Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libdbd-pg-perl-3.14.2/types.c
Examining data/libdbd-pg-perl-3.14.2/quote.h
Examining data/libdbd-pg-perl-3.14.2/types.h
Examining data/libdbd-pg-perl-3.14.2/dbdimp.c
Examining data/libdbd-pg-perl-3.14.2/dbdimp.h
Examining data/libdbd-pg-perl-3.14.2/dbivport.h
Examining data/libdbd-pg-perl-3.14.2/Pg.h
Examining data/libdbd-pg-perl-3.14.2/quote.c

FINAL RESULTS:

data/libdbd-pg-perl-3.14.2/dbdimp.c:2363:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat(statement, currseg->segment);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3414:17:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                strcat(statement, currseg->segment);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3416:17:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                strcat(statement, currseg->ph->quoted);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3487:17:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                strcat(statement, currseg->segment);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3997:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(cmd, "rollback to %s", SvPV_nolen(sp));
data/libdbd-pg-perl-3.14.2/dbdimp.c:4017:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(stmt, "DEALLOCATE %s", imp_sth->prepare_name);
data/libdbd-pg-perl-3.14.2/dbdimp.c:4652:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(action, "savepoint %s", savepoint);
data/libdbd-pg-perl-3.14.2/dbdimp.c:4686:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(action, "rollback to %s", savepoint);
data/libdbd-pg-perl-3.14.2/dbdimp.c:4720:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(action, "release %s", savepoint);
data/libdbd-pg-perl-3.14.2/quote.c:299:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(result,string);
data/libdbd-pg-perl-3.14.2/quote.c:347:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(result,string);
data/libdbd-pg-perl-3.14.2/quote.c:392:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(result,string);
data/libdbd-pg-perl-3.14.2/dbdimp.c:154:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(conn_str, " user='");
data/libdbd-pg-perl-3.14.2/dbdimp.c:167:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(conn_str, " password='");
data/libdbd-pg-perl-3.14.2/dbdimp.c:1332:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char statement[128];
data/libdbd-pg-perl-3.14.2/dbdimp.c:1333:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf(statement, "SELECT attnotnull FROM pg_catalog.pg_attribute WHERE attrelid=%d AND attnum=%d", x, y);
data/libdbd-pg-perl-3.14.2/dbdimp.c:1751:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *placeholder_string[PLACEHOLDER_TYPE_COUNT] = {
data/libdbd-pg-perl-3.14.2/dbdimp.c:2138:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            newseg->placeholder = atoi(statement-(currpos-sectionstop-1));
data/libdbd-pg-perl-3.14.2/dbdimp.c:2330:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(imp_sth->prepare_name,"dbdpg_%c%d_%x",
data/libdbd-pg-perl-3.14.2/dbdimp.c:2365:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(strchr(statement, '\0'), "$%d", currseg->placeholder);
data/libdbd-pg-perl-3.14.2/dbdimp.c:2493:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        phnum = atoi(name);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3142:20:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            rows = atol(cmdStatus + rows);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3145:20:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            rows = atol(cmdStatus + 5);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3150:20:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            rows = atol(cmdStatus + 7);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3489:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(strchr(statement, '\0'), "$%d", currseg->placeholder);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3685:23:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                ret = atol(cmdStatus + ret);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3689:23:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                ret = atol(cmdStatus + 5);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3695:23:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                ret = atol(cmdStatus + 7);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3838:38:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        sv_setiv(sv, atol((char *)value));
data/libdbd-pg-perl-3.14.2/dbdimp.c:3965:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                    tempsqlstate[6];
data/libdbd-pg-perl-3.14.2/dbdimp.c:5319:24:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                rows = atol(cmdStatus + rows);
data/libdbd-pg-perl-3.14.2/dbdimp.c:5322:24:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                rows = atol(cmdStatus + 5);
data/libdbd-pg-perl-3.14.2/dbdimp.c:5327:24:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                rows = atol(cmdStatus + 7);
data/libdbd-pg-perl-3.14.2/dbdimp.c:5444:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char errbuf[256];
data/libdbd-pg-perl-3.14.2/dbdimp.c:5557:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char errbuf[256];
data/libdbd-pg-perl-3.14.2/dbdimp.c:5644:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char errbuf[256];
data/libdbd-pg-perl-3.14.2/dbdimp.c:5734:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char statement[200];
data/libdbd-pg-perl-3.14.2/dbdimp.c:5735:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(statement, 
data/libdbd-pg-perl-3.14.2/quote.c:232:20:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            (void) sprintf((char *)result, "\\\\%03o", (unsigned char)*string++);
data/libdbd-pg-perl-3.14.2/quote.c:555:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char word[64];
data/libdbd-pg-perl-3.14.2/dbdimp.c:131:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    connect_string_size = strlen(dbname);
data/libdbd-pg-perl-3.14.2/dbdimp.c:133:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        connect_string_size += strlen("user='' ") + 2*strlen(uid);
data/libdbd-pg-perl-3.14.2/dbdimp.c:133:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        connect_string_size += strlen("user='' ") + 2*strlen(uid);
