Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pgpointcloud-1.2.1/lib/cunit/cu_pc_bytes.c
Examining data/pgpointcloud-1.2.1/lib/cunit/cu_pc_patch.c
Examining data/pgpointcloud-1.2.1/lib/cunit/cu_pc_patch_lazperf.c
Examining data/pgpointcloud-1.2.1/lib/cunit/cu_pc_point.c
Examining data/pgpointcloud-1.2.1/lib/cunit/cu_pc_schema.c
Examining data/pgpointcloud-1.2.1/lib/cunit/cu_pc_sort.c
Examining data/pgpointcloud-1.2.1/lib/cunit/cu_pc_util.c
Examining data/pgpointcloud-1.2.1/lib/cunit/cu_tester.c
Examining data/pgpointcloud-1.2.1/lib/cunit/cu_tester.h
Examining data/pgpointcloud-1.2.1/lib/hashtable.c
Examining data/pgpointcloud-1.2.1/lib/hashtable.h
Examining data/pgpointcloud-1.2.1/lib/lazperf_adapter.cpp
Examining data/pgpointcloud-1.2.1/lib/lazperf_adapter.h
Examining data/pgpointcloud-1.2.1/lib/lazperf_adapter.hpp
Examining data/pgpointcloud-1.2.1/lib/pc_api.h
Examining data/pgpointcloud-1.2.1/lib/pc_api_internal.h
Examining data/pgpointcloud-1.2.1/lib/pc_bytes.c
Examining data/pgpointcloud-1.2.1/lib/pc_dimstats.c
Examining data/pgpointcloud-1.2.1/lib/pc_filter.c
Examining data/pgpointcloud-1.2.1/lib/pc_mem.c
Examining data/pgpointcloud-1.2.1/lib/pc_patch.c
Examining data/pgpointcloud-1.2.1/lib/pc_patch_dimensional.c
Examining data/pgpointcloud-1.2.1/lib/pc_patch_lazperf.c
Examining data/pgpointcloud-1.2.1/lib/pc_patch_uncompressed.c
Examining data/pgpointcloud-1.2.1/lib/pc_point.c
Examining data/pgpointcloud-1.2.1/lib/pc_pointlist.c
Examining data/pgpointcloud-1.2.1/lib/pc_schema.c
Examining data/pgpointcloud-1.2.1/lib/pc_sort.c
Examining data/pgpointcloud-1.2.1/lib/pc_stats.c
Examining data/pgpointcloud-1.2.1/lib/pc_util.c
Examining data/pgpointcloud-1.2.1/lib/pc_val.c
Examining data/pgpointcloud-1.2.1/lib/sort_r/sort_r.h
Examining data/pgpointcloud-1.2.1/lib/stringbuffer.c
Examining data/pgpointcloud-1.2.1/lib/stringbuffer.h
Examining data/pgpointcloud-1.2.1/pgsql/pc_access.c
Examining data/pgpointcloud-1.2.1/pgsql/pc_editor.c
Examining data/pgpointcloud-1.2.1/pgsql/pc_inout.c
Examining data/pgpointcloud-1.2.1/pgsql/pc_pgsql.c
Examining data/pgpointcloud-1.2.1/pgsql/pc_pgsql.h
FINAL RESULTS:
data/pgpointcloud-1.2.1/lib/cunit/cu_tester.c:32:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(cu_error_msg, MAX_CUNIT_MSG_LENGTH-1, fmt, ap);
data/pgpointcloud-1.2.1/lib/pc_api.h:207:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ (( format (printf, 1, 0) ));
data/pgpointcloud-1.2.1/lib/pc_mem.c:61:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(newfmt, ap);
data/pgpointcloud-1.2.1/lib/stringbuffer.c:218:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(s->str_end, maxlen, fmt, ap2);
data/pgpointcloud-1.2.1/lib/stringbuffer.c:242:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(s->str_end, maxlen, fmt, ap);
data/pgpointcloud-1.2.1/pgsql/pc_pgsql.c:63:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ (( format (printf, 2, 0) ));
data/pgpointcloud-1.2.1/pgsql/pc_pgsql.c:70:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, MSG_MAXLEN, fmt, ap);
data/pgpointcloud-1.2.1/pgsql/pc_pgsql.c:76:67: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
pgsql_error(const char *fmt, va_list ap) __attribute__ (( format (printf, 1, 0) ));
data/pgpointcloud-1.2.1/pgsql/pc_pgsql.c:85:66: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
pgsql_warn(const char *fmt, va_list ap) __attribute__ (( format (printf, 1, 0) ));
data/pgpointcloud-1.2.1/pgsql/pc_pgsql.c:94:66: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
pgsql_info(const char *fmt, va_list ap) __attribute__ (( format (printf, 1, 0) ));
data/pgpointcloud-1.2.1/pgsql/pc_pgsql.c:252:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sql, "select %s, %s from %s where pcid = %d",
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_bytes.c:475:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&i, fpcb.bytes+1, 4);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_bytes.c:477:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&i, fpcb.bytes+6, 4);
data/pgpointcloud-1.2.1/lib/cunit/cu_tester.c:194:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullpath[512];
data/pgpointcloud-1.2.1/lib/cunit/cu_tester.c:200:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXLINELEN];
data/pgpointcloud-1.2.1/lib/cunit/cu_tester.c:203:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fr = fopen (fullpath, "rt");
data/pgpointcloud-1.2.1/lib/cunit/cu_tester.c:217:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, buf, lnsz);
data/pgpointcloud-1.2.1/lib/cunit/cu_tester.h:18:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cu_error_msg[MAX_CUNIT_MSG_LENGTH+1];
