Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/pmemkv-1.2/examples/pmemkv_basic_c/pmemkv_basic.c Examining data/pmemkv-1.2/examples/pmemkv_basic_cpp/pmemkv_basic.cpp Examining data/pmemkv-1.2/examples/pmemkv_comparator_c/pmemkv_comparator.c Examining data/pmemkv-1.2/examples/pmemkv_comparator_cpp/pmemkv_comparator.cpp Examining data/pmemkv-1.2/examples/pmemkv_config_c/pmemkv_config.c Examining data/pmemkv-1.2/examples/pmemkv_open_cpp/pmemkv_open.cpp Examining data/pmemkv-1.2/examples/pmemkv_pmemobj_cpp/pmemkv_pmemobj.cpp Examining data/pmemkv-1.2/src/comparator/comparator.h Examining data/pmemkv-1.2/src/comparator/pmemobj_comparator.h Examining data/pmemkv-1.2/src/comparator/volatile_comparator.h Examining data/pmemkv-1.2/src/config.h Examining data/pmemkv-1.2/src/engine.cc Examining data/pmemkv-1.2/src/engine.h Examining data/pmemkv-1.2/src/engines-experimental/caching.cc Examining data/pmemkv-1.2/src/engines-experimental/caching.h Examining data/pmemkv-1.2/src/engines-experimental/csmap.cc Examining data/pmemkv-1.2/src/engines-experimental/csmap.h Examining data/pmemkv-1.2/src/engines-experimental/stree.cc Examining data/pmemkv-1.2/src/engines-experimental/stree.h Examining data/pmemkv-1.2/src/engines-experimental/stree/persistent_b_tree.h Examining data/pmemkv-1.2/src/engines-experimental/stree/pstring.h Examining data/pmemkv-1.2/src/engines-experimental/tree3.cc Examining data/pmemkv-1.2/src/engines-experimental/tree3.h Examining data/pmemkv-1.2/src/engines/blackhole.cc Examining data/pmemkv-1.2/src/engines/blackhole.h Examining data/pmemkv-1.2/src/engines/cmap.cc Examining data/pmemkv-1.2/src/engines/cmap.h Examining data/pmemkv-1.2/src/engines/vcmap.cc Examining data/pmemkv-1.2/src/engines/vcmap.h Examining data/pmemkv-1.2/src/engines/vsmap.cc Examining data/pmemkv-1.2/src/engines/vsmap.h Examining data/pmemkv-1.2/src/exceptions.h Examining data/pmemkv-1.2/src/libpmemkv.cc Examining data/pmemkv-1.2/src/libpmemkv.h Examining data/pmemkv-1.2/src/libpmemkv.hpp Examining data/pmemkv-1.2/src/libpmemkv_json_config.cc Examining data/pmemkv-1.2/src/libpmemkv_json_config.h Examining data/pmemkv-1.2/src/out.cc Examining data/pmemkv-1.2/src/out.h Examining data/pmemkv-1.2/src/pmemobj_engine.h Examining data/pmemkv-1.2/src/polymorphic_string.h Examining data/pmemkv-1.2/src/valgrind/drd.h Examining data/pmemkv-1.2/src/valgrind/helgrind.h Examining data/pmemkv-1.2/src/valgrind/memcheck.h Examining data/pmemkv-1.2/src/valgrind/pmemcheck.h Examining data/pmemkv-1.2/src/valgrind/valgrind.h Examining data/pmemkv-1.2/tests/c_api/null_db_config.c Examining data/pmemkv-1.2/tests/common/check_is_pmem.cpp Examining data/pmemkv-1.2/tests/common/test_backtrace.c Examining data/pmemkv-1.2/tests/common/test_backtrace.h Examining data/pmemkv-1.2/tests/common/unittest.h Examining data/pmemkv-1.2/tests/common/unittest.hpp Examining data/pmemkv-1.2/tests/comparator/basic.c Examining data/pmemkv-1.2/tests/comparator/basic_persistent.c Examining data/pmemkv-1.2/tests/comparator/custom_reopen.c Examining data/pmemkv-1.2/tests/comparator/custom_reopen.cc Examining data/pmemkv-1.2/tests/comparator/default_reopen.c Examining data/pmemkv-1.2/tests/comparator/default_reopen.cc Examining data/pmemkv-1.2/tests/compatibility/cmap.cc Examining data/pmemkv-1.2/tests/config/config_c.c Examining data/pmemkv-1.2/tests/config/config_cpp.cc Examining data/pmemkv-1.2/tests/config/json_to_config.cc Examining data/pmemkv-1.2/tests/engine_scenarios/all/error_handling_oom.cc Examining data/pmemkv-1.2/tests/engine_scenarios/all/iterate.cc Examining data/pmemkv-1.2/tests/engine_scenarios/all/put_get_remove.cc Examining data/pmemkv-1.2/tests/engine_scenarios/all/put_get_remove_charset_params.cc Examining data/pmemkv-1.2/tests/engine_scenarios/all/put_get_remove_long_key.cc