data/libdbd-pg-perl-3.14.2/dbdimp.c:135:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        connect_string_size += strlen("password='' ") + 2*strlen(pwd);
data/libdbd-pg-perl-3.14.2/dbdimp.c:135:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        connect_string_size += strlen("password='' ") + 2*strlen(pwd);
data/libdbd-pg-perl-3.14.2/dbdimp.c:164:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(conn_str, "'");
data/libdbd-pg-perl-3.14.2/dbdimp.c:177:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(conn_str, "'");
data/libdbd-pg-perl-3.14.2/dbdimp.c:202:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
    strncpy(imp_dbh->sqlstate, "25P01", 6); /* "NO ACTIVE SQL TRANSACTION" */
data/libdbd-pg-perl-3.14.2/dbdimp.c:209:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
        strncpy(imp_dbh->sqlstate, "08006", 6); /* "CONNECTION FAILURE" */
data/libdbd-pg-perl-3.14.2/dbdimp.c:241:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
            strncpy(imp_dbh->sqlstate, "08001", 6); /* sqlclient_unable_to_establish_sqlconnection */
data/libdbd-pg-perl-3.14.2/dbdimp.c:303:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    error_len = strlen(error_msg);
data/libdbd-pg-perl-3.14.2/dbdimp.c:417:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(imp_dbh->sqlstate, sqlstate, 6);
data/libdbd-pg-perl-3.14.2/dbdimp.c:476:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(imp_dbh->sqlstate, sqlstate, 5);
data/libdbd-pg-perl-3.14.2/dbdimp.c:1800:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        imp_sth->totalsize = strlen(statement);
data/libdbd-pg-perl-3.14.2/dbdimp.c:1973:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy(dollarstring, statement-dollaroffset, dollaroffset);
data/libdbd-pg-perl-3.14.2/dbdimp.c:2046:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                Renew(original_statement, strlen(statement-currpos)+1, char);
data/libdbd-pg-perl-3.14.2/dbdimp.c:2047:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                Copy(statement-currpos, original_statement, strlen(statement-currpos)+1, char);
data/libdbd-pg-perl-3.14.2/dbdimp.c:2150:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen(thisph->fooname) > phsectionsize ? strlen(thisph->fooname) : phsectionsize)) {
data/libdbd-pg-perl-3.14.2/dbdimp.c:2150:74:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen(thisph->fooname) > phsectionsize ? strlen(thisph->fooname) : phsectionsize)) {
data/libdbd-pg-perl-3.14.2/dbdimp.c:2299:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        Copy(original_statement, statement-currpos, strlen(original_statement)+1, char);
data/libdbd-pg-perl-3.14.2/dbdimp.c:2853:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    New(0, string, strlen((char *)input), char); /* Freed at end of this function */
data/libdbd-pg-perl-3.14.2/dbdimp.c:3003:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        STRLEN len = strlen(client_encoding);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3335:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
                strncpy(currph->quoted, "DEFAULT", 8);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3340:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
                strncpy(currph->quoted, "CURRENT_TIMESTAMP", 18);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3345:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
                strncpy(currph->quoted, "NULL", 5);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3998:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy(tempsqlstate, imp_dbh->sqlstate, strlen(imp_dbh->sqlstate)+1);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3998:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                strncpy(tempsqlstate, imp_dbh->sqlstate, strlen(imp_dbh->sqlstate)+1);
data/libdbd-pg-perl-3.14.2/dbdimp.c:4015:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    New(0, stmt, strlen("DEALLOCATE ") + strlen(imp_sth->prepare_name) + 1, char); /* freed below */
data/libdbd-pg-perl-3.14.2/dbdimp.c:4015:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    New(0, stmt, strlen("DEALLOCATE ") + strlen(imp_sth->prepare_name) + 1, char); /* freed below */
data/libdbd-pg-perl-3.14.2/dbdimp.c:4034:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(imp_dbh->sqlstate, tempsqlstate, strlen(tempsqlstate)+1);
data/libdbd-pg-perl-3.14.2/dbdimp.c:4034:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strncpy(imp_dbh->sqlstate, tempsqlstate, strlen(tempsqlstate)+1);
data/libdbd-pg-perl-3.14.2/dbdimp.c:4178:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    copystatus = PQputCopyData(imp_dbh->conn, buffer, (int)strlen(buffer));
data/libdbd-pg-perl-3.14.2/dbdimp.c:4651:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    New(0, action, strlen(savepoint) + 11, char); /* freed below */
data/libdbd-pg-perl-3.14.2/dbdimp.c:4685:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    New(0, action, strlen(savepoint) + 13, char);
data/libdbd-pg-perl-3.14.2/dbdimp.c:4719:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    New(0, action, strlen(savepoint) + 9, char);
data/libdbd-pg-perl-3.14.2/quote.c:42:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(result,string,len);
data/libdbd-pg-perl-3.14.2/quote.c:271:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
        strncpy(result,"TRUE\0",5);
data/libdbd-pg-perl-3.14.2/quote.c:285:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
        strncpy(result,"FALSE\0",6);
data/libdbd-pg-perl-3.14.2/quote.c:419:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    *retlen = strlen(string);
data/libdbd-pg-perl-3.14.2/quote.c:425:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    *retlen = strlen(string);
data/libdbd-pg-perl-3.14.2/quote.c:545:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    *retlen = strlen(string);
data/libdbd-pg-perl-3.14.2/quote.c:557:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    keyword_len = (int)strlen(string);

ANALYSIS SUMMARY:

Hits = 82
Lines analyzed = 8485 in approximately 0.37 seconds (22970 lines/second)
Physical Source Lines of Code (SLOC) = 6168
Hits@level = [0]  14 [1]  42 [2]  28 [3]   0 [4]  12 [5]   0
Hits@level+ = [0+]  96 [1+]  82 [2+]  40 [3+]  12 [4+]  12 [5+]   0
Hits/KSLOC@level+ = [0+] 15.5642 [1+] 13.2944 [2+] 6.48508 [3+] 1.94553 [4+] 1.94553 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.