Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pgqd-3.3/lib/test/test_bits.c
Examining data/pgqd-3.3/lib/test/test_netdb.c
Examining data/pgqd-3.3/lib/test/test_base.c
Examining data/pgqd-3.3/lib/test/test_psrandom.c
Examining data/pgqd-3.3/lib/test/test_regex.c
Examining data/pgqd-3.3/lib/test/test_hashing.c
Examining data/pgqd-3.3/lib/test/test_shlist.c
Examining data/pgqd-3.3/lib/test/test_aatree.c
Examining data/pgqd-3.3/lib/test/test_strpool.c
Examining data/pgqd-3.3/lib/test/test_utf8.c
Examining data/pgqd-3.3/lib/test/test_endian.c
Examining data/pgqd-3.3/lib/test/test_common.h
Examining data/pgqd-3.3/lib/test/test_pgutil.c
Examining data/pgqd-3.3/lib/test/tinytest_demo.c
Examining data/pgqd-3.3/lib/test/test_json.c
Examining data/pgqd-3.3/lib/test/tinytest.h
Examining data/pgqd-3.3/lib/test/test_socket.c
Examining data/pgqd-3.3/lib/test/test_cbtree.c
Examining data/pgqd-3.3/lib/test/test_crypto.c
Examining data/pgqd-3.3/lib/test/tinytest_macros.h
Examining data/pgqd-3.3/lib/test/test_fnmatch.c
Examining data/pgqd-3.3/lib/test/test_getopt.c
Examining data/pgqd-3.3/lib/test/test_mdict.c
Examining data/pgqd-3.3/lib/test/test_tls.c
Examining data/pgqd-3.3/lib/test/test_cxalloc.c
Examining data/pgqd-3.3/lib/test/test_cfparser.c
Examining data/pgqd-3.3/lib/test/test_heap.c
Examining data/pgqd-3.3/lib/test/attregex/testregex.c
Examining data/pgqd-3.3/lib/test/test_common.c
Examining data/pgqd-3.3/lib/test/test_event.c
Examining data/pgqd-3.3/lib/test/compile.c
Examining data/pgqd-3.3/lib/test/test_time.c
Examining data/pgqd-3.3/lib/test/test_string.c
Examining data/pgqd-3.3/lib/test/test_talloc.c
Examining data/pgqd-3.3/lib/test/test_wchar.c
Examining data/pgqd-3.3/lib/test/test_list.c
Examining data/pgqd-3.3/lib/test/tinytest.c
Examining data/pgqd-3.3/lib/test/test_ctype.c
Examining data/pgqd-3.3/lib/test/connect-tls.c
Examining data/pgqd-3.3/lib/test/test_fileutil.c
Examining data/pgqd-3.3/lib/test/test_hashtab.c
Examining data/pgqd-3.3/lib/usual/bits.h
Examining data/pgqd-3.3/lib/usual/psrandom.c
Examining data/pgqd-3.3/lib/usual/time.h
Examining data/pgqd-3.3/lib/usual/statlist.h
Examining data/pgqd-3.3/lib/usual/socket.h
Examining data/pgqd-3.3/lib/usual/aatree.c
Examining data/pgqd-3.3/lib/usual/base_win32.h
Examining data/pgqd-3.3/lib/usual/slab.c
Examining data/pgqd-3.3/lib/usual/strpool.c
Examining data/pgqd-3.3/lib/usual/event.h
Examining data/pgqd-3.3/lib/usual/shlist.h
Examining data/pgqd-3.3/lib/usual/cxextra.c
Examining data/pgqd-3.3/lib/usual/pgsocket.h
Examining data/pgqd-3.3/lib/usual/json.h
Examining data/pgqd-3.3/lib/usual/mempool.h
Examining data/pgqd-3.3/lib/usual/logging.c
Examining data/pgqd-3.3/lib/usual/mdict.c
Examining data/pgqd-3.3/lib/usual/endian.h
Examining data/pgqd-3.3/lib/usual/heap.h
Examining data/pgqd-3.3/lib/usual/signal.h
Examining data/pgqd-3.3/lib/usual/regex.c
Examining data/pgqd-3.3/lib/usual/netdb.c
Examining data/pgqd-3.3/lib/usual/regex.h
Examining data/pgqd-3.3/lib/usual/pgsocket.c
Examining data/pgqd-3.3/lib/usual/socket_ntop.c
Examining data/pgqd-3.3/lib/usual/cfparser.h
Examining data/pgqd-3.3/lib/usual/dlfcn.h
Examining data/pgqd-3.3/lib/usual/utf8.h
Examining data/pgqd-3.3/lib/usual/socket_pton.c
Examining data/pgqd-3.3/lib/usual/ctype.h
Examining data/pgqd-3.3/lib/usual/mbuf.c
Examining data/pgqd-3.3/lib/usual/getopt.c
Examining data/pgqd-3.3/lib/usual/cfparser.c
Examining data/pgqd-3.3/lib/usual/utf8.c
Examining data/pgqd-3.3/lib/usual/socket.c
Examining data/pgqd-3.3/lib/usual/mdict.h
Examining data/pgqd-3.3/lib/usual/time.c
Examining data/pgqd-3.3/lib/usual/heap.c
Examining data/pgqd-3.3/lib/usual/crypto/sha256.h
Examining data/pgqd-3.3/lib/usual/crypto/hmac.c
Examining data/pgqd-3.3/lib/usual/crypto/md5.h
Examining data/pgqd-3.3/lib/usual/crypto/csrandom.c
Examining data/pgqd-3.3/lib/usual/crypto/chacha.h
Examining data/pgqd-3.3/lib/usual/crypto/digest.h
Examining data/pgqd-3.3/lib/usual/crypto/sha3.c
Examining data/pgqd-3.3/lib/usual/crypto/sha3.h
Examining data/pgqd-3.3/lib/usual/crypto/keccak_prng.c
Examining data/pgqd-3.3/lib/usual/crypto/sha256.c
Examining data/pgqd-3.3/lib/usual/crypto/hmac.h
Examining data/pgqd-3.3/lib/usual/crypto/csrandom.h
Examining data/pgqd-3.3/lib/usual/crypto/keccak_prng.h
Examining data/pgqd-3.3/lib/usual/crypto/keccak.h
Examining data/pgqd-3.3/lib/usual/crypto/sha1.h
Examining data/pgqd-3.3/lib/usual/crypto/entropy.c
Examining data/pgqd-3.3/lib/usual/crypto/sha512.h
Examining data/pgqd-3.3/lib/usual/crypto/digest.c
Examining data/pgqd-3.3/lib/usual/crypto/keccak.c
Examining data/pgqd-3.3/lib/usual/crypto/entropy.h
Examining data/pgqd-3.3/lib/usual/crypto/chacha.c
Examining data/pgqd-3.3/lib/usual/crypto/md5.c
Examining data/pgqd-3.3/lib/usual/crypto/sha1.c
Examining data/pgqd-3.3/lib/usual/crypto/sha512.c
Examining data/pgqd-3.3/lib/usual/socket_win32.h
Examining data/pgqd-3.3/lib/usual/wchar.h
Examining data/pgqd-3.3/lib/usual/slab.h
Examining data/pgqd-3.3/lib/usual/safeio.c
Examining data/pgqd-3.3/lib/usual/string.c
Examining data/pgqd-3.3/lib/usual/cxextra.h
Examining data/pgqd-3.3/lib/usual/err.c
Examining data/pgqd-3.3/lib/usual/cxalloc.c
Examining data/pgqd-3.3/lib/usual/talloc.h
Examining data/pgqd-3.3/lib/usual/fnmatch.c
Examining data/pgqd-3.3/lib/usual/pgutil_kwlookup.h
Examining data/pgqd-3.3/lib/usual/event.c
Examining data/pgqd-3.3/lib/usual/pgutil.h
Examining data/pgqd-3.3/lib/usual/cbtree.c
Examining data/pgqd-3.3/lib/usual/hashing/spooky.h
Examining data/pgqd-3.3/lib/usual/hashing/xxhash.c
Examining data/pgqd-3.3/lib/usual/hashing/memhash.h
Examining data/pgqd-3.3/lib/usual/hashing/lookup3.h
Examining data/pgqd-3.3/lib/usual/hashing/spooky.c
Examining data/pgqd-3.3/lib/usual/hashing/xxhash.h
Examining data/pgqd-3.3/lib/usual/hashing/siphash.c
Examining data/pgqd-3.3/lib/usual/hashing/memhash.c
Examining data/pgqd-3.3/lib/usual/hashing/lookup3.c
Examining data/pgqd-3.3/lib/usual/hashing/siphash.h
Examining data/pgqd-3.3/lib/usual/hashing/crc32.h
Examining data/pgqd-3.3/lib/usual/hashing/crc32.c
Examining data/pgqd-3.3/lib/usual/list.c
Examining data/pgqd-3.3/lib/usual/cbtree.h
Examining data/pgqd-3.3/lib/usual/daemon.c
Examining data/pgqd-3.3/lib/usual/tls/tls_peer.c
Examining data/pgqd-3.3/lib/usual/tls/tls.h
Examining data/pgqd-3.3/lib/usual/tls/tls_server.c
Examining data/pgqd-3.3/lib/usual/tls/tls_config.c
Examining data/pgqd-3.3/lib/usual/tls/tls_internal.h
Examining data/pgqd-3.3/lib/usual/tls/tls_conninfo.c
Examining data/pgqd-3.3/lib/usual/tls/tls_client.c
Examining data/pgqd-3.3/lib/usual/tls/tls_ocsp.c
Examining data/pgqd-3.3/lib/usual/tls/tls.c
Examining data/pgqd-3.3/lib/usual/tls/tls_util.c
Examining data/pgqd-3.3/lib/usual/tls/tls_cert.c
Examining data/pgqd-3.3/lib/usual/tls/tls_verify.c
Examining data/pgqd-3.3/lib/usual/tls/tls_compat.h
Examining data/pgqd-3.3/lib/usual/tls/tls_cert.h
Examining data/pgqd-3.3/lib/usual/tls/tls_compat.c
Examining data/pgqd-3.3/lib/usual/config_msvc.h
Examining data/pgqd-3.3/lib/usual/list.h
Examining data/pgqd-3.3/lib/usual/daemon.h
Examining data/pgqd-3.3/lib/usual/string.h
Examining data/pgqd-3.3/lib/usual/pthread.c
Examining data/pgqd-3.3/lib/usual/signal.c
Examining data/pgqd-3.3/lib/usual/getopt.h
Examining data/pgqd-3.3/lib/usual/cxalloc.h
Examining data/pgqd-3.3/lib/usual/base.c
Examining data/pgqd-3.3/lib/usual/err.h
Examining data/pgqd-3.3/lib/usual/strpool.h
Examining data/pgqd-3.3/lib/usual/json.c
Examining data/pgqd-3.3/lib/usual/pgutil.c
Examining data/pgqd-3.3/lib/usual/dlfcn.c
Examining data/pgqd-3.3/lib/usual/psrandom.h
Examining data/pgqd-3.3/lib/usual/bytemap.h
Examining data/pgqd-3.3/lib/usual/netdb.h
Examining data/pgqd-3.3/lib/usual/fileutil.c
Examining data/pgqd-3.3/lib/usual/logging.h
Examining data/pgqd-3.3/lib/usual/base.h
Examining data/pgqd-3.3/lib/usual/wchar.c
Examining data/pgqd-3.3/lib/usual/mempool.c
Examining data/pgqd-3.3/lib/usual/fnmatch.h
Examining data/pgqd-3.3/lib/usual/aatree.h
Examining data/pgqd-3.3/lib/usual/fileutil.h
Examining data/pgqd-3.3/lib/usual/talloc.c
Examining data/pgqd-3.3/lib/usual/safeio.h
Examining data/pgqd-3.3/lib/usual/pthread.h
Examining data/pgqd-3.3/lib/usual/misc.h
Examining data/pgqd-3.3/lib/usual/mbuf.h
Examining data/pgqd-3.3/lib/usual/hashtab-impl.h
Examining data/pgqd-3.3/src/maint.c
Examining data/pgqd-3.3/src/pgqd.c
Examining data/pgqd-3.3/src/retry.c
Examining data/pgqd-3.3/src/pgqd.h
Examining data/pgqd-3.3/src/ticker.c
FINAL RESULTS:
data/pgqd-3.3/lib/usual/base_win32.h:67:9: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
#define chown(f, u, g) (-1)
data/pgqd-3.3/lib/test/attregex/testregex.c:162:26: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define H(x) do{if(html)fprintf(stderr,x);}while(0)
data/pgqd-3.3/lib/test/attregex/testregex.c:163:15: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define T(x) fprintf(stderr,x)
data/pgqd-3.3/lib/test/attregex/testregex.c:1817:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ppat = pat, re);
data/pgqd-3.3/lib/test/test_cxalloc.c:25:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(logbuf + len, sizeof(logbuf) - len, fmt, ap);
data/pgqd-3.3/lib/test/test_tls.c:70:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof buf, s, ap);
data/pgqd-3.3/lib/test/tinytest.c:43:25: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define evutil_snprintf snprintf