Examining data/pmemkv-1.2/tests/engine_scenarios/all/put_get_remove_params.cc Examining data/pmemkv-1.2/tests/engine_scenarios/all/put_get_std_map.cc Examining data/pmemkv-1.2/tests/engine_scenarios/all/put_get_std_map.hpp Examining data/pmemkv-1.2/tests/engine_scenarios/concurrent/iterate_params.cc Examining data/pmemkv-1.2/tests/engine_scenarios/concurrent/put_get_remove_gen_params.cc Examining data/pmemkv-1.2/tests/engine_scenarios/concurrent/put_get_remove_params.cc Examining data/pmemkv-1.2/tests/engine_scenarios/concurrent/put_get_remove_single_op_params.cc Examining data/pmemkv-1.2/tests/engine_scenarios/memkind/error_handling.cc Examining data/pmemkv-1.2/tests/engine_scenarios/persistent/not_found_verify.cc Examining data/pmemkv-1.2/tests/engine_scenarios/persistent/overwrite_verify.cc Examining data/pmemkv-1.2/tests/engine_scenarios/persistent/put_get_std_map_multiple_reopen.cc Examining data/pmemkv-1.2/tests/engine_scenarios/persistent/put_remove_verify.cc Examining data/pmemkv-1.2/tests/engine_scenarios/persistent/put_verify.cc Examining data/pmemkv-1.2/tests/engine_scenarios/persistent/put_verify_asc_params.cc Examining data/pmemkv-1.2/tests/engine_scenarios/persistent/put_verify_desc_params.cc Examining data/pmemkv-1.2/tests/engine_scenarios/pmemobj/error_handling_create.cc Examining data/pmemkv-1.2/tests/engine_scenarios/pmemobj/error_handling_defrag.cc Examining data/pmemkv-1.2/tests/engine_scenarios/pmemobj/error_handling_tx.hpp Examining data/pmemkv-1.2/tests/engine_scenarios/pmemobj/error_handling_tx_oid.cc Examining data/pmemkv-1.2/tests/engine_scenarios/pmemobj/error_handling_tx_oom.cc Examining data/pmemkv-1.2/tests/engine_scenarios/pmemobj/error_handling_tx_path.cc Examining data/pmemkv-1.2/tests/engine_scenarios/pmemobj/mock_tx_alloc.cc Examining data/pmemkv-1.2/tests/engine_scenarios/pmemobj/mock_tx_alloc.h Examining data/pmemkv-1.2/tests/engine_scenarios/pmemobj/put_get_std_map_defrag.cc Examining data/pmemkv-1.2/tests/engine_scenarios/pmemobj/put_get_std_map_oid.cc Examining data/pmemkv-1.2/tests/engine_scenarios/sorted/get_above_gen_params.cc Examining data/pmemkv-1.2/tests/engine_scenarios/sorted/get_all_gen_params.cc Examining data/pmemkv-1.2/tests/engine_scenarios/sorted/get_below_gen_params.cc Examining data/pmemkv-1.2/tests/engine_scenarios/sorted/get_between_gen_params.cc Examining data/pmemkv-1.2/tests/engine_scenarios/sorted/get_equal_above_gen_params.cc Examining data/pmemkv-1.2/tests/engine_scenarios/sorted/get_equal_below_gen_params.cc Examining data/pmemkv-1.2/tests/engine_scenarios/sorted/iterate.cc Examining data/pmemkv-1.2/tests/engine_scenarios/sorted/iterate.hpp Examining data/pmemkv-1.2/tests/engines-experimental/caching_test.cc Examining data/pmemkv-1.2/tests/engines/blackhole/blackhole_test.cc Examining data/pmemkv-1.2/tests/wrong_engine_name_test.cc FINAL RESULTS: data/pmemkv-1.2/tests/common/unittest.h:25:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stdout, format, args_list); data/pmemkv-1.2/tests/common/unittest.h:35:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, format, args_list); data/pmemkv-1.2/tests/engine_scenarios/all/put_get_remove_charset_params.cc:229:7: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. std::srand(seed); data/pmemkv-1.2/tests/engine_scenarios/concurrent/put_get_remove_gen_params.cc:121:7: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. std::srand(seed); data/pmemkv-1.2/tests/engine_scenarios/sorted/get_above_gen_params.cc:373:7: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. std::srand(seed); data/pmemkv-1.2/tests/engine_scenarios/sorted/get_all_gen_params.cc:247:7: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. std::srand(seed); data/pmemkv-1.2/tests/engine_scenarios/sorted/get_below_gen_params.cc:345:7: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. std::srand(seed); data/pmemkv-1.2/tests/engine_scenarios/sorted/get_between_gen_params.cc:423:7: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. std::srand(seed); data/pmemkv-1.2/tests/engine_scenarios/sorted/get_equal_above_gen_params.cc:337:7: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. std::srand(seed); data/pmemkv-1.2/tests/engine_scenarios/sorted/get_equal_below_gen_params.cc:349:7: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. std::srand(seed); data/pmemkv-1.2/examples/pmemkv_basic_c/pmemkv_basic.c:64:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[MAX_VAL_LEN]; data/pmemkv-1.2/examples/pmemkv_basic_cpp/pmemkv_basic.cpp:40:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s = kv->open("cmap", std::move(cfg)); data/pmemkv-1.2/examples/pmemkv_comparator_cpp/pmemkv_comparator.cpp:64:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s = kv->open("csmap", std::move(cfg)); data/pmemkv-1.2/examples/pmemkv_config_c/pmemkv_config.c:42:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. assert(((const char *)data)[0] == 'A'); data/pmemkv-1.2/examples/pmemkv_open_cpp/pmemkv_open.cpp:45:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s = kv->open("cmap", std::move(cfg)); data/pmemkv-1.2/examples/pmemkv_pmemobj_cpp/pmemkv_pmemobj.cpp:66:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). status s = kv_1->open("cmap", std::move(cfg_1)); data/pmemkv-1.2/examples/pmemkv_pmemobj_cpp/pmemkv_pmemobj.cpp:74:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s = kv_2->open("cmap", std::move(cfg_2)); data/pmemkv-1.2/src/engines-experimental/caching.cc:31:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timestamp[64] = {0}; data/pmemkv-1.2/src/engines-experimental/caching.cc:42:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ttlTimeStr[80]; data/pmemkv-1.2/src/engines-experimental/stree/persistent_b_tree.h:501:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char padding[64]; data/pmemkv-1.2/src/engines-experimental/stree/persistent_b_tree.h:504:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char padding1[64]; data/pmemkv-1.2/src/engines-experimental/stree/pstring.h:94:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, src, size); data/pmemkv-1.2/src/engines-experimental/stree/pstring.h:99:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[BUFFER_SIZE]; data/pmemkv-1.2/src/engines-experimental/tree3.cc:569:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(kvptr, key.data(), ksize); // copy key into buffer data/pmemkv-1.2/src/engines-experimental/tree3.cc:571:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(kvptr, value.data(), vsize); // copy value into buffer data/pmemkv-1.2/src/libpmemkv.cc:472:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c->buffer, v, vb); data/pmemkv-1.2/src/libpmemkv.hpp:220:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). status open(const std::string &engine_name) noexcept; data/pmemkv-1.2/src/libpmemkv.hpp:221:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). status open(const std::string &engine_name, config &&cfg) noexcept; data/pmemkv-1.2/src/libpmemkv.hpp:918:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inline status db::open(const std::string &engine_name) noexcept data/pmemkv-1.2/src/libpmemkv.hpp:932:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inline status db::open(const std::string &engine_name, config &&cfg) noexcept data/pmemkv-1.2/src/pmemobj_engine.h:63:34: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pop = pmem::obj::pool<Root>::open(path, LAYOUT); data/pmemkv-1.2/tests/c_api/null_db_config.c:22:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[10]; data/pmemkv-1.2/tests/common/test_backtrace.c:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char