data/pgpointcloud-1.2.1/lib/lazperf_adapter.cpp:29:28: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
*compressed = (uint8_t*) memcpy(*compressed, buf.data(), size);
data/pgpointcloud-1.2.1/lib/pc_bytes.c:59:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pcbnew.bytes, pcb.bytes, pcb.size);
data/pgpointcloud-1.2.1/lib/pc_bytes.c:200:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufptr, runstart, size);
data/pgpointcloud-1.2.1/lib/pc_bytes.c:211:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bytes_rle, buf, pcbout.size);
data/pgpointcloud-1.2.1/lib/pc_bytes.c:263:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bytes_ptr, bytes_rle_ptr, size);
data/pgpointcloud-1.2.1/lib/pc_bytes.c:301:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pcb.bytes, oldbytes, pcb.size);
data/pgpointcloud-1.2.1/lib/pc_bytes.c:1262:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pcbout.bytes, buf, have);
data/pgpointcloud-1.2.1/lib/pc_bytes.c:1350:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &pcbsize, size_num_size);
data/pgpointcloud-1.2.1/lib/pc_bytes.c:1353:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, pcb->bytes, pcb->size);
data/pgpointcloud-1.2.1/lib/pc_bytes.c:1374:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pcb->bytes, buf+5, pcb->size);
data/pgpointcloud-1.2.1/lib/pc_bytes.c:1515:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fbuf, buf, sz);
data/pgpointcloud-1.2.1/lib/pc_bytes.c:1562:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fptr, &fcount, 1);
data/pgpointcloud-1.2.1/lib/pc_bytes.c:1566:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fptr, ptr+1, sz);
data/pgpointcloud-1.2.1/lib/pc_bytes.c:1705:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,pcb.bytes+n*size,size);
data/pgpointcloud-1.2.1/lib/pc_bytes.c:1722:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,bytes_rle_ptr+1,size);
data/pgpointcloud-1.2.1/lib/pc_bytes.c:1765:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,&res,sizeof(res)); \
data/pgpointcloud-1.2.1/lib/pc_filter.c:107:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fbuf, buf, sz);
data/pgpointcloud-1.2.1/lib/pc_mem.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newfmt[1024] = {0};
data/pgpointcloud-1.2.1/lib/pc_mem.c:132:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newstr, str, len + 1);
data/pgpointcloud-1.2.1/lib/pc_patch.c:397:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, pu->data, sz);
data/pgpointcloud-1.2.1/lib/pc_patch.c:406:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, pu->data, sz);
data/pgpointcloud-1.2.1/lib/pc_patch.c:414:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, pu->data, sz);
data/pgpointcloud-1.2.1/lib/pc_patch.c:479:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, pu->data + start, size);
data/pgpointcloud-1.2.1/lib/pc_patch.c:536:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdata, ddata, pdim->size);
data/pgpointcloud-1.2.1/lib/pc_patch_dimensional.c:35:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdl, patch, sizeof(PCPATCH_DIMENSIONAL));
data/pgpointcloud-1.2.1/lib/pc_patch_dimensional.c:98:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to, from, dim->size);
data/pgpointcloud-1.2.1/lib/pc_patch_dimensional.c:123:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdl_compressed, pdl, sizeof(PCPATCH_DIMENSIONAL));
data/pgpointcloud-1.2.1/lib/pc_patch_dimensional.c:149:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdl_decompressed, pdl, sizeof(PCPATCH_DIMENSIONAL));
data/pgpointcloud-1.2.1/lib/pc_patch_dimensional.c:236:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wkb + 1, &pcid, 4); /* Write PCID */
data/pgpointcloud-1.2.1/lib/pc_patch_dimensional.c:237:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wkb + 5, &compression, 4); /* Write compression */
data/pgpointcloud-1.2.1/lib/pc_patch_dimensional.c:238:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wkb + 9, &npoints, 4); /* Write npoints */
data/pgpointcloud-1.2.1/lib/pc_patch_lazperf.c:59:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(palaz->lazperf, compressed, compressSize);
data/pgpointcloud-1.2.1/lib/pc_patch_lazperf.c:113:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pcu->data, decompressed, datasize);
data/pgpointcloud-1.2.1/lib/pc_patch_lazperf.c:165:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wkb + 1, &pcid, 4); /* Write PCID */
data/pgpointcloud-1.2.1/lib/pc_patch_lazperf.c:166:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wkb + 5, &compression, 4); /* Write compression */
data/pgpointcloud-1.2.1/lib/pc_patch_lazperf.c:167:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wkb + 9, &npoints, 4); /* Write npoints */