data/pgqd-3.3/lib/test/tinytest_macros.h:44:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf args ; \
data/pgqd-3.3/lib/usual/base.h:229:44: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#if _COMPILER_GNUC(4,0) || __has_attribute(printf)
data/pgqd-3.3/lib/usual/base.h:230:55: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _PRINTF(fmtpos, argpos) __attribute__((format(printf, fmtpos, argpos)))
data/pgqd-3.3/lib/usual/base_win32.h:74:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf(fmt, ...) _snprintf(fmt, __VA_ARGS__)
data/pgqd-3.3/lib/usual/base_win32.h:74:28: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf(fmt, ...) _snprintf(fmt, __VA_ARGS__)
data/pgqd-3.3/lib/usual/cxalloc.c:122:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
res = vsnprintf(buf, sizeof buf, fmt, ap);
data/pgqd-3.3/lib/usual/cxalloc.c:132:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
res2 = vsnprintf(dst, res+1, fmt, ap);
data/pgqd-3.3/lib/usual/err.c:35:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, ap);
data/pgqd-3.3/lib/usual/err.c:52:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/pgqd-3.3/lib/usual/err.c:68:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, ap);
data/pgqd-3.3/lib/usual/err.c:85:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/pgqd-3.3/lib/usual/event.c:107:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), s, ap);
data/pgqd-3.3/lib/usual/event.c:123:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), s, ap);
data/pgqd-3.3/lib/usual/json.c:264:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), errmsg, ap);
data/pgqd-3.3/lib/usual/json.c:976:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = snprintf(buf, sizeof(buf), "%" PRIi64, jv->u.v_int);
data/pgqd-3.3/lib/usual/logging.c:44:9: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
#define syslog win32_eventlog
data/pgqd-3.3/lib/usual/logging.c:165:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf + pfxlen, sizeof(buf) - pfxlen, fmt, ap);
data/pgqd-3.3/lib/usual/logging.c:229:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, ap);
data/pgqd-3.3/lib/usual/logging.c:252:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, ap);
data/pgqd-3.3/lib/usual/socket_ntop.c:90:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
l = snprintf(tmp, sizeof(tmp), fmt, src[0], src[1], src[2], src[3]);
data/pgqd-3.3/lib/usual/talloc.c:1190:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(buf, sizeof(buf), fmt, ap2);
data/pgqd-3.3/lib/usual/talloc.c:1205:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(res + plen, len + 1, fmt, ap2);
data/pgqd-3.3/lib/usual/talloc.c:1323:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, ap);
data/pgqd-3.3/lib/usual/talloc.c:1338:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, ap);
data/pgqd-3.3/lib/usual/talloc.c:1351:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, ap);
data/pgqd-3.3/lib/usual/tls/tls_internal.h:164:32: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__ (printf, 2, 3)))
data/pgqd-3.3/lib/usual/tls/tls_internal.h:167:32: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__ (printf, 2, 3)))
data/pgqd-3.3/lib/usual/tls/tls_internal.h:170:32: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__ (printf, 2, 3)))
data/pgqd-3.3/src/pgqd.c:333:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(usage_str);
data/pgqd-3.3/src/pgqd.c:350:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(usage_str);
data/pgqd-3.3/src/pgqd.c:368:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(usage_str);
data/pgqd-3.3/lib/test/test_common.c:50:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("USE_LOCALE"))
data/pgqd-3.3/lib/test/test_getopt.c:35:8: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, opts, lopts, NULL);
data/pgqd-3.3/lib/test/test_getopt.c:37:8: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt(argc, argv, opts);
data/pgqd-3.3/lib/test/test_heap.c:168:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int r = random() % RSIZE;
data/pgqd-3.3/lib/test/test_heap.c:189:2: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(123123);
data/pgqd-3.3/lib/test/test_heap.c:194:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int r = random() & 15;
data/pgqd-3.3/lib/usual/base_win32.h:69:9: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define srandom(s) srand(s)
data/pgqd-3.3/lib/usual/base_win32.h:69:20: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define srandom(s) srand(s)
data/pgqd-3.3/lib/usual/base_win32.h:70:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random() rand()
data/pgqd-3.3/lib/usual/cfparser.c:477:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home = getenv("HOME");
data/pgqd-3.3/lib/usual/crypto/entropy.c:62:8: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
lib = LoadLibrary("advapi32.dll");
data/pgqd-3.3/lib/usual/dlfcn.c:29:14: [3] (misc) LoadLibraryEx:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
HMODULE h = LoadLibraryEx(fn, NULL, 0);
data/pgqd-3.3/lib/usual/getopt.c:286:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
posixly_correct = (getenv("POSIXLY_CORRECT") != NULL);
data/pgqd-3.3/lib/usual/getopt.c:464:1: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt(int nargc, char *nargv[], const char *options)
data/pgqd-3.3/lib/usual/getopt.c:475:1: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt_long(int nargc, char *nargv[], const char *options,
data/pgqd-3.3/lib/usual/getopt.h:60:9: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
#define getopt(a,b,c) usual_getopt(a,b,c)
data/pgqd-3.3/lib/usual/getopt.h:61:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
#define getopt_long(a,b,c,d,e) usual_getopt_long(a,b,c,d,e)
data/pgqd-3.3/lib/usual/getopt.h:99:5: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt(int argc, char *argv[], const char *options);
data/pgqd-3.3/lib/usual/getopt.h:102:5: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt_long(int argc, char *argv[], const char *options,
data/pgqd-3.3/lib/usual/time.c:195:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tz = getenv("TZ");
data/pgqd-3.3/src/pgqd.c:338:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "dqvhVrsk")) != -1) {
data/pgqd-3.3/lib/test/attregex/testregex.c:141:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(xstr);
data/pgqd-3.3/lib/test/attregex/testregex.c:703:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/pgqd-3.3/lib/test/attregex/testregex.c:1045:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32 * 1024];
data/pgqd-3.3/lib/test/attregex/testregex.c:1259:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unit[64];
data/pgqd-3.3/lib/test/attregex/testregex.c:1263:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pat[32 * 1024];
data/pgqd-3.3/lib/test/attregex/testregex.c:1264:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char patbuf[32 * 1024];
data/pgqd-3.3/lib/test/attregex/testregex.c:1265:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char strbuf[32 * 1024];
data/pgqd-3.3/lib/test/attregex/testregex.c:1354:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (!(fp = fopen(state.file, "r")))
data/pgqd-3.3/lib/test/attregex/testregex.c:1978:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pgqd-3.3/lib/test/compile.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pgqd-3.3/lib/test/connect-tls.c:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2*1024*1024], *ptr = buf;
data/pgqd-3.3/lib/test/connect-tls.c:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/pgqd-3.3/lib/test/test_aatree.c:52:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/pgqd-3.3/lib/test/test_cbtree.c:12:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[64];
data/pgqd-3.3/lib/test/test_cbtree.c:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/pgqd-3.3/lib/test/test_cbtree.c:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/pgqd-3.3/lib/test/test_cfparser.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pgqd-3.3/lib/test/test_cfparser.c:120:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pgqd-3.3/lib/test/test_crypto.c:28:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024 + 1];
data/pgqd-3.3/lib/test/test_cxalloc.c:8:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char logbuf[1024];
data/pgqd-3.3/lib/test/test_endian.c:57:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char res[64];
data/pgqd-3.3/lib/test/test_event.c:14:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/pgqd-3.3/lib/test/test_fileutil.c:27:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "wb+");
data/pgqd-3.3/lib/test/test_fnmatch.c:160:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pat[4096];
data/pgqd-3.3/lib/test/test_fnmatch.c:161:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[4096];
data/pgqd-3.3/lib/test/test_getopt.c:11:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char resbuf[1024];
data/pgqd-3.3/lib/test/test_getopt.c:14:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[100];