procname[PROCNAMELEN]; data/pmemkv-1.2/tests/common/unittest.hpp:160:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). auto s = kv.open(engine, std::move(config)); data/pmemkv-1.2/tests/comparator/basic.c:21:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *keys[3]; data/pmemkv-1.2/tests/comparator/basic.c:28:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(key_copy, key, kb); data/pmemkv-1.2/tests/comparator/custom_reopen.cc:45:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s = kv.open(name, std::move(cfg)); data/pmemkv-1.2/tests/comparator/custom_reopen.cc:66:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s = kv.open(name, std::move(cfg)); data/pmemkv-1.2/tests/comparator/custom_reopen.cc:88:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s = kv.open(name, std::move(cfg)); data/pmemkv-1.2/tests/comparator/default_reopen.cc:29:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). auto s = kv.open(name, std::move(cfg)); data/pmemkv-1.2/tests/comparator/default_reopen.cc:47:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). auto s = kv.open(name, std::move(cfg)); data/pmemkv-1.2/tests/comparator/default_reopen.cc:68:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s = kv.open(name, std::move(cfg)); data/pmemkv-1.2/tests/compatibility/cmap.cc:25:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s = kv->open("cmap", std::move(cfg)); data/pmemkv-1.2/tests/compatibility/cmap.cc:39:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s = kv->open("cmap", std::move(cfg)); data/pmemkv-1.2/tests/engine_scenarios/memkind/error_handling.cc:16:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s = kv.open(engine, std::move(cfg)); data/pmemkv-1.2/tests/engine_scenarios/memkind/error_handling.cc:30:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s = kv.open(engine, std::move(cfg)); data/pmemkv-1.2/tests/engine_scenarios/memkind/error_handling.cc:42:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s = kv.open(engine, std::move(cfg)); data/pmemkv-1.2/tests/engine_scenarios/pmemobj/error_handling_create.cc:20:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s = kv.open(engine, std::move(config)); data/pmemkv-1.2/tests/engine_scenarios/pmemobj/error_handling_create.cc:38:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s = kv.open(engine, std::move(config)); data/pmemkv-1.2/tests/engine_scenarios/pmemobj/error_handling_create.cc:56:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s = kv.open(engine, std::move(config)); data/pmemkv-1.2/tests/engine_scenarios/pmemobj/error_handling_create.cc:72:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s = kv.open(engine, std::move(config)); data/pmemkv-1.2/tests/engine_scenarios/pmemobj/error_handling_create.cc:93:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s = kv.open(engine, std::move(config)); data/pmemkv-1.2/tests/engine_scenarios/pmemobj/error_handling_create.cc:108:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s = kv.open(engine, std::move(config)); data/pmemkv-1.2/tests/engine_scenarios/pmemobj/error_handling_tx_oid.cc:24:41: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pmemobj_pool = pmem::obj::pool<Root>::open(pmemobj_pool_path, "pmemkv"); data/pmemkv-1.2/tests/engine_scenarios/pmemobj/error_handling_tx_path.cc:17:40: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pmemobj_pool = pmem::obj::pool_base::open(pmemobj_pool_path, "pmemkv"); data/pmemkv-1.2/tests/engine_scenarios/pmemobj/put_get_std_map_oid.cc:29:41: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pmemobj_pool = pmem::obj::pool<Root>::open(pmemobj_pool_path, "pmemkv"); data/pmemkv-1.2/tests/engines-experimental/caching_test.cc:40:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (kv->open(engine, config(cfg)) != status::OK) data/pmemkv-1.2/tests/engines/blackhole/blackhole_test.cc:11:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). auto