data/pgpointcloud-1.2.1/lib/pc_patch_lazperf.c:168:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wkb + 13, &lazperfsize, 4); /* Write lazperf buffer size */
data/pgpointcloud-1.2.1/lib/pc_patch_lazperf.c:171:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, patch->lazperf, patch->lazperfsize);
data/pgpointcloud-1.2.1/lib/pc_patch_lazperf.c:224:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(patch->lazperf, buf, lazperfsize);
data/pgpointcloud-1.2.1/lib/pc_patch_lazperf.c:253:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pt->data, pau->data + n * size, size);
data/pgpointcloud-1.2.1/lib/pc_patch_uncompressed.c:88:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wkb + 1, &pcid, 4); /* Write PCID */
data/pgpointcloud-1.2.1/lib/pc_patch_uncompressed.c:89:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wkb + 5, &compression, 4); /* Write compression */
data/pgpointcloud-1.2.1/lib/pc_patch_uncompressed.c:90:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wkb + 9, &npoints, 4); /* Write npoints */
data/pgpointcloud-1.2.1/lib/pc_patch_uncompressed.c:91:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wkb + 13, patch->data, patch->datasize); /* Write data */
data/pgpointcloud-1.2.1/lib/pc_patch_uncompressed.c:133:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, wkb+hdrsz, npoints*s->size);
data/pgpointcloud-1.2.1/lib/pc_patch_uncompressed.c:312:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, pt->data, s->size);
data/pgpointcloud-1.2.1/lib/pc_patch_uncompressed.c:371:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, in, dim->size);
data/pgpointcloud-1.2.1/lib/pc_patch_uncompressed.c:425:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, p->data, sz);
data/pgpointcloud-1.2.1/lib/pc_point.c:290:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, wkb+hdrsz, wkblen-hdrsz);
data/pgpointcloud-1.2.1/lib/pc_point.c:310:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wkb + 1, &(pt->schema->pcid), 4); /* Write PCID */
data/pgpointcloud-1.2.1/lib/pc_point.c:311:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wkb + 5, pt->data, pt->schema->size); /* Write data */
data/pgpointcloud-1.2.1/lib/pc_point.c:359:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &wkbtype, 4); /* WKB type */
data/pgpointcloud-1.2.1/lib/pc_point.c:364:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &srid, 4); /* SRID */
data/pgpointcloud-1.2.1/lib/pc_point.c:368:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &x, 8); /* X */
data/pgpointcloud-1.2.1/lib/pc_point.c:371:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &y, 8); /* Y */
data/pgpointcloud-1.2.1/lib/pc_point.c:376:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &z, 8); /* Z */
data/pgpointcloud-1.2.1/lib/pc_point.c:382:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &m, 8); /* M */
data/pgpointcloud-1.2.1/lib/pc_pointlist.c:89:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, in, dim->size);
data/pgpointcloud-1.2.1/lib/pc_schema.c:20:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *INTERPRETATION_STRINGS[NUM_INTERPRETATIONS] =
data/pgpointcloud-1.2.1/lib/pc_schema.c:165:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pcd, dim, sizeof(PCDIMENSION));
data/pgpointcloud-1.2.1/lib/pc_schema.c:465:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
d->size = atoi(content);
data/pgpointcloud-1.2.1/lib/pc_schema.c:467:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
d->active = atoi(content);
data/pgpointcloud-1.2.1/lib/pc_schema.c:469:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
d->position = atoi(content) - 1;
data/pgpointcloud-1.2.1/lib/pc_sort.c:53:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(spu->data, pu->data, pu->datasize);
data/pgpointcloud-1.2.1/lib/pc_stats.c:141:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->min.data, stats->min.data, stats->min.schema->size);
data/pgpointcloud-1.2.1/lib/pc_stats.c:142:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->max.data, stats->max.data, stats->max.schema->size);
data/pgpointcloud-1.2.1/lib/pc_stats.c:143:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->avg.data, stats->avg.data, stats->avg.schema->size);
data/pgpointcloud-1.2.1/lib/pc_util.c:111:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b, &val, 4);
data/pgpointcloud-1.2.1/lib/pc_util.c:118:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val, b, 4);
data/pgpointcloud-1.2.1/lib/pc_util.c:127:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b, &val, 2);