data/pgqd-3.3/lib/test/test_heap.c:53:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/pgqd-3.3/lib/test/test_json.c:11:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/pgqd-3.3/lib/test/test_json.c:79:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/pgqd-3.3/lib/test/test_json.c:103:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/pgqd-3.3/lib/test/test_json.c:217:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/pgqd-3.3/lib/test/test_json.c:365:6: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atol(k) != v)
data/pgqd-3.3/lib/test/test_pgutil.c:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pgqd-3.3/lib/test/test_pgutil.c:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pgqd-3.3/lib/test/test_pgutil.c:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pgqd-3.3/lib/test/test_pgutil.c:122:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/pgqd-3.3/lib/test/test_pgutil.c:137:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, "NULL", 5);
data/pgqd-3.3/lib/test/test_pgutil.c:141:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, s, len);
data/pgqd-3.3/lib/test/test_psrandom.c:19:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024 + 1];
data/pgqd-3.3/lib/test/test_psrandom.c:155:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s_bak, s_1024, sizeof s_bak);
data/pgqd-3.3/lib/test/test_psrandom.c:163:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s_bak, s_1024, sizeof s_bak);
data/pgqd-3.3/lib/test/test_regex.c:15:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[512];
data/pgqd-3.3/lib/test/test_shlist.c:9:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[16];
data/pgqd-3.3/lib/test/test_shlist.c:51:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char res[1024];
data/pgqd-3.3/lib/test/test_shlist.c:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/pgqd-3.3/lib/test/test_socket.c:9:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/pgqd-3.3/lib/test/test_socket.c:25:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[128];
data/pgqd-3.3/lib/test/test_socket.c:26:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[128];
data/pgqd-3.3/lib/test/test_string.c:23:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, "XXX", 4);
data/pgqd-3.3/lib/test/test_string.c:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pgqd-3.3/lib/test/test_string.c:52:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, "PFX", 4);
data/pgqd-3.3/lib/test/test_string.c:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pgqd-3.3/lib/test/test_string.c:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pgqd-3.3/lib/test/test_string.c:171:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pgqd-3.3/lib/test/test_string.c:186:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, "XXX", 4);
data/pgqd-3.3/lib/test/test_string.c:211:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pgqd-3.3/lib/test/test_string.c:233:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char copydst[1024];
data/pgqd-3.3/lib/test/test_string.c:234:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char copy[1024];
data/pgqd-3.3/lib/test/test_string.c:262:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pgqd-3.3/lib/test/test_string.c:284:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/pgqd-3.3/lib/test/test_string.c:314:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/pgqd-3.3/lib/test/test_string.c:359:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/pgqd-3.3/lib/test/test_string.c:475:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pgqd-3.3/lib/test/test_string.c:490:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/pgqd-3.3/lib/test/test_string.c:546:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/pgqd-3.3/lib/test/test_string.c:547:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char res[1024];
data/pgqd-3.3/lib/test/test_string.c:583:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/pgqd-3.3/lib/test/test_talloc.c:17:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char log_buf[1024];
data/pgqd-3.3/lib/test/test_talloc.c:29:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/pgqd-3.3/lib/test/test_talloc.c:179:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/pgqd-3.3/lib/test/test_time.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pgqd-3.3/lib/test/test_tls.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[1024];
data/pgqd-3.3/lib/test/test_tls.c:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char showbuf[1024];
data/pgqd-3.3/lib/test/test_tls.c:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/pgqd-3.3/lib/test/test_tls.c:100:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/pgqd-3.3/lib/test/test_tls.c:269:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pgqd-3.3/lib/test/test_tls.c:341:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexbuf[256];
data/pgqd-3.3/lib/test/test_tls.c:364:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/pgqd-3.3/lib/test/test_tls.c:406:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32];
data/pgqd-3.3/lib/test/test_tls.c:973:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/pgqd-3.3/lib/test/test_utf8.c:10:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2] = { a, 0 };
data/pgqd-3.3/lib/test/test_utf8.c:17:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3] = { a, b, 0 };
data/pgqd-3.3/lib/test/test_utf8.c:24:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4] = { a, b, c, 0 };
data/pgqd-3.3/lib/test/test_utf8.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5] = { a, b, c, d, 0 };
data/pgqd-3.3/lib/test/test_utf8.c:38:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[8];
data/pgqd-3.3/lib/test/test_utf8.c:132:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char res[64];
data/pgqd-3.3/lib/test/test_utf8.c:133:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8];
data/pgqd-3.3/lib/test/test_wchar.c:14:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char out[128];
data/pgqd-3.3/lib/test/test_wchar.c:15:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t tmp[128];
data/pgqd-3.3/lib/test/test_wchar.c:78:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char out[128];
data/pgqd-3.3/lib/test/test_wchar.c:79:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t tmp[128];
data/pgqd-3.3/lib/test/tinytest.c:112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[LONGEST_TEST_NAME+256];
data/pgqd-3.3/lib/test/tinytest.c:162:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[1];
data/pgqd-3.3/lib/test/tinytest.c:176:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[1];
data/pgqd-3.3/lib/test/tinytest.c:248:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullname[LONGEST_TEST_NAME];
data/pgqd-3.3/lib/test/tinytest_demo.c:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer1[512];
data/pgqd-3.3/lib/test/tinytest_demo.c:100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer2[512];
data/pgqd-3.3/lib/test/tinytest_demo.c:147:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(db->buffer1, "String 0");
data/pgqd-3.3/lib/test/tinytest_demo.c:148:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(db->buffer2, db->buffer1, sizeof(db->buffer1));
data/pgqd-3.3/lib/usual/cfparser.c:469:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, value + 1, usr_len);
data/pgqd-3.3/lib/usual/cfparser.c:492:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, home, home_len);
data/pgqd-3.3/lib/usual/cfparser.c:493:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + home_len, value + usr_len + 1, v_len - usr_len - 1);
data/pgqd-3.3/lib/usual/crypto/chacha.c:91:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->state[0], "expand 32-byte k", 16);
data/pgqd-3.3/lib/usual/crypto/chacha.c:92:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->state[4], key, 32);
data/pgqd-3.3/lib/usual/crypto/chacha.c:103:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->state[0], "expand 16-byte k", 16);
data/pgqd-3.3/lib/usual/crypto/chacha.c:104:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->state[4], key, 16);
data/pgqd-3.3/lib/usual/crypto/chacha.c:105:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->state[8], key, 16);
data/pgqd-3.3/lib/usual/crypto/chacha.c:139:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, ks + ctx->pos, n);
data/pgqd-3.3/lib/usual/crypto/csrandom.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/pgqd-3.3/lib/usual/crypto/entropy.c:132:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(dev, oflags);
data/pgqd-3.3/lib/usual/crypto/hmac.c:61:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hmac->opad, hmac->ipad, digest_result_len(hash));
data/pgqd-3.3/lib/usual/crypto/hmac.c:63:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hmac->ipad, key, key_len);
data/pgqd-3.3/lib/usual/crypto/hmac.c:64:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hmac->opad, key, key_len);
data/pgqd-3.3/lib/usual/crypto/keccak.c:1237:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, lanebuf + ofs%8, n);
data/pgqd-3.3/lib/usual/crypto/keccak.c:1253:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, lanebuf, count);
data/pgqd-3.3/lib/usual/crypto/md5.c:161:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + bufpos(ctx), ptr, n);
data/pgqd-3.3/lib/usual/crypto/sha1.c:112:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst + bufpos(ctx), src, n);
data/pgqd-3.3/lib/usual/crypto/sha256.c:125:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->state, H256, sizeof(H256));
