Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/pgreplay-1.2.0/database.c Examining data/pgreplay-1.2.0/parse.c Examining data/pgreplay-1.2.0/replayitem.c Examining data/pgreplay-1.2.0/main.c Examining data/pgreplay-1.2.0/pgreplay.h Examining data/pgreplay-1.2.0/windows.c Examining data/pgreplay-1.2.0/replayfile.c FINAL RESULTS: data/pgreplay-1.2.0/database.c:461:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(conn->errmsg, p1); data/pgreplay-1.2.0/database.c:752:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(connstr, conn_string); data/pgreplay-1.2.0/parse.c:247:2: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(s, UINT32_FORMAT, &part1); data/pgreplay-1.2.0/parse.c:248:2: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(s1, UINT32_FORMAT, &part2); data/pgreplay-1.2.0/parse.c:279:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, peekbuf); data/pgreplay-1.2.0/parse.c:376:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(line, buf); data/pgreplay-1.2.0/parse.c:507:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(user, part2); data/pgreplay-1.2.0/parse.c:516:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(database, part3); data/pgreplay-1.2.0/parse.c:673:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(user, part[1]); data/pgreplay-1.2.0/parse.c:682:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(database, part[2]); data/pgreplay-1.2.0/parse.c:746:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pstmt->name, name); data/pgreplay-1.2.0/parse.c:1440:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, namep); data/pgreplay-1.2.0/pgreplay.h:81:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, format, __VA_ARGS__); \ data/pgreplay-1.2.0/replayitem.c:67:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((r->data)[0], user); data/pgreplay-1.2.0/replayitem.c:77:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((r->data)[1], database); data/pgreplay-1.2.0/replayitem.c:113:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((r->data)[0], statement); data/pgreplay-1.2.0/replayitem.c:136:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((r->data)[0], statement); data/pgreplay-1.2.0/replayitem.c:146:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((r->data)[1], name); data/pgreplay-1.2.0/replayitem.c:169:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((r->data)[0], name); data/pgreplay-1.2.0/replayitem.c:185:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((r->data)[i], values[i-1]); data/pgreplay-1.2.0/main.c:101:22: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while (-1 != (arg = getopt(argc, argv, "vfro:h:p:W:s:E:d:cb:e:qj"))) { data/pgreplay-1.2.0/windows.c:19:19: [3] (misc) LoadLibraryEx: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. sock_err_mod = LoadLibraryEx( data/pgreplay-1.2.0/database.c:299:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (sprintf(conn_string, "port=%d", port) < 0) { data/pgreplay-1.2.0/database.c:385:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *connstr, *p1, errbuf[256]; data/pgreplay-1.2.0/parse.c:150:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[24] = { '\0' }; /* modifiable copy of source */ data/pgreplay-1.2.0/parse.c:151:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char errmsg[BUFLEN]; data/pgreplay-1.2.0/parse.c:157:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(errmsg, "NULL passed as timestamp string"); data/pgreplay-1.2.0/parse.c:162:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmsg, "timestamp string is less than %lu characters long", (unsigned long)strlen(format)); data/pgreplay-1.2.0/parse.c:167:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmsg, "timestamp string is more than %d characters long", BUFLEN-1); data/pgreplay-1.2.0/parse.c:175:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmsg, "character %d in timestamp string is '%c', expected digit", i+1, source[i]); data/pgreplay-1.2.0/parse.c:182:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmsg, "character %d in timestamp string is '%c', expected '%c'", i+1, source[i], format[i]); data/pgreplay-1.2.0/parse.c:190:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tm.tm_year = atoi(s) - 1900; data/pgreplay-1.2.0/parse.c:191:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tm.tm_mon = atoi(s + 5) - 1; data/pgreplay-1.2.0/parse.c:192:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tm.tm_mday = atoi(s + 8); data/pgreplay-1.2.0/parse.c:193:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tm.tm_hour = atoi(s + 