data/pgpointcloud-1.2.1/lib/pc_util.c:131:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val, b, 2);
data/pgpointcloud-1.2.1/lib/pc_util.c:139:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&i, wkb, 4);
data/pgpointcloud-1.2.1/lib/pc_util.c:150:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&i, wkb, 2);
data/pgpointcloud-1.2.1/lib/pc_util.c:160:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wkb, &d, 8);
data/pgpointcloud-1.2.1/lib/pc_util.c:168:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wkb, &i, 4);
data/pgpointcloud-1.2.1/lib/pc_util.c:176:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wkb, &c, 1);
data/pgpointcloud-1.2.1/lib/pc_util.c:189:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pcid, wkb + 1, 4);
data/pgpointcloud-1.2.1/lib/pc_util.c:206:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&compression, wkb+1+4, 4);
data/pgpointcloud-1.2.1/lib/pc_util.c:224:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&npoints, wkb+1+4+4, 4);
data/pgpointcloud-1.2.1/lib/pc_util.c:239:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, bytebuf, bufsize);
data/pgpointcloud-1.2.1/lib/pc_val.c:59:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(v), ptr, sizeof(uint8_t));
data/pgpointcloud-1.2.1/lib/pc_val.c:65:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(v), ptr, sizeof(uint16_t));
data/pgpointcloud-1.2.1/lib/pc_val.c:71:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(v), ptr, sizeof(uint32_t));
data/pgpointcloud-1.2.1/lib/pc_val.c:77:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(v), ptr, sizeof(uint64_t));
data/pgpointcloud-1.2.1/lib/pc_val.c:83:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(v), ptr, sizeof(int8_t));
data/pgpointcloud-1.2.1/lib/pc_val.c:89:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(v), ptr, sizeof(int16_t));
data/pgpointcloud-1.2.1/lib/pc_val.c:95:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(v), ptr, sizeof(int32_t));
data/pgpointcloud-1.2.1/lib/pc_val.c:101:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(v), ptr, sizeof(int64_t));
data/pgpointcloud-1.2.1/lib/pc_val.c:107:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(v), ptr, sizeof(float));
data/pgpointcloud-1.2.1/lib/pc_val.c:113:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(v), ptr, sizeof(double));
data/pgpointcloud-1.2.1/lib/pc_val.c:144:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &(v), sizeof(uint8_t));
data/pgpointcloud-1.2.1/lib/pc_val.c:152:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &(v), sizeof(uint16_t));
data/pgpointcloud-1.2.1/lib/pc_val.c:160:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &(v), sizeof(uint32_t));
data/pgpointcloud-1.2.1/lib/pc_val.c:168:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &(v), sizeof(uint64_t));
data/pgpointcloud-1.2.1/lib/pc_val.c:176:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &(v), sizeof(int8_t));
data/pgpointcloud-1.2.1/lib/pc_val.c:184:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &(v), sizeof(int16_t));
data/pgpointcloud-1.2.1/lib/pc_val.c:192:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &(v), sizeof(int32_t));
data/pgpointcloud-1.2.1/lib/pc_val.c:200:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &(v), sizeof(int64_t));
data/pgpointcloud-1.2.1/lib/pc_val.c:206:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &(v), sizeof(float));
data/pgpointcloud-1.2.1/lib/pc_val.c:212:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &(v), sizeof(double));
data/pgpointcloud-1.2.1/lib/sort_r/sort_r.h:85:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *l[3];
data/pgpointcloud-1.2.1/lib/stringbuffer.c:131:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->str_end, a, alen0);
data/pgpointcloud-1.2.1/lib/stringbuffer.c:169:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, s->str_start, size-1);
data/pgpointcloud-1.2.1/pgsql/pc_access.c:920:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[64];
data/pgpointcloud-1.2.1/pgsql/pc_access.c:930:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[12];
data/pgpointcloud-1.2.1/pgsql/pc_access.c:940:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[64];
data/pgpointcloud-1.2.1/pgsql/pc_editor.c:35:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(serpatch, serpa, serpa->size);
data/pgpointcloud-1.2.1/pgsql/pc_inout.c:287:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(VARDATA(wkb), bytes, bytes_size);
data/pgpointcloud-1.2.1/pgsql/pc_inout.c:309:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(VARDATA(wkb), bytes, bytes_size);
data/pgpointcloud-1.2.1/pgsql/pc_inout.c:353:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(VARDATA(wkb), bytes, bytes_size);
