Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/pgsql-ogr-fdw-1.0.12/ogr_fdw.c Examining data/pgsql-ogr-fdw-1.0.12/ogr_fdw.h Examining data/pgsql-ogr-fdw-1.0.12/ogr_fdw_common.c Examining data/pgsql-ogr-fdw-1.0.12/ogr_fdw_common.h Examining data/pgsql-ogr-fdw-1.0.12/ogr_fdw_deparse.c Examining data/pgsql-ogr-fdw-1.0.12/ogr_fdw_gdal.h Examining data/pgsql-ogr-fdw-1.0.12/ogr_fdw_info.c Examining data/pgsql-ogr-fdw-1.0.12/stringbuffer.c Examining data/pgsql-ogr-fdw-1.0.12/stringbuffer.h Examining data/pgsql-ogr-fdw-1.0.12/stringbuffer_pg.c FINAL RESULTS: data/pgsql-ogr-fdw-1.0.12/ogr_fdw.c:1727:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(fidstr, 256, OGR_FDW_FRMT_INT64, OGR_FDW_CAST_INT64(fid)); data/pgsql-ogr-fdw-1.0.12/ogr_fdw_info.c:77:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(tmpl, GDALGetDriverShortName(ogr_dr)); data/pgsql-ogr-fdw-1.0.12/stringbuffer.c:218:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. len = vsnprintf(s->str_end, maxlen, fmt, ap2); data/pgsql-ogr-fdw-1.0.12/stringbuffer.c:239:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. len = vsnprintf(s->str_end, maxlen, fmt, ap); data/pgsql-ogr-fdw-1.0.12/ogr_fdw_info.c:107:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((ch = getopt(argc, argv, "h?s:l:f")) != -1) data/pgsql-ogr-fdw-1.0.12/ogr_fdw.c:1726:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fidstr[256]; data/pgsql-ogr-fdw-1.0.12/ogr_fdw.c:1868:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(varlena), buf, bufsize); data/pgsql-ogr-fdw-1.0.12/ogr_fdw.c:1918:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cstr[256]; data/pgsql-ogr-fdw-1.0.12/ogr_fdw.c:1983:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(text), str, len); data/pgsql-ogr-fdw-1.0.12/ogr_fdw.c:2001:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&type, wkb + 1, 4); data/pgsql-ogr-fdw-1.0.12/ogr_fdw.c:2008:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wkb + 1, &type, 4); data/pgsql-ogr-fdw-1.0.12/ogr_fdw.c:2045:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txtyear[STR_MAX_LEN]; data/pgsql-ogr-fdw-1.0.12/ogr_fdw.c:2046:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txtmonth[STR_MAX_LEN]; data/pgsql-ogr-fdw-1.0.12/ogr_fdw.c:2047:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txtday[STR_MAX_LEN]; data/pgsql-ogr-fdw-1.0.12/ogr_fdw.c:2048:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txthour[STR_MAX_LEN]; data/pgsql-ogr-fdw-1.0.12/ogr_fdw.c:2049:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txtminute[STR_MAX_LEN]; data/pgsql-ogr-fdw-1.0.12/ogr_fdw.c:2050:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txtsecond[STR_MAX_LEN]; data/pgsql-ogr-fdw-1.0.12/ogr_fdw.c:2221:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, VARDATA_ANY(varlena), varsize); data/pgsql-ogr-fdw-1.0.12/ogr_fdw.c:2229:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[2]; data/pgsql-ogr-fdw-1.0.12/ogr_fdw.c:2911:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char layer_name[STR_MAX_LEN]; data/pgsql-ogr-fdw-1.0.12/ogr_fdw.c:2912:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char table_name[STR_MAX_LEN]; data/pgsql-ogr-fdw-1.0.12/ogr_fdw_common.c:55:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[STR_MAX_LEN]; data/pgsql-ogr-fdw-1.0.12/ogr_fdw_common.c:223:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pgcolname[STR_MAX_LEN]; data/pgsql-ogr-fdw-1.0.12/ogr_fdw_common.c:256:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char table_name[STR_MAX_LEN]; data/pgsql-ogr-fdw-1.0.12/ogr_fdw_common.c:322:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). charSrsCode && atoi(charSrsCode) > 0 ) data/pgsql-ogr-fdw-1.0.12/ogr_fdw_common.c:324:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). srid = atoi(charSrsCode); data/pgsql-ogr-fdw-1.0.12/ogr_fdw_common.c:364:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pgtype[128]; data/pgsql-ogr-fdw-1.0.12/ogr_fdw_info.c:196:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char server_name[STR_MAX_LEN]; data/pgsql-ogr-fdw-1.0.12/ogr_fdw_info.c:221:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(server_name, "myserver"); data/pgsql-ogr-fdw-1.0.12/stringbuffer.c:132:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s->str_end, a, alen0); data/pgsql-ogr-fdw-1.0.12/stringbuffer.c:169:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, s->str_start, size); data/pgsql-ogr-fdw-1.0.12/ogr_fdw.c:1367:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fldname_laundered, fldname, STR_MAX_LEN); data/pgsql-ogr-fdw-1.0.12/ogr_fdw.c:1605:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (execstate->sql && strlen(execstate->sql) > 0) data/pgsql-ogr-fdw-1.0.12/ogr_fdw.c:1887:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t cstr_len = cstr_in ? strlen(cstr_in) : 0; data/pgsql-ogr-fdw-1.0.12/ogr_fdw.c:1982:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(str); data/pgsql-ogr-fdw-1.0.12/ogr_fdw.c:2955:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(layer_name, OGR_L_GetName(ogr_lyr), STR_MAX_LEN); data/pgsql-ogr-fdw-1.0.12/ogr_fdw.c:2961:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(table_name, layer_name, STR_MAX_LEN); data/pgsql-ogr-fdw-1.0.12/ogr_fdw.c:2972:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strncmp(layer_name, stmt->remote_schema, strlen(stmt->remote_schema)) == 0); data/pgsql-ogr-fdw-1.0.12/ogr_fdw_common.c:85:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str, tmp, STR_MAX_LEN); data/pgsql-ogr-fdw-1.0.12/ogr_fdw_common.c:224:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pgcolname, ogrcolname, STR_MAX_LEN); data/pgsql-ogr-fdw-1.0.12/ogr_fdw_common.c:275:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(table_name, OGR_L_GetName(ogr_lyr), STR_MAX_LEN); data/pgsql-ogr-fdw-1.0.12/ogr_fdw_common.c:345:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( geomfldname && strlen(geomfldname) > 0 ) data/pgsql-ogr-fdw-1.0.12/ogr_fdw_deparse.c:207:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(varname); data/pgsql-ogr-fdw-1.0.12/ogr_fdw_deparse.c:261:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (! fldname || strlen(fldname) == 0) data/pgsql-ogr-fdw-1.0.12/stringbuffer.c:129:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int alen = strlen(a); /* Length of string to append */ ANALYSIS SUMMARY: Hits = 45 Lines analyzed = 5163 in approximately 0.36 seconds (14441 lines/second) Physical Source Lines of Code (SLOC) = 3598 Hits@level = [0] 23 [1] 14 [2] 26 [3] 1 [4] 4 [5] 0 Hits@level+ = [0+] 68 [1+] 45 [2+] 31 [3+] 5 [4+] 4 [5+] 0 Hits/KSLOC@level+ = [0+] 18.8994 [1+] 12.5069 [2+] 8.6159 [3+] 1.38966 [4+] 1.11173 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.