data/pgqd-3.3/lib/usual/crypto/sha256.c:139:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst + bufpos(ctx), src, n);
data/pgqd-3.3/lib/usual/crypto/sha256.c:179:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->state, H224, sizeof(H224));
data/pgqd-3.3/lib/usual/crypto/sha256.c:191:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, buf, SHA224_DIGEST_LENGTH);
data/pgqd-3.3/lib/usual/crypto/sha512.c:143:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->state, H512, sizeof(H512));
data/pgqd-3.3/lib/usual/crypto/sha512.c:157:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst + bufpos(ctx), src, n);
data/pgqd-3.3/lib/usual/crypto/sha512.c:196:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->state, H384, sizeof(H384));
data/pgqd-3.3/lib/usual/crypto/sha512.c:208:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, buf, SHA384_DIGEST_LENGTH);
data/pgqd-3.3/lib/usual/cxalloc.c:79:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, src, len);
data/pgqd-3.3/lib/usual/cxalloc.c:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128], *dst;
data/pgqd-3.3/lib/usual/cxalloc.c:130:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, buf, res+1);
data/pgqd-3.3/lib/usual/cxextra.c:174:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, ptr, olen);
data/pgqd-3.3/lib/usual/cxextra.c:186:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, ptr, olen);
data/pgqd-3.3/lib/usual/daemon.c:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128 + 1];
data/pgqd-3.3/lib/usual/daemon.c:69:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pidfile, O_RDONLY);
data/pgqd-3.3/lib/usual/daemon.c:113:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/pgqd-3.3/lib/usual/daemon.c:135:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pidfile, flags, 0644);
data/pgqd-3.3/lib/usual/daemon.c:186:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/null", O_RDWR);
data/pgqd-3.3/lib/usual/endian.h:325:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &tmp, sizeof(tmp));
data/pgqd-3.3/lib/usual/endian.h:332:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &tmp, sizeof(tmp));
data/pgqd-3.3/lib/usual/endian.h:339:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &tmp, sizeof(tmp));
data/pgqd-3.3/lib/usual/endian.h:346:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &tmp, sizeof(tmp));
data/pgqd-3.3/lib/usual/endian.h:353:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &tmp, sizeof(tmp));
data/pgqd-3.3/lib/usual/endian.h:360:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &tmp, sizeof(tmp));
data/pgqd-3.3/lib/usual/endian.h:366:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &x, sizeof(x));
data/pgqd-3.3/lib/usual/endian.h:372:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &x, sizeof(x));
data/pgqd-3.3/lib/usual/endian.h:378:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &x, sizeof(x));
data/pgqd-3.3/lib/usual/err.c:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], ebuf[256];
data/pgqd-3.3/lib/usual/err.c:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], ebuf[256];
data/pgqd-3.3/lib/usual/event.c:104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/pgqd-3.3/lib/usual/event.c:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], tval[128];
data/pgqd-3.3/lib/usual/fileutil.c:48:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fn, "r");
data/pgqd-3.3/lib/usual/fileutil.c:77:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(fn, "rb");
data/pgqd-3.3/lib/usual/fileutil.c:117:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m->fd = open(fname, rw ? O_RDWR : O_RDONLY);
data/pgqd-3.3/lib/usual/fnmatch.c:240:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t pbuf[128];
data/pgqd-3.3/lib/usual/fnmatch.c:241:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t sbuf[128];
data/pgqd-3.3/lib/usual/getopt.c:139:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char **) nargv)[pos] = nargv[cstart];
data/pgqd-3.3/lib/usual/getopt.c:141:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char **)nargv)[cstart] = swap;
data/pgqd-3.3/lib/usual/hashing/lookup3.c:56:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, p, 12);
data/pgqd-3.3/lib/usual/hashing/spooky.c:213:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, message, length);
data/pgqd-3.3/lib/usual/hashing/spooky.c:302:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, u.p64, sc_blockSize);
data/pgqd-3.3/lib/usual/hashing/spooky.c:310:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, end, remainder);
data/pgqd-3.3/lib/usual/json.c:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[128];
data/pgqd-3.3/lib/usual/json.c:251:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, endptr - src);
data/pgqd-3.3/lib/usual/json.c:261:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pgqd-3.3/lib/usual/json.c:469:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&t_got, src, 4);
data/pgqd-3.3/lib/usual/json.c:488:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[NUMBER_BUF];
data/pgqd-3.3/lib/usual/json.c:508:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, start, len);
data/pgqd-3.3/lib/usual/json.c:801:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char STATE_STEPS[MAX_STATES][MAX_TOKENS] = {
data/pgqd-3.3/lib/usual/json.c:973:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[NUMBER_BUF];
data/pgqd-3.3/lib/usual/json.c:984:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[NUMBER_BUF + 2];
data/pgqd-3.3/lib/usual/json.c:1000:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/pgqd-3.3/lib/usual/json.c:1604:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(get_cstring(jv), val, len + 1);
data/pgqd-3.3/lib/usual/logging.c:147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048], buf2[2048];
data/pgqd-3.3/lib/usual/logging.c:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebuf[256];
data/pgqd-3.3/lib/usual/logging.c:149:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timebuf[64];
data/pgqd-3.3/lib/usual/logging.c:185:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
log_file = fopen(cf_logfile, "a");
data/pgqd-3.3/lib/usual/logging.c:218:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048], ebuf[256];
data/pgqd-3.3/lib/usual/logging.c:247:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/pgqd-3.3/lib/usual/logging.c:248:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *strlist[1] = { buf };
data/pgqd-3.3/lib/usual/mbuf.h:269:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->data + buf->write_pos, ptr, len);
data/pgqd-3.3/lib/usual/mdict.c:86:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vptr, val, vlen);
data/pgqd-3.3/lib/usual/mdict.c:97:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(kptr, key, klen);
data/pgqd-3.3/lib/usual/netdb.c:134:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rq->list, list, sizeof(struct gaicb *));
data/pgqd-3.3/lib/usual/pgsocket.c:360:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * args[MAX_QRY_ARGS];
data/pgqd-3.3/lib/usual/pgutil.c:26:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_dst, "NULL", 5);
data/pgqd-3.3/lib/usual/pgutil.c:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scmbuf[128];
data/pgqd-3.3/lib/usual/pgutil.c:123:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(scmbuf, _src, scmlen);
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:118:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str16[sizeof("treat")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:119:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str22[sizeof("true")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:120:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str24[sizeof("or")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:121:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str27[sizeof("order")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:122:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str28[sizeof("not")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:123:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str29[sizeof("to")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:124:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str30[sizeof("left")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:125:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str31[sizeof("least")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:126:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str32[sizeof("real")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:127:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str33[sizeof("join")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:128:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str34[sizeof("on")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:129:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str36[sizeof("none")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:130:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str37[sizeof("else")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:131:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str39[sizeof("right")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:132:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str41[sizeof("select")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