebird-perl-1.32/dbdimp.c:59:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const U8* const send = s + (len ? len : strlen((const char *)s));
data/libdbd-firebird-perl-1.32/dbdimp.c:146:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define CALC_AVAILABLE(buff) sizeof(buff) - strlen(buff) - 1
data/libdbd-firebird-perl-1.32/dbdimp.c:391:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(imp_dbh->ib_charset, p, len);
data/libdbd-firebird-perl-1.32/dbdimp.c:735:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        result = newSVpvn(imp_dbh->dateformat, strlen(imp_dbh->dateformat));
data/libdbd-firebird-perl-1.32/dbdimp.c:737:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        result = newSVpvn(imp_dbh->timeformat, strlen(imp_dbh->timeformat));
data/libdbd-firebird-perl-1.32/dbdimp.c:740:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                          strlen(imp_dbh->timestampformat));
data/libdbd-firebird-perl-1.32/dbdimp.c:1450:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        sv_setpvn(sv, buf, strlen(buf));
data/libdbd-firebird-perl-1.32/dbdimp.c:1466:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            sv_setpvn(sv, buf, strlen(buf));
data/libdbd-firebird-perl-1.32/dbdimp.c:1469:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            sv_setpvn(sv, buf+1, strlen(buf+1));
data/libdbd-firebird-perl-1.32/dbdimp.c:1615:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        sv_setpvn(sv, buf, strlen(buf));
data/libdbd-firebird-perl-1.32/dbdimp.c:1661:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    sv_setpvn(sv, buf, strlen(buf));
data/libdbd-firebird-perl-1.32/dbdimp.c:2026:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                av_store(av, i, newSVpvn(s, strlen(s)));
data/libdbd-firebird-perl-1.32/dbdimp.c:2048:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	result = newSVpv(imp_sth->cursor_name, strlen(imp_sth->cursor_name));
data/libdbd-firebird-perl-1.32/dbdimp.c:2366:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    len = strlen(svalue);
data/libdbd-firebird-perl-1.32/dbdimp.c:2497:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    len = strlen(svalue);
data/libdbd-firebird-perl-1.32/dbdimp.h:129:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    DPB_FILL_STRING_LEN(dpb, code, string, strlen(string) )
data/libdbd-firebird-perl-1.32/dbdimp.h:137:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(dpb, string, (size_t) len);             \
data/libdbd-firebird-perl-1.32/dbdimp.h:147:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    DPB_PREP_STRING_LEN(buflen, strlen(string))

ANALYSIS SUMMARY:

Hits = 51
Lines analyzed = 3399 in approximately 0.13 seconds (25190 lines/second)
Physical Source Lines of Code (SLOC) = 2370
Hits@level = [0]  13 [1]  18 [2]  18 [3]   0 [4]  15 [5]   0
Hits@level+ = [0+]  64 [1+]  51 [2+]  33 [3+]  15 [4+]  15 [5+]   0
Hits/KSLOC@level+ = [0+] 27.0042 [1+] 21.519 [2+] 13.9241 [3+] 6.32911 [4+] 6.32911 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.