Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libpqxx-6.4.5/config/sample-headers/compiler/VisualStudio2013/pqxx/config-internal-compiler.h Examining data/libpqxx-6.4.5/config/sample-headers/compiler/VisualStudio2013/pqxx/config-public-compiler.h Examining data/libpqxx-6.4.5/config/sample-headers/compiler/gcc-7.2/pqxx/config-internal-compiler.h Examining data/libpqxx-6.4.5/config/sample-headers/compiler/gcc-7.2/pqxx/config-public-compiler.h Examining data/libpqxx-6.4.5/src/array.cxx Examining data/libpqxx-6.4.5/src/binarystring.cxx Examining data/libpqxx-6.4.5/src/connection.cxx Examining data/libpqxx-6.4.5/src/connection_base.cxx Examining data/libpqxx-6.4.5/src/cursor.cxx Examining data/libpqxx-6.4.5/src/dbtransaction.cxx Examining data/libpqxx-6.4.5/src/encodings.cxx Examining data/libpqxx-6.4.5/src/errorhandler.cxx Examining data/libpqxx-6.4.5/src/except.cxx Examining data/libpqxx-6.4.5/src/field.cxx Examining data/libpqxx-6.4.5/src/largeobject.cxx Examining data/libpqxx-6.4.5/src/nontransaction.cxx Examining data/libpqxx-6.4.5/src/notification.cxx Examining data/libpqxx-6.4.5/src/pipeline.cxx Examining data/libpqxx-6.4.5/src/prepared_statement.cxx Examining data/libpqxx-6.4.5/src/result.cxx Examining data/libpqxx-6.4.5/src/robusttransaction.cxx Examining data/libpqxx-6.4.5/src/row.cxx Examining data/libpqxx-6.4.5/src/sql_cursor.cxx Examining data/libpqxx-6.4.5/src/statement_parameters.cxx Examining data/libpqxx-6.4.5/src/strconv.cxx Examining data/libpqxx-6.4.5/src/stream_base.cxx Examining data/libpqxx-6.4.5/src/stream_from.cxx Examining data/libpqxx-6.4.5/src/stream_to.cxx Examining data/libpqxx-6.4.5/src/subtransaction.cxx Examining data/libpqxx-6.4.5/src/tablereader.cxx Examining data/libpqxx-6.4.5/src/tablestream.cxx Examining data/libpqxx-6.4.5/src/tablewriter.cxx Examining data/libpqxx-6.4.5/src/transaction.cxx Examining data/libpqxx-6.4.5/src/transaction_base.cxx Examining data/libpqxx-6.4.5/src/util.cxx Examining data/libpqxx-6.4.5/src/version.cxx Examining data/libpqxx-6.4.5/test/runner.cxx Examining data/libpqxx-6.4.5/test/test00.cxx Examining data/libpqxx-6.4.5/test/test01.cxx Examining data/libpqxx-6.4.5/test/test02.cxx Examining data/libpqxx-6.4.5/test/test04.cxx Examining data/libpqxx-6.4.5/test/test07.cxx Examining data/libpqxx-6.4.5/test/test10.cxx Examining data/libpqxx-6.4.5/test/test11.cxx Examining data/libpqxx-6.4.5/test/test12.cxx Examining data/libpqxx-6.4.5/test/test13.cxx Examining data/libpqxx-6.4.5/test/test14.cxx Examining data/libpqxx-6.4.5/test/test15.cxx Examining data/libpqxx-6.4.5/test/test16.cxx Examining data/libpqxx-6.4.5/test/test17.cxx Examining data/libpqxx-6.4.5/test/test18.cxx Examining data/libpqxx-6.4.5/test/test20.cxx Examining data/libpqxx-6.4.5/test/test21.cxx Examining data/libpqxx-6.4.5/test/test23.cxx Examining data/libpqxx-6.4.5/test/test26.cxx Examining data/libpqxx-6.4.5/test/test29.cxx Examining data/libpqxx-6.4.5/test/test30.cxx Examining data/libpqxx-6.4.5/test/test31.cxx Examining data/libpqxx-6.4.5/test/test32.cxx Examining data/libpqxx-6.4.5/test/test33.cxx Examining data/libpqxx-6.4.5/test/test34.cxx Examining data/libpqxx-6.4.5/test/test35.cxx Examining data/libpqxx-6.4.5/test/test36.cxx Examining data/libpqxx-6.4.5/test/test37.cxx Examining data/libpqxx-6.4.5/test/test39.cxx Examining data/libpqxx-6.4.5/test/test46.cxx Examining data/libpqxx-6.4.5/test/test48.cxx Examining data/libpqxx-6.4.5/test/test49.cxx Examining data/libpqxx-6.4.5/test/test50.cxx Examining data/libpqxx-6.4.5/test/test51.cxx Examining data/libpqxx-6.4.5/test/test52.cxx Examining data/libpqxx-6.4.5/test/test53.cxx Examining data/libpqxx-6.4.5/test/test54.cxx Examining data/libpqxx-6.4.5/test/test55.cxx Examining data/libpqxx-6.4.5/test/test56.cxx Examining data/libpqxx-6.4.5/test/test57.cxx Examining data/libpqxx-6.4.5/test/test58.cxx Examining data/libpqxx-6.4.5/test/test59.cxx Examining data/libpqxx-6.4.5/test/test60.cxx Examining data/libpqxx-6.4.5/test/test61.cxx Examining data/libpqxx-6.4.5/test/test62.cxx