s = kv.open("blackhole"); data/pmemkv-1.2/tests/engines/blackhole/blackhole_test.cc:37:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). auto s = kv.open("blackhole"); data/pmemkv-1.2/tests/wrong_engine_name_test.cc:18:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return db.open(name) == pmem::kv::status::WRONG_ENGINE_NAME; data/pmemkv-1.2/tests/wrong_engine_name_test.cc:27:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). auto s = kv.open("non-existing name"); data/pmemkv-1.2/tests/wrong_engine_name_test.cc:33:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s = kv.open("non-existing name"); data/pmemkv-1.2/tests/wrong_engine_name_test.cc:35:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s = kv.open("non-existing name"); data/pmemkv-1.2/examples/pmemkv_basic_c/pmemkv_basic.c:55:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = pmemkv_put(db, key1, strlen(key1), value1, strlen(value1)); data/pmemkv-1.2/examples/pmemkv_basic_c/pmemkv_basic.c:55:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = pmemkv_put(db, key1, strlen(key1), value1, strlen(value1)); data/pmemkv-1.2/examples/pmemkv_basic_c/pmemkv_basic.c:65:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = pmemkv_get_copy(db, key1, strlen(key1), val, MAX_VAL_LEN, NULL); data/pmemkv-1.2/examples/pmemkv_basic_c/pmemkv_basic.c:74:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pmemkv_put(db, key2, strlen(key2), value2, strlen(value2)); data/pmemkv-1.2/examples/pmemkv_basic_c/pmemkv_basic.c:74:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pmemkv_put(db, key2, strlen(key2), value2, strlen(value2)); data/pmemkv-1.2/examples/pmemkv_basic_c/pmemkv_basic.c:75:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pmemkv_put(db, key3, strlen(key3), value3, strlen(value3)); data/pmemkv-1.2/examples/pmemkv_basic_c/pmemkv_basic.c:75:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pmemkv_put(db, key3, strlen(key3), value3, strlen(value3)); data/pmemkv-1.2/examples/pmemkv_basic_c/pmemkv_basic.c:79:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = pmemkv_remove(db, key1, strlen(key1)); data/pmemkv-1.2/examples/pmemkv_basic_c/pmemkv_basic.c:81:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(pmemkv_exists(db, key1, strlen(key1)) == PMEMKV_STATUS_NOT_FOUND); data/pmemkv-1.2/examples/pmemkv_comparator_c/pmemkv_comparator.c:84:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = pmemkv_put(db, key1, strlen(key1), value1, strlen(value1)); data/pmemkv-1.2/examples/pmemkv_comparator_c/pmemkv_comparator.c:84:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = pmemkv_put(db, key1, strlen(key1), value1, strlen(value1)); data/pmemkv-1.2/examples/pmemkv_comparator_c/pmemkv_comparator.c:86:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = pmemkv_put(db, key2, strlen(key2), value2, strlen(value2)); data/pmemkv-1.2/examples/pmemkv_comparator_c/pmemkv_comparator.c:86:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = pmemkv_put(db, key2, strlen(key2), value2, strlen(value2)); data/pmemkv-1.2/examples/pmemkv_comparator_c/pmemkv_comparator.c:88:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = pmemkv_put(db, key3, strlen(key3), value3, strlen(value3)); data/pmemkv-1.2/examples/pmemkv_comparator_c/pmemkv_comparator.c:88:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = pmemkv_put(db, key3, strlen(key3), value3, strlen(value3)); data/pmemkv-1.2/src/engines-experimental/stree/persistent_b_tree.h:1234:13: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. std::equal(inner->begin(), middle, data/pmemkv-1.2/src/engines-experimental/stree/persistent_b_tree.h:1239:13: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. std::equal(middle + 1, inner->end(), data/pmemkv-1.2/tests/c_api/null_db_config.c:28:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = pmemkv_count_above(NULL, key1, strlen(key1), &cnt); data/pmemkv-1.2/tests/c_api/null_db_config.c:31:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = pmemkv_count_below(NULL, key1, strlen(key1), &cnt); data/pmemkv-1.2/tests/c_api/null_db_config.c:34:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = pmemkv_count_between(NULL, key1, strlen(key1), key2, strlen(key2), &cnt); data/pmemkv-1.2/tests/c_api/null_db_config.c:34:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = pmemkv_count_between(NULL, key1, strlen(key1), key2, strlen(key2), &cnt); data/pmemkv-1.2/tests/c_api/null_db_config.c:40:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = pmemkv_get_above(NULL, key1, strlen(key1), NULL, NULL); data/pmemkv-1.2/tests/c_api/null_db_config.c:43:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = pmemkv_get_below(NULL, key1, strlen(key1), NULL, NULL); data/pmemkv-1.2/tests/c_api/null_db_config.c:46:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = pmemkv_get_between(NULL, key1, strlen(key1), key2, strlen(key2), NULL, NULL); data/pmemkv-1.2/tests/c_api/null_db_config.c:46:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = pmemkv_get_between(NULL, key1, strlen(key1), key2, strlen(key2), NULL, NULL); data/pmemkv-1.2/tests/c_api/null_db_config.c:49:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = pmemkv_exists(NULL, key1, strlen(key1)); data/pmemkv-1.2/tests/c_api/null_db_config.c:52:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = pmemkv_get(NULL, key1, strlen(key1), NULL, NULL); data/pmemkv-1.2/tests/c_api/null_db_config.c:55:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = pmemkv_get_copy(NULL, key1, strlen(key1), val, 10, &cnt); data/pmemkv-1.2/tests/c_api/null_db_config.c:58:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = pmemkv_put(NULL, key1, strlen(key1), value1, strlen(value1)); data/pmemkv-1.2/tests/c_api/null_db_config.c:58:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = pmemkv_put(NULL, key1, strlen(key1), value1, strlen(value1)); data/pmemkv-1.2/tests/c_api/null_db_config.c:61:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = pmemkv_remove(NULL, key1, strlen(key1)); data/pmemkv-1.2/tests/common/test_backtrace.c:69:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(procname, "?"); data/pmemkv-1.2/tests/engine_scenarios/sorted/iterate.hpp:219:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t charset_size = strlen(charset); data/pmemkv-1.2/tests/engines-experimental/caching_test.cc:174:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rc = memcached_set(memc, key, strlen(key), value1, strlen(value1), data/pmemkv-1.2/tests/engines-experimental/caching_test.cc:174:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rc = memcached_set(memc, key, strlen(key), value1, strlen(value1), data/pmemkv-1.2/tests/engines-experimental/caching_test.cc:227:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcached_delete(memc, key, strlen(key), (time_t)0); data/pmemkv-1.2/tests/engines-experimental/caching_test.cc:228:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return_value = memcached_get(memc, key, strlen(key), &return_value_length, ANALYSIS SUMMARY: Hits = 100 Lines analyzed = 25724 in approximately 0.86 seconds (29789 lines/second) Physical Source Lines of Code (SLOC) = 18666 Hits@level = [0] 26 [1] 37 [2] 53 [3] 8 [4] 2 [5] 0 Hits@level+ = [0+] 126 [1+] 100 [2+] 63 [3+] 10 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 6.75024 [1+] 5.35733 [2+] 3.37512 [3+] 0.535733 [4+] 0.107147 [5+] 0 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.