:133:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str42[sizeof("int")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:134:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str43[sizeof("time")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:135:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str44[sizeof("inout")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:136:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str45[sizeof("some")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:137:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str46[sizeof("inner")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:138:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str47[sizeof("limit")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:139:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str48[sizeof("in")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:140:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str51[sizeof("nchar")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:141:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str52[sizeof("into")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:142:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str53[sizeof("like")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:143:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str54[sizeof("ilike")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:144:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str55[sizeof("notnull")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:145:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str56[sizeof("table")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:146:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str57[sizeof("localtime")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:147:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str58[sizeof("integer")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:148:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str60[sizeof("cross")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:149:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str62[sizeof("create")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:150:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str63[sizeof("collate")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:151:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str64[sizeof("references")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:152:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str66[sizeof("is")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:153:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str67[sizeof("all")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:154:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str68[sizeof("analyze")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:155:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str69[sizeof("column")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:156:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str70[sizeof("intersect")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:157:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str71[sizeof("constraint")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:158:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str72[sizeof("except")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:159:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str73[sizeof("grant")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:160:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str75[sizeof("trim")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:161:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str76[sizeof("cast")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:162:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str77[sizeof("isnull")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:163:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str78[sizeof("as")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:164:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str79[sizeof("national")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:165:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str80[sizeof("coalesce")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:166:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str83[sizeof("case")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:167:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str84[sizeof("analyse")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:168:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str85[sizeof("row")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:169:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str86[sizeof("greatest")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:170:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str87[sizeof("end")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:171:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str88[sizeof("new")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:172:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str89[sizeof("out")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:173:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str90[sizeof("do")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:174:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str91[sizeof("asc")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:175:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str92[sizeof("old")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:176:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str93[sizeof("outer")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:177:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str95[sizeof("similar")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:178:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str96[sizeof("union")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:179:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str97[sizeof("default")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:180:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str98[sizeof("null")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:181:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str99[sizeof("user")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:182:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str100[sizeof("leading")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:183:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str101[sizeof("extract")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:184:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str102[sizeof("trailing")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:185:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str103[sizeof("only")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:186:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str104[sizeof("exists")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:187:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str106[sizeof("natural")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:188:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str107[sizeof("unique")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:189:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str108[sizeof("dec")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:190:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str109[sizeof("desc")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:191:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str111[sizeof("distinct")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:192:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str112[sizeof("deferrable")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:193:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str115[sizeof("and")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:194:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str116[sizeof("for")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:195:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str117[sizeof("float")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:196:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str119[sizeof("smallint")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:197:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str120[sizeof("offset")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:198:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str122[sizeof("localtimestamp")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:199:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str123[sizeof("precision")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:200:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str125[sizeof("array")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:201:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str126[sizeof("position")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:202:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str127[sizeof("freeze")