Examining data/libpqxx-6.4.5/test/test63.cxx Examining data/libpqxx-6.4.5/test/test64.cxx Examining data/libpqxx-6.4.5/test/test65.cxx Examining data/libpqxx-6.4.5/test/test66.cxx Examining data/libpqxx-6.4.5/test/test67.cxx Examining data/libpqxx-6.4.5/test/test69.cxx Examining data/libpqxx-6.4.5/test/test70.cxx Examining data/libpqxx-6.4.5/test/test71.cxx Examining data/libpqxx-6.4.5/test/test72.cxx Examining data/libpqxx-6.4.5/test/test73.cxx Examining data/libpqxx-6.4.5/test/test74.cxx Examining data/libpqxx-6.4.5/test/test75.cxx Examining data/libpqxx-6.4.5/test/test76.cxx Examining data/libpqxx-6.4.5/test/test77.cxx Examining data/libpqxx-6.4.5/test/test78.cxx Examining data/libpqxx-6.4.5/test/test79.cxx Examining data/libpqxx-6.4.5/test/test82.cxx Examining data/libpqxx-6.4.5/test/test84.cxx Examining data/libpqxx-6.4.5/test/test86.cxx Examining data/libpqxx-6.4.5/test/test87.cxx Examining data/libpqxx-6.4.5/test/test88.cxx Examining data/libpqxx-6.4.5/test/test89.cxx Examining data/libpqxx-6.4.5/test/test90.cxx Examining data/libpqxx-6.4.5/test/test92.cxx Examining data/libpqxx-6.4.5/test/test93.cxx Examining data/libpqxx-6.4.5/test/unit/runner.cxx Examining data/libpqxx-6.4.5/test/unit/test_array.cxx Examining data/libpqxx-6.4.5/test/unit/test_binarystring.cxx Examining data/libpqxx-6.4.5/test/unit/test_cancel_query.cxx Examining data/libpqxx-6.4.5/test/unit/test_cursor.cxx Examining data/libpqxx-6.4.5/test/unit/test_encodings.cxx Examining data/libpqxx-6.4.5/test/unit/test_error_verbosity.cxx Examining data/libpqxx-6.4.5/test/unit/test_errorhandler.cxx Examining data/libpqxx-6.4.5/test/unit/test_escape.cxx Examining data/libpqxx-6.4.5/test/unit/test_exceptions.cxx Examining data/libpqxx-6.4.5/test/unit/test_float.cxx Examining data/libpqxx-6.4.5/test/unit/test_notification.cxx Examining data/libpqxx-6.4.5/test/unit/test_parameterized.cxx Examining data/libpqxx-6.4.5/test/unit/test_pipeline.cxx Examining data/libpqxx-6.4.5/test/unit/test_prepared_statement.cxx Examining data/libpqxx-6.4.5/test/unit/test_read_transaction.cxx Examining data/libpqxx-6.4.5/test/unit/test_result_iteration.cxx Examining data/libpqxx-6.4.5/test/unit/test_result_slicing.cxx Examining data/libpqxx-6.4.5/test/unit/test_row.cxx Examining data/libpqxx-6.4.5/test/unit/test_simultaneous_transactions.cxx Examining data/libpqxx-6.4.5/test/unit/test_sql_cursor.cxx Examining data/libpqxx-6.4.5/test/unit/test_stateless_cursor.cxx Examining data/libpqxx-6.4.5/test/unit/test_stream_from.cxx Examining data/libpqxx-6.4.5/test/unit/test_stream_to.cxx Examining data/libpqxx-6.4.5/test/unit/test_string_conversion.cxx Examining data/libpqxx-6.4.5/test/unit/test_subtransaction.cxx Examining data/libpqxx-6.4.5/test/unit/test_test_helpers.cxx Examining data/libpqxx-6.4.5/test/unit/test_thread_safety_model.cxx Examining data/libpqxx-6.4.5/test/unit/test_transaction_base.cxx Examining data/libpqxx-6.4.5/test/unit/test_transactor.cxx Examining data/libpqxx-6.4.5/tools/pqxxthreadsafety.cxx Examining data/libpqxx-6.4.5/tools/rmlo.cxx Examining data/libpqxx-6.4.5/win32/libpqxx.cxx FINAL RESULTS: data/libpqxx-6.4.5/src/connection_base.cxx:391:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&buf[bytes], separator); data/libpqxx-6.4.5/src/connection_base.cxx:402:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&buf[bytes], &"\n"[buf[bytes-1]=='\n']); data/libpqxx-6.4.5/src/binarystring.cxx:39:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(static_cast<char *>(output), data, len); data/libpqxx-6.4.5/src/connection_base.cxx:388:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1007]; data/libpqxx-6.4.5/src/connection_base.cxx:395:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, &msg[written], bytes); data/libpqxx-6.4.5/src/connection_base.cxx:400:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, &msg[written], bytes); data/libpqxx-6.4.5/src/connection_base.cxx:517:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_errbuf[500]; data/libpqxx-6.4.5/src/largeobject.cxx:153:3: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(mode); data/libpqxx-6.4.5/src/largeobject.cxx:164:3: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(mode); data/libpqxx-6.4.5/src/largeobject.cxx:175:3: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(mode); data/libpqxx-6.4.5/src/largeobject.cxx:186:3: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(mode); data/libpqxx-6.4.5/src/largeobject.cxx:275:31: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void pqxx::largeobjectaccess::open(openmode mode) data/libpqxx-6.4.5/src/result.cxx:296:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return RowsStr[0] ? size_type(atoi(RowsStr)) : 0; data/libpqxx-6.4.5/src/strconv.cxx:144:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[size_buffer<T>()]; data/libpqxx-6.4.5/src/strconv.cxx:418:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4*sizeof(T)+1]; data/libpqxx-6.4.5/test/test50.cxx:66:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buf[200]; data/libpqxx-6.4.5/test/test51.cxx:27:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buf[200]; data/libpqxx-6.4.5/test/test53.cxx:31:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buf[200]; data/libpqxx-6.4.5/test/test55.cxx:22:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buf[200]; data/libpqxx-6.4.5/test/test58.cxx:26:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buf[200]; data/libpqxx-6.4.5/src/array.cxx:233:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_end(input == nullptr ? 0 : std::strlen(input)), data/libpqxx-6.4.5/src/connection_base.cxx:372:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const auto len = strlen(msg); data/libpqxx-6.4.5/src/connection_base.cxx:1116:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return this->esc(str, strlen(str)); data/libpqxx-6.4.5/src/largeobject.cxx:260:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). pqxx::largeobjectaccess::read(char Buf[], size_type Len) data/libpqxx-6.4.5/src/result.cxx:141:13: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. inline bool equal(const char lhs[], const char rhs[]) data/libpqxx-6.4.5/src/result.cxx:171:11: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(code,"23001")) throw restrict_violation{Err, Query, code}; data/libpqxx-6.4.5/src/result.cxx:172:11: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(code,"23502")) throw not_null_violation{Err, Query, code}; data/libpqxx-6.4.5/src/result.cxx:173:11: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(code,"23503")) data/libpqxx-6.4.5/src/result.cxx:175:11: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(code,"23505")) throw unique_violation{Err, Query, code}; data/libpqxx-6.4.5/src/result.cxx:176:11: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(code,"23514")) throw check_violation{Err, Query, code}; data/libpqxx-6.4.5/src/result.cxx:195:11: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(code, "40000")) throw transaction_rollback{Err}; data/libpqxx-6.4.5/src/result.cxx:196:11: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(code, "40001")) throw serialization_failure{Err}; data/libpqxx-6.4.5/src/result.cxx:197:11: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(code, "40003")) throw statement_completion_unknown{Err}; data/libpqxx-6.4.5/src/result.cxx:198:11: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(code, "40P01")) throw deadlock_detected{Err}; data/libpqxx-6.4.5/src/result.cxx:201:11: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(code,"42501")) throw insufficient_privilege{Err, Query}; data/libpqxx-6.4.5/src/result.cxx:202:11: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(code,"42601")) data/libpqxx-6.4.5/src/result.cxx:204:11: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(code,"42703")) throw undefined_column{Err, Query, code}; data/libpqxx-6.4.5/src/result.cxx:205:11: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(code,"42883")) throw