data/pgpointcloud-1.2.1/pgsql/pc_inout.c:422:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "(%u)", pcid);
data/pgpointcloud-1.2.1/pgsql/pc_pgsql.c:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MSG_MAXLEN] = {0};
data/pgpointcloud-1.2.1/pgsql/pc_pgsql.c:239:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[256];
data/pgpointcloud-1.2.1/pgsql/pc_pgsql.c:286:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xml, xml_spi, size);
data/pgpointcloud-1.2.1/pgsql/pc_pgsql.c:289:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
srid = atoi(srid_spi);
data/pgpointcloud-1.2.1/pgsql/pc_pgsql.c:412:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(serpt->data, pcpt->data, pcpt->schema->size);
data/pgpointcloud-1.2.1/pgsql/pc_pgsql.c:471:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, stats->min.data, sz);
data/pgpointcloud-1.2.1/pgsql/pc_pgsql.c:473:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + sz, stats->max.data, sz);
data/pgpointcloud-1.2.1/pgsql/pc_pgsql.c:475:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 2*sz, stats->avg.data, sz);
data/pgpointcloud-1.2.1/pgsql/pc_pgsql.c:579:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &(lazsize), 4);
data/pgpointcloud-1.2.1/pgsql/pc_pgsql.c:583:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, patch->lazperf, patch->lazperfsize);
data/pgpointcloud-1.2.1/pgsql/pc_pgsql.c:626:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, patch->data, patch->datasize);
data/pgpointcloud-1.2.1/pgsql/pc_pgsql.c:841:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&lazperfsize, buf, 4);
data/pgpointcloud-1.2.1/pgsql/pc_pgsql.c:846:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(patch->lazperf, buf, patch->lazperfsize);
data/pgpointcloud-1.2.1/pgsql/pc_pgsql.c:871:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wkb, &d, 8);
data/pgpointcloud-1.2.1/pgsql/pc_pgsql.c:879:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wkb, &i, 4);
data/pgpointcloud-1.2.1/pgsql/pc_pgsql.c:887:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wkb, &c, 1);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_bytes.c:77:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pcb = initbytes((uint8_t *)bytes, strlen(bytes), PC_UINT8);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_bytes.c:82:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pcb = initbytes((uint8_t *)bytes, strlen(bytes), PC_UINT8);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_bytes.c:87:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pcb = initbytes((uint8_t *)bytes, strlen(bytes), PC_UINT8);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_bytes.c:92:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pcb = initbytes((uint8_t *)bytes, strlen(bytes), PC_UINT8);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_bytes.c:97:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pcb = initbytes((uint8_t *)bytes, strlen(bytes), PC_UINT8);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_bytes.c:102:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pcb = initbytes((uint8_t *)bytes, strlen(bytes), PC_UINT8);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_bytes.c:107:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pcb = initbytes((uint8_t *)bytes, strlen(bytes), PC_UINT8);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_bytes.c:125:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pcb = initbytes((uint8_t *)bytes, strlen(bytes), PC_UINT8);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_bytes.c:183:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pcb = initbytes(bytes, strlen((char *)bytes), PC_UINT8);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_bytes.c:189:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pcb = initbytes(bytes, strlen((char *)bytes), PC_UINT8);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_bytes.c:201:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pcb = initbytes(bytes, strlen((char *)bytes), PC_UINT16);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_bytes.c:211:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pcb = initbytes((uint8_t *)bytes, strlen((char *)bytes), PC_INT8);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_bytes.c:227:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pcb = initbytes(bytes, strlen((char *)bytes), PC_INT8);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_bytes.c:390:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pcb = initbytes(bytes, strlen((char *)bytes), PC_INT8);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_bytes.c:424:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pcb = initbytes((uint8_t *)bytes, strlen(bytes), PC_UINT8);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_bytes.c:507:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pcb = initbytes((uint8_t *)bytes, strlen(bytes), PC_UINT8);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_patch.c:141:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t hexsize = strlen(hexbuf);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_patch.c:243:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint8_t *bytes = pc_bytes_from_hexbytes(hexpt, strlen(hexpt));