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:203:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str128[sizeof("any")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:204:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str129[sizeof("session_user")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:205:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str130[sizeof("setof")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:206:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str132[sizeof("decimal")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:207:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str133[sizeof("xmlforest")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:208:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str134[sizeof("asymmetric")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:209:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str135[sizeof("xmlroot")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:210:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str136[sizeof("xmlparse")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:211:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str137[sizeof("current_time")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:212:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str138[sizeof("xmlconcat")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:213:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str139[sizeof("current_role")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:214:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str140[sizeof("group")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:215:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str142[sizeof("then")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:216:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str144[sizeof("xmlpi")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:217:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str145[sizeof("numeric")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:218:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str146[sizeof("xmlelement")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:219:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str147[sizeof("concurrently")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:220:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str149[sizeof("false")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:221:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str152[sizeof("over")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:222:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str153[sizeof("xmlserialize")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:223:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str154[sizeof("returning")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:224:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str155[sizeof("using")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:225:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str157[sizeof("bit")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:226:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str160[sizeof("placing")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:227:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str162[sizeof("between")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:228:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str163[sizeof("bigint")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:229:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str164[sizeof("primary")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:230:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str165[sizeof("char")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:231:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str166[sizeof("check")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:232:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str168[sizeof("from")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:233:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str170[sizeof("symmetric")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:234:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str175[sizeof("authorization")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:235:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str177[sizeof("verbose")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:236:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str181[sizeof("timestamp")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:237:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str183[sizeof("current_schema")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:238:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str184[sizeof("full")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:239:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str185[sizeof("foreign")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:240:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str186[sizeof("xmlexists")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:241:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str188[sizeof("interval")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:242:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str192[sizeof("boolean")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:243:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str198[sizeof("current_date")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:244:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str200[sizeof("current_user")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:245:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str202[sizeof("current_timestamp")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:246:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str204[sizeof("when")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:247:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str205[sizeof("where")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:248:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str206[sizeof("character")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:249:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str207[sizeof("off")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:250:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str208[sizeof("overlaps")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:251:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str213[sizeof("values")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:252:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str218[sizeof("current_catalog")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:253:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str219[sizeof("varchar")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:254:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str220[sizeof("with")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:255:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str224[sizeof("substring")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:256:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str227[sizeof("window")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:257:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str236[sizeof("fetch")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:258:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str237[sizeof("initially")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:259:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str265[sizeof("overlay")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:260:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str266[sizeof("both")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:261:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str272[sizeof("variadic")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:262:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str273[sizeof("xmlattributes")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:263:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str279[sizeof("nullif")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:264:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str289[sizeof("having")];
data/pgqd-3.3/lib/usual/pgutil_kwlookup.h:265:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgkw_str311[sizeof("binary")];
data/pgqd-3.3/lib/usual/regex.c:417:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char name[7];
data/pgqd-3.3/lib/usual/safeio.c:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebuf[128];
data/pgqd-3.3/lib/usual/safeio.c:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebuf[128];
data/pgqd-3.3/lib/usual/safeio.c:103:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebuf[128];
data/pgqd-3.3/lib/usual/safeio.c:120:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebuf[128];
data/pgqd-3.3/lib/usual/safeio.c:137:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebuf[128];
data/pgqd-3.3/lib/usual/safeio.c:166:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pgqd-3.3/lib/usual/safeio.c:167:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebuf[128];