undefined_function{Err, Query, code}; data/libpqxx-6.4.5/src/result.cxx:206:11: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(code,"42P01")) throw undefined_table{Err, Query, code}; data/libpqxx-6.4.5/src/result.cxx:213:11: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(code,"53100")) throw disk_full{Err, Query, code}; data/libpqxx-6.4.5/src/result.cxx:214:11: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(code,"53200")) throw out_of_memory{Err, Query, code}; data/libpqxx-6.4.5/src/result.cxx:215:11: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(code,"53300")) throw too_many_connections{Err}; data/libpqxx-6.4.5/src/result.cxx:221:9: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(code, "P0001")) throw plpgsql_raise{Err, Query, code}; data/libpqxx-6.4.5/src/result.cxx:222:9: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(code, "P0002")) data/libpqxx-6.4.5/src/result.cxx:224:9: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(code, "P0003")) data/libpqxx-6.4.5/src/strconv.cxx:47:13: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. inline bool equal(const char lhs[], const char rhs[]) data/libpqxx-6.4.5/src/strconv.cxx:317:2: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal("infinity", str) or data/libpqxx-6.4.5/src/strconv.cxx:318:2: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal("Infinity", str) or data/libpqxx-6.4.5/src/strconv.cxx:319:2: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal("INFINITY", str) or data/libpqxx-6.4.5/src/strconv.cxx:320:2: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal("inf", str); data/libpqxx-6.4.5/src/strconv.cxx:680:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. (not equal(Str+1, "alse")) and data/libpqxx-6.4.5/src/strconv.cxx:681:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. (not equal(Str+1, "ALSE"))); data/libpqxx-6.4.5/src/strconv.cxx:703:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. (not equal(Str+1, "rue")) and data/libpqxx-6.4.5/src/strconv.cxx:704:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. (not equal(Str+1, "RUE"))); data/libpqxx-6.4.5/test/test11.cxx:69:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(R[0][c].c_str()), data/libpqxx-6.4.5/test/test30.cxx:76:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). std::strlen(R[0][c].c_str()), data/libpqxx-6.4.5/test/test50.cxx:88:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). PQXX_CHECK(size_t(A.read(Buf, Size)) <= Size, "Got too many bytes."); data/libpqxx-6.4.5/test/test51.cxx:34:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t(A.read(Buf, Size)), data/libpqxx-6.4.5/test/test51.cxx:53:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t(A.read(Buf, Size)), data/libpqxx-6.4.5/test/test53.cxx:34:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const auto len = O.read(Buf, sizeof(Buf)-1); data/libpqxx-6.4.5/test/test55.cxx:26:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const auto len = A.read(Buf, sizeof(Buf)-1); data/libpqxx-6.4.5/test/test58.cxx:29:4: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). A.read(Buf, Size), data/libpqxx-6.4.5/test/test58.cxx:50:4: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). A.read(&Check, 1), data/libpqxx-6.4.5/test/test58.cxx:64:4: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). A.read(&Check, 1), data/libpqxx-6.4.5/test/test62.cxx:28:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(TestStr.c_str())); data/libpqxx-6.4.5/test/test92.cxx:21:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). PQXX_CHECK(data.size() > strlen(databuf), "Unknown data length problem."); ANALYSIS SUMMARY: Hits = 66 Lines analyzed = 17353 in approximately 0.59 seconds (29323 lines/second) Physical Source Lines of Code (SLOC) = 12644 Hits@level = [0] 0 [1] 46 [2] 18 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 66 [1+] 66 [2+] 20 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 5.21987 [1+] 5.21987 [2+] 1.58178 [3+] 0.158178 [4+] 0.158178 [5+] 0 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.