11); data/pgreplay-1.2.0/parse.c:194:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tm.tm_min = atoi(s + 14); data/pgreplay-1.2.0/parse.c:195:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tm.tm_sec = atoi(s + 17); data/pgreplay-1.2.0/parse.c:200:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dest->tv_usec = atoi(s + 20) * 1000; data/pgreplay-1.2.0/parse.c:207:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[BUFLEN]; /* modifiable copy of source */ data/pgreplay-1.2.0/parse.c:208:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char errmsg[BUFLEN]; data/pgreplay-1.2.0/parse.c:215:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(errmsg, "NULL passed as session id string"); data/pgreplay-1.2.0/parse.c:220:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmsg, "session id string is more than %d characters long", BUFLEN); data/pgreplay-1.2.0/parse.c:230:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmsg, "character %d in session id string is '%c', expected hex digit", i+1, c); data/pgreplay-1.2.0/parse.c:237:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(errmsg, "Missing \".\" in session id string"); data/pgreplay-1.2.0/parse.c:242:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(errmsg, "none of the parts of a session id string may be longer than 8 hex digits"); data/pgreplay-1.2.0/parse.c:259:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *line, buf[BUFLEN] = { '\0' }, *p; data/pgreplay-1.2.0/parse.c:263:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char peekbuf[BUFLEN] = { '\0' }; data/pgreplay-1.2.0/parse.c:1247:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (-1 == (infile = open(in, O_RDONLY))) { data/pgreplay-1.2.0/replayfile.c:136:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (-1 == (filed = open(infile, O_RDONLY data/pgreplay-1.2.0/replayfile.c:310:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (-1 == (filed = open(outfile, O_WRONLY | O_CREAT | O_TRUNC data/pgreplay-1.2.0/replayitem.c:282:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char valuepart[SAMPLE_SIZE+4], *p; data/pgreplay-1.2.0/database.c:455:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (NULL == (conn->errmsg = malloc(strlen(p1) + 1))) { data/pgreplay-1.2.0/database.c:456:84: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stderr, "Cannot allocate %lu bytes of memory\n", (unsigned long)(strlen(p1) + 1)); data/pgreplay-1.2.0/database.c:747:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (NULL == (connstr = malloc(strlen(conn_string) + 2 * strlen(user) + 2 * strlen(database) + 18))) { data/pgreplay-1.2.0/database.c:747:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (NULL == (connstr = malloc(strlen(conn_string) + 2 * strlen(user) + 2 * strlen(database) + 18))) { data/pgreplay-1.2.0/database.c:747:80: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (NULL == (connstr = malloc(strlen(conn_string) + 2 * strlen(user) + 2 * strlen(database) + 18))) { data/pgreplay-1.2.0/database.c:748:78: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stderr, "Cannot allocate %lu bytes of memory\n", (unsigned long)strlen(conn_string) + 2 * strlen(user) + 2 * strlen(database) + 18); data/pgreplay-1.2.0/database.c:748:104: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stderr, "Cannot allocate %lu bytes of memory\n", (unsigned long)strlen(conn_string) + 2 * strlen(user) + 2 * strlen(database) + 18); data/pgreplay-1.2.0/database.c:748:123: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stderr, "Cannot allocate %lu bytes of memory\n", (unsigned long)strlen(conn_string) + 2 * strlen(user) + 2 * strlen(database) + 18); data/pgreplay-1.2.0/database.c:753:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p1 = connstr + strlen(connstr); data/pgreplay-1.2.0/main.c:200:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(start_time, optarg, 23); data/pgreplay-1.2.0/main.c:211:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(end_time, optarg, 23); data/pgreplay-1.2.0/parse.c:161:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(source) < strlen(format)) { data/pgreplay-1.2.0/parse.c:161:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(source) < strlen(format)) { data/pgreplay-1.2.0/parse.c:162:87: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(errmsg, "timestamp string is less than %lu characters long", (unsigned long)strlen(format)); data/pgreplay-1.2.0/parse.c:166:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(source) >= BUFLEN) { data/pgreplay-1.2.0/parse.c:171:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i=0; i<strlen(format); ++i) { data/pgreplay-1.2.0/parse.c:219:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(source) > BUFLEN -1) { data/pgreplay-1.2.0/parse.c:224:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i=0; i<=strlen(source); ++i) { data/pgreplay-1.2.0/parse.c:241:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(s) > 8) || (strlen(s1) > 8)) { data/pgreplay-1.2.0/parse.c:241:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(s) > 8) || (strlen(s1) > 8)) { data/pgreplay-1.2.0/parse.c:286:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (-1 == (bytes_read = read(infile, buf + len, BUFLEN - 1 - len))) { data/pgreplay-1.2.0/parse.c:318:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(peekbuf, p, l); data/pgreplay-1.2.0/parse.c:332:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (-1 == (bytes_read = read(infile, peekbuf, 1))) { data/pgreplay-1.2.0/parse.c:349:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(p--, peekbuf + 1, BUFLEN - 1 - len); data/pgreplay-1.2.0/parse.c:502:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (NAMELEN < strlen(part2)) { data/pgreplay-1.2.0/parse.c:511:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (NAMELEN < strlen(part3)) { data/pgreplay-1.2.0/parse.c:668:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (NAMELEN < strlen(part[1])) { data/pgreplay-1.2.0/parse.c:677:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (NAMELEN < strlen(part[2])) { data/pgreplay-1.2.0/parse.c:741:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (NULL == (pstmt->name = malloc(strlen(name) + 1))) { data/pgreplay-1.2.0/parse.c:742:77: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stderr, "Cannot allocate %lu bytes of memory\n", (unsigned long)strlen(name) + 1); data/pgreplay-1.2.0/replayfile.c:56:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int rc = read(filed, buf, count); data/pgreplay-1.2.0/replayfile.c:83:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/pgreplay-1.2.0/replayitem.c:60:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (r->data)[0] = malloc(strlen(user) + 1); data/pgreplay-1.2.0/replayitem.c:62:75: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stderr, "Cannot allocate %lu bytes of memory\n", (unsigned long)strlen(user) + 1); data/pgreplay-1.2.0/replayitem.c:69:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (r->data)[1] = malloc(strlen(database) + 1); data/pgreplay-1.2.0/replayitem.c:71:75: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stderr, "Cannot allocate %lu bytes of memory\n", (unsigned long)strlen(user) + 1); data/pgreplay-1.2.0/replayitem.c:106:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (r->data)[0] = malloc(strlen(statement) + 1); data/pgreplay-1.2.0/replayitem.c:108:75: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stderr, "Cannot allocate %lu bytes of memory\n", (unsigned long)strlen(statement) + 1); data/pgreplay-1.2.0/replayitem.c:129:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (r->data)[0] = malloc(strlen(statement) + 1); data/pgreplay-1.2.0/replayitem.c:131:75: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stderr, "Cannot allocate %lu bytes of memory\n", (unsigned long)strlen(statement) + 1); data/pgreplay-1.2.0/replayitem.c:138:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (r->data)[1] = malloc(strlen(name) + 1); data/pgreplay-1.2.0/replayitem.c:140:75: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stderr, "Cannot allocate %lu bytes of memory\n", (unsigned long)strlen(name) + 1); data/pgreplay-1.2.0/replayitem.c:163:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (r->data)[0] = malloc(strlen(name) + 1); data/pgreplay-1.2.0/replayitem.c:173:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (r->data)[i] = malloc(strlen(values[i-1]) + 1); data/pgreplay-1.2.0/replayitem.c:175:77: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stderr, "Cannot allocate %lu bytes of memory\n", (unsigned long)strlen(values[i-1]) + 1); data/pgreplay-1.2.0/replayitem.c:322:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(valuepart, replay_get_values(r)[i], SAMPLE_SIZE); ANALYSIS SUMMARY: Hits = 97 Lines analyzed = 3851 in approximately 0.12 seconds (31279 lines/second) Physical Source Lines of Code (SLOC) = 2967 Hits@level = [0] 159 [1] 46 [2] 29 [3] 2 [4] 20 [5] 0 Hits@level+ = [0+] 256 [1+] 97 [2+] 51 [3+] 22 [4+] 20 [5+] 0 Hits/KSLOC@level+ = [0+] 86.2824 [1+] 32.693 [2+] 17.1891 [3+] 7.4149 [4+] 6.74082 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.