data/pgqd-3.3/lib/usual/safeio.c:184:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pgqd-3.3/lib/usual/safeio.c:185:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebuf[128];
data/pgqd-3.3/lib/usual/slab.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/pgqd-3.3/lib/usual/slab.c:82:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(slab->name, name, slen);
data/pgqd-3.3/lib/usual/socket.c:158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pgqd-3.3/lib/usual/socket_ntop.c:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[sizeof "255.255.255.255"];
data/pgqd-3.3/lib/usual/socket_ntop.c:115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"];
data/pgqd-3.3/lib/usual/socket_pton.c:116:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, tmp, INADDRSZ);
data/pgqd-3.3/lib/usual/socket_pton.c:220:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, tmp, IN6ADDRSZ);
data/pgqd-3.3/lib/usual/socket_win32.h:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sun_path[128];
data/pgqd-3.3/lib/usual/string.c:200:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, len + 1);
data/pgqd-3.3/lib/usual/string.c:202:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, n - 1);
data/pgqd-3.3/lib/usual/string.c:242:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, n);
data/pgqd-3.3/lib/usual/string.c:325:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/pgqd-3.3/lib/usual/string.c:329:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return memcpy(buf, ".", 2);
data/pgqd-3.3/lib/usual/string.c:341:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, p2 - len, len);
data/pgqd-3.3/lib/usual/string.c:356:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/pgqd-3.3/lib/usual/string.c:359:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return memcpy(buf, ".", 2);
data/pgqd-3.3/lib/usual/string.c:366:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return memcpy(buf, "/", 2);
data/pgqd-3.3/lib/usual/string.c:370:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return memcpy(buf, ".", 2);
data/pgqd-3.3/lib/usual/string.c:375:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return memcpy(buf, "/", 2);
data/pgqd-3.3/lib/usual/string.c:382:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, path, len);
data/pgqd-3.3/lib/usual/string.c:391:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/pgqd-3.3/lib/usual/string.c:480:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pgqd-3.3/lib/usual/string.c:517:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, dp, dplen);
data/pgqd-3.3/lib/usual/strpool.c:109:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cstr->str, str, len + 1);
data/pgqd-3.3/lib/usual/strpool.h:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[FLEX_ARRAY];
data/pgqd-3.3/lib/usual/talloc.c:1088:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res, src, len);
data/pgqd-3.3/lib/usual/talloc.c:1110:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res, s, len);
data/pgqd-3.3/lib/usual/talloc.c:1150:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr + plen, s, slen + 1);
data/pgqd-3.3/lib/usual/talloc.c:1183:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pgqd-3.3/lib/usual/talloc.c:1202:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res + plen, buf, len + 1);
data/pgqd-3.3/lib/usual/talloc.c:1317:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pgqd-3.3/lib/usual/talloc.c:1332:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pgqd-3.3/lib/usual/talloc.c:1347:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pgqd-3.3/lib/usual/talloc.c:1515:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char limitbuf[128];
data/pgqd-3.3/lib/usual/time.c:192:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128], *tz, *old = NULL;
data/pgqd-3.3/lib/usual/tls/tls_cert.c:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tmp, buf[64];
data/pgqd-3.3/lib/usual/tls/tls_cert.c:211:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cstr, data, len);
data/pgqd-3.3/lib/usual/tls/tls_cert.c:308:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)slot->name_value, data, len);
data/pgqd-3.3/lib/usual/tls/tls_compat.c:355:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/pgqd-3.3/lib/usual/tls/tls_compat.c:376:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, src, len);
data/pgqd-3.3/lib/usual/tls/tls_config.c:44:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, in, len);
data/pgqd-3.3/lib/usual/tls/tls_conninfo.c:60:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char d[EVP_MAX_MD_SIZE];
data/pgqd-3.3/lib/usual/tls/tls_ocsp.c:412:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xmem, mem, len);
data/pgqd-3.3/lib/usual/tls/tls_ocsp.c:520:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q->request_data, data, q->request_size);
data/pgqd-3.3/lib/usual/tls/tls_server.c:59:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sid[SSL_MAX_SSL_SESSION_ID_LENGTH];
data/pgqd-3.3/lib/usual/tls/tls_util.c:124:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(name, O_RDONLY)) == -1)
data/pgqd-3.3/lib/usual/tls/tls_util.c:159:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, data, size);
data/pgqd-3.3/lib/usual/tls/tls_util.c:186:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dh[64];
data/pgqd-3.3/lib/usual/wchar.c:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/pgqd-3.3/src/maint.c:65:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (PQntuples(res) == 1 && atoi(PQgetvalue(res, 0, 0)) == 1)
data/pgqd-3.3/src/maint.c:121:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/pgqd-3.3/src/maint.c:122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[256];
data/pgqd-3.3/src/maint.c:128:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (val && atoi(val)) {
data/pgqd-3.3/src/maint.c:233:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qbuf[256];
data/pgqd-3.3/src/pgqd.c:143:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[512];
data/pgqd-3.3/src/retry.c:22:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stats.n_retry += atoi(val);
data/pgqd-3.3/lib/test/attregex/testregex.c:597:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen((char*)u);
data/pgqd-3.3/lib/test/attregex/testregex.c:689:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (comment[strlen(comment)-1] == '\n')
data/pgqd-3.3/lib/test/attregex/testregex.c:1056:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s);
data/pgqd-3.3/lib/test/attregex/testregex.c:1830:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (nstr != strlen(s))
data/pgqd-3.3/lib/test/attregex/testregex.c:1929:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (nstr >= 0 && nstr != strlen(s))
data/pgqd-3.3/lib/test/attregex/testregex.c:1997:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i != (strlen(ans) + 1))
data/pgqd-3.3/lib/test/attregex/testregex.c:2249:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nexec = nstr >= 0 ? nstr : strlen(s);
data/pgqd-3.3/lib/test/test_cbtree.c:28:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
node->len = strlen(node->str);
data/pgqd-3.3/lib/test/test_cbtree.c:51:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = cbtree_lookup(tree, buf, strlen(buf));
data/pgqd-3.3/lib/test/test_cbtree.c:69:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
my = cbtree_lookup(tree, buf, strlen(buf));
data/pgqd-3.3/lib/test/test_cbtree.c:72:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cbtree_delete(tree, buf, strlen(buf));
data/pgqd-3.3/lib/test/test_cbtree.c:73:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cbtree_lookup(tree, buf, strlen(buf)) != NULL)
data/pgqd-3.3/lib/test/test_crypto.c:86:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(hexstr) / 2;
data/pgqd-3.3/lib/test/test_crypto.c:92:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/pgqd-3.3/lib/test/test_crypto.c:391:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(hex) / 2;
data/pgqd-3.3/lib/test/test_crypto.c:472:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(str);
data/pgqd-3.3/lib/test/test_crypto.c:475:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ctx = hmac_new(impl, key, strlen(key), NULL);
data/pgqd-3.3/lib/test/test_crypto.c:532:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keccak_prng_add_data(&state, ent, strlen(ent));
data/pgqd-3.3/lib/test/test_crypto.c:552:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keccak_prng_add_data(&state, ent2, strlen(ent2));
data/pgqd-3.3/lib/test/test_crypto.c:565:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int klen = strlen(key) / 2;
data/pgqd-3.3/lib/test/test_crypto.c:572:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(iv) != 8*2)
data/pgqd-3.3/lib/test/test_cxalloc.c:18:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(logbuf);
data/pgqd-3.3/lib/test/test_fileutil.c:29:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(fdata, 1, strlen(fdata), f);
data/pgqd-3.3/lib/test/test_fileutil.c:38:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tt_assert(file_size(filename) == (int)strlen(fdata));
data/pgqd-3.3/lib/test/test_hashing.c:10:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return calc_crc32(s, strlen(s), 0);
data/pgqd-3.3/lib/test/test_hashing.c:15:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return hash_lookup3(s, strlen(s));