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_patch.c:247:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pt = pc_point_from_wkb(lasschema, bytes, strlen(hexpt)/2);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_patch.c:252:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pt = pc_point_from_wkb(lasschema, bytes, strlen(hexpt)/2);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_patch.c:640:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t hexsize = strlen(hexbuf);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_patch.c:674:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t hexsize = strlen(hexbuf);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_patch.c:777:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t hexsize = strlen(hexbuf);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_point.c:88:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t hexsize = strlen(hexbuf);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_point.c:104:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hexsize = strlen(hexbuf);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_point.c:277:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pthexsize = strlen(pthexbytes);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_sort.c:59:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t hexsize = strlen(hexbuf);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_sort.c:106:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t hexsize = strlen(hexbuf);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_sort.c:151:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t hexsize = strlen(hexbuf);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_sort.c:194:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t hexsize = strlen(hexbuf);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_sort.c:231:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t hexsize = strlen(hexbuf);
data/pgpointcloud-1.2.1/lib/cunit/cu_pc_sort.c:343:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t hexsize = strlen(hexbuf);
data/pgpointcloud-1.2.1/lib/cunit/cu_tester.c:209:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lnsz = strlen(buf);
data/pgpointcloud-1.2.1/lib/pc_mem.c:130:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(str);
data/pgpointcloud-1.2.1/lib/pc_schema.c:398:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t xml_size = strlen(xml_ptr);
data/pgpointcloud-1.2.1/lib/stringbuffer.c:128:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int alen = strlen(a); /* Length of string to append */
data/pgpointcloud-1.2.1/pgsql/pc_access.c:676:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( *ptr == ',' || strncmp(ptr, "auto", strlen("auto")) == 0 ) {
data/pgpointcloud-1.2.1/pgsql/pc_access.c:679:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ( strncmp(ptr, "rle", strlen("rle")) == 0 ) {
data/pgpointcloud-1.2.1/pgsql/pc_access.c:682:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ( strncmp(ptr, "sigbits", strlen("sigbits")) == 0 ) {
data/pgpointcloud-1.2.1/pgsql/pc_access.c:685:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ( strncmp(ptr, "zlib", strlen("zlib")) == 0 ) {
data/pgpointcloud-1.2.1/pgsql/pc_inout.c:77:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pt = pc_point_from_hexwkb(str, strlen(str), fcinfo);
data/pgpointcloud-1.2.1/pgsql/pc_inout.c:133:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
patch = pc_patch_from_hexwkb(str, strlen(str), fcinfo);
data/pgpointcloud-1.2.1/pgsql/pc_pgsql.c:284:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(xml_spi) + 1;
ANALYSIS SUMMARY:
Hits = 188
Lines analyzed = 15780 in approximately 0.37 seconds (42434 lines/second)
Physical Source Lines of Code (SLOC) = 11225
Hits@level = [0] 19 [1] 43 [2] 134 [3] 0 [4] 11 [5] 0
Hits@level+ = [0+] 207 [1+] 188 [2+] 145 [3+] 11 [4+] 11 [5+] 0
Hits/KSLOC@level+ = [0+] 18.441 [1+] 16.7483 [2+] 12.9176 [3+] 0.979955 [4+] 0.979955 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.