data/pgqd-3.3/lib/test/test_json.c:15:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
obj = json_parse(ctx, json, strlen(json));
data/pgqd-3.3/lib/test/test_json.c:55:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(buf + i, buf + j, strlen(buf + j) + 1);
data/pgqd-3.3/lib/test/test_json.c:87:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
obj = json_parse(ctx, json, strlen(json));
data/pgqd-3.3/lib/test/test_json.c:284:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dict = json_parse(ctx, json, strlen(json));
data/pgqd-3.3/lib/test/test_json.c:393:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dict = json_parse(ctx, json, strlen(json)); tt_assert(dict);
data/pgqd-3.3/lib/test/test_json.c:398:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list = json_parse(ctx, json2, strlen(json2)); tt_assert(list);
data/pgqd-3.3/lib/test/test_mdict.c:44:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int_check(mdict_urldecode(d, s, strlen(s)), 1);
data/pgqd-3.3/lib/test/test_netdb.c:40:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000);
data/pgqd-3.3/lib/test/test_pgutil.c:140:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/pgqd-3.3/lib/test/test_string.c:104:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tt_assert(strlen(strerror_r(EINTR, buf, sizeof(buf))) != 0);
data/pgqd-3.3/lib/test/test_string.c:128:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *r = memmem(s, strlen(s), q, strlen(q));
data/pgqd-3.3/lib/test/test_string.c:128:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *r = memmem(s, strlen(s), q, strlen(q));
data/pgqd-3.3/lib/test/test_string.c:354:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return mbuf_write(mb, s, strlen(s));
data/pgqd-3.3/lib/test/test_talloc.c:168:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!mbuf_write(st->dst, name, strlen(name)))
data/pgqd-3.3/lib/test/test_time.c:17:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(USEC / 4);
data/pgqd-3.3/lib/test/test_tls.c:982:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp.length = strlen(val+2);
data/pgqd-3.3/lib/test/tinytest.c:180:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(outcome_pipe[0], b, 1);
data/pgqd-3.3/lib/usual/base.c:36:6: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
p = memalign(align, len);
data/pgqd-3.3/lib/usual/cfparser.c:459:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
v_len = strlen(value);
data/pgqd-3.3/lib/usual/cfparser.c:488:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
home_len = strlen(home);
data/pgqd-3.3/lib/usual/crypto/entropy.c:197:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
res = read(fd, d, need);
data/pgqd-3.3/lib/usual/cxalloc.c:85:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return cx_memdup(cx, s, strlen(s) + 1);
data/pgqd-3.3/lib/usual/daemon.c:72:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
res = read(fd, buf, sizeof(buf) - 1);
data/pgqd-3.3/lib/usual/daemon.c:138:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/pgqd-3.3/lib/usual/fileutil.c:166:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(p);
data/pgqd-3.3/lib/usual/fnmatch.c:242:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int plen = strlen(pat);
data/pgqd-3.3/lib/usual/fnmatch.c:243:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = strlen(str);
data/pgqd-3.3/lib/usual/getopt.c:169:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_argv_len = strlen(current_argv);
data/pgqd-3.3/lib/usual/getopt.c:177:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(long_options[i].name) == current_argv_len) {
data/pgqd-3.3/lib/usual/hashing/memhash.c:54:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return memhash(s, strlen(s));
data/pgqd-3.3/lib/usual/json.c:1273:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
klen = strlen(key);
data/pgqd-3.3/lib/usual/json.c:1293:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!dict_getter(dict, key, strlen(key), &val, JSON_BOOL, true))
data/pgqd-3.3/lib/usual/json.c:1302:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!dict_getter(dict, key, strlen(key), &val, JSON_INT, true))
data/pgqd-3.3/lib/usual/json.c:1311:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!dict_getter(dict, key, strlen(key), &val, JSON_FLOAT, true))
data/pgqd-3.3/lib/usual/json.c:1320:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!dict_getter(dict, key, strlen(key), &val, JSON_STRING, true))
data/pgqd-3.3/lib/usual/json.c:1327:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return dict_getter(dict, key, strlen(key), dst_p, JSON_LIST, true);
data/pgqd-3.3/lib/usual/json.c:1332:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return dict_getter(dict, key, strlen(key), dst_p, JSON_DICT, true);
data/pgqd-3.3/lib/usual/json.c:1343:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!dict_getter(dict, key, strlen(key), &val, JSON_BOOL, false))
data/pgqd-3.3/lib/usual/json.c:1352:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!dict_getter(dict, key, strlen(key), &val, JSON_INT, false))
data/pgqd-3.3/lib/usual/json.c:1361:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!dict_getter(dict, key, strlen(key), &val, JSON_FLOAT, false))
data/pgqd-3.3/lib/usual/json.c:1370:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!dict_getter(dict, key, strlen(key), &val, JSON_STRING, false))
data/pgqd-3.3/lib/usual/json.c:1379:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!dict_getter(dict, key, strlen(key), &val, JSON_LIST, false))
data/pgqd-3.3/lib/usual/json.c:1390:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!dict_getter(dict, key, strlen(key), &val, JSON_DICT, false))
data/pgqd-3.3/lib/usual/json.c:1598:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(val);
data/pgqd-3.3/lib/usual/mbuf.h:143:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mbuf_init_fixed_reader(&tmp, s, strlen(s));
data/pgqd-3.3/lib/usual/mdict.h:62:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return mdict_get_str(dict, key, strlen(key));
data/pgqd-3.3/lib/usual/mdict.h:68:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned klen = strlen(key);
data/pgqd-3.3/lib/usual/mdict.h:69:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned vlen = val ? strlen(val) : 0;
data/pgqd-3.3/lib/usual/mdict.h:76:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned klen = strlen(key);
data/pgqd-3.3/lib/usual/mdict.h:85:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return mdict_del_key(dict, key, strlen(key));
data/pgqd-3.3/lib/usual/pgutil.c:133:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
scmlen = strlen(_dst);
data/pgqd-3.3/lib/usual/pgutil.c:286:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *kw = pg_keyword_lookup_real(str, strlen(str));
data/pgqd-3.3/lib/usual/safeio.c:35:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
res = read(fd, buf, len);
data/pgqd-3.3/lib/usual/slab.c:71:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned slen = strlen(name);
data/pgqd-3.3/lib/usual/socket_ntop.c:180:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp += strlen(tp);
data/pgqd-3.3/lib/usual/string.c:198:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(src);
data/pgqd-3.3/lib/usual/string.c:362:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/pgqd-3.3/lib/usual/string.c:511:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dplen = dp[1] ? strlen(dp) : 1;
data/pgqd-3.3/lib/usual/string.c:566:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dplen = dp[1] ? strlen(dp) : 1;
data/pgqd-3.3/lib/usual/string.c:571:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p + 1, p + dplen, strlen(p + dplen) + 1);
data/pgqd-3.3/lib/usual/strpool.c:93:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/pgqd-3.3/lib/usual/time.h:80:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
#define usleep(x) usual_usleep(x)
data/pgqd-3.3/lib/usual/time.h:83:20: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
static inline void usleep(long usec) { Sleep(usec / 1000); }
data/pgqd-3.3/lib/usual/tls/tls_compat.c:87:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bio = BIO_new_mem_buf((char *)buf, strlen(buf));
data/pgqd-3.3/lib/usual/tls/tls_util.c:134:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, buf, size) != (ssize_t)size)
data/pgqd-3.3/lib/usual/tls/tls_verify.c:73:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (domain == NULL || strlen(domain) == 1)
data/pgqd-3.3/lib/usual/tls/tls_verify.c:127:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len < 0 || len != (int)strlen(data)) {
data/pgqd-3.3/lib/usual/tls/tls_verify.c:220:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (common_name_len != (int)strlen(common_name)) {
data/pgqd-3.3/lib/usual/wchar.c:34:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len = strlen(str);
ANALYSIS SUMMARY:
Hits = 554
Lines analyzed = 43108 in approximately 1.14 seconds (37752 lines/second)
Physical Source Lines of Code (SLOC) = 29685
Hits@level = [0] 236 [1] 95 [2] 400 [3] 21 [4] 37 [5] 1
Hits@level+ = [0+] 790 [1+] 554 [2+] 459 [3+] 59 [4+] 38 [5+] 1
Hits/KSLOC@level+ = [0+] 26.6128 [1+] 18.6626 [2+] 15.4624 [3+] 1.98754 [4+] 1.28011 [5+] 0.033687
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.