Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/postgresql-12-12.4/contrib/tcn/tcn.c
Examining data/postgresql-12-12.4/contrib/sslinfo/sslinfo.c
Examining data/postgresql-12-12.4/contrib/unaccent/unaccent.c
Examining data/postgresql-12-12.4/contrib/cube/cubeparse.c
Examining data/postgresql-12-12.4/contrib/cube/cube.c
Examining data/postgresql-12-12.4/contrib/cube/cubedata.h
Examining data/postgresql-12-12.4/contrib/cube/cubescan.c
Examining data/postgresql-12-12.4/contrib/adminpack/adminpack.c
Examining data/postgresql-12-12.4/contrib/dblink/dblink.c
Examining data/postgresql-12-12.4/contrib/hstore/hstore_io.c
Examining data/postgresql-12-12.4/contrib/hstore/hstore_op.c
Examining data/postgresql-12-12.4/contrib/hstore/hstore.h
Examining data/postgresql-12-12.4/contrib/hstore/hstore_gist.c
Examining data/postgresql-12-12.4/contrib/hstore/hstore_gin.c
Examining data/postgresql-12-12.4/contrib/hstore/hstore_compat.c
Examining data/postgresql-12-12.4/contrib/pg_standby/pg_standby.c
Examining data/postgresql-12-12.4/contrib/pg_prewarm/autoprewarm.c
Examining data/postgresql-12-12.4/contrib/pg_prewarm/pg_prewarm.c
Examining data/postgresql-12-12.4/contrib/xml2/xpath.c
Examining data/postgresql-12-12.4/contrib/xml2/xslt_proc.c
Examining data/postgresql-12-12.4/contrib/ltree_plpython/ltree_plpython.c
Examining data/postgresql-12-12.4/contrib/test_decoding/test_decoding.c
Examining data/postgresql-12-12.4/contrib/file_fdw/file_fdw.c
Examining data/postgresql-12-12.4/contrib/btree_gist/btree_utils_var.h
Examining data/postgresql-12-12.4/contrib/btree_gist/btree_ts.c
Examining data/postgresql-12-12.4/contrib/btree_gist/btree_utils_num.c
Examining data/postgresql-12-12.4/contrib/btree_gist/btree_int8.c
Examining data/postgresql-12-12.4/contrib/btree_gist/btree_macaddr8.c
Examining data/postgresql-12-12.4/contrib/btree_gist/btree_time.c
Examining data/postgresql-12-12.4/contrib/btree_gist/btree_text.c
Examining data/postgresql-12-12.4/contrib/btree_gist/btree_enum.c
Examining data/postgresql-12-12.4/contrib/btree_gist/btree_uuid.c
Examining data/postgresql-12-12.4/contrib/btree_gist/btree_int2.c
Examining data/postgresql-12-12.4/contrib/btree_gist/btree_int4.c
Examining data/postgresql-12-12.4/contrib/btree_gist/btree_cash.c
Examining data/postgresql-12-12.4/contrib/btree_gist/btree_utils_num.h
Examining data/postgresql-12-12.4/contrib/btree_gist/btree_bytea.c
Examining data/postgresql-12-12.4/contrib/btree_gist/btree_gist.c
Examining data/postgresql-12-12.4/contrib/btree_gist/btree_float8.c
Examining data/postgresql-12-12.4/contrib/btree_gist/btree_inet.c
Examining data/postgresql-12-12.4/contrib/btree_gist/btree_interval.c
Examining data/postgresql-12-12.4/contrib/btree_gist/btree_utils_var.c
Examining data/postgresql-12-12.4/contrib/btree_gist/btree_bit.c
Examining data/postgresql-12-12.4/contrib/btree_gist/btree_date.c
Examining data/postgresql-12-12.4/contrib/btree_gist/btree_oid.c
Examining data/postgresql-12-12.4/contrib/btree_gist/btree_gist.h
Examining data/postgresql-12-12.4/contrib/btree_gist/btree_macaddr.c
Examining data/postgresql-12-12.4/contrib/btree_gist/btree_numeric.c
Examining data/postgresql-12-12.4/contrib/btree_gist/btree_float4.c
Examining data/postgresql-12-12.4/contrib/lo/lo.c
Examining data/postgresql-12-12.4/contrib/spi/autoinc.c
Examining data/postgresql-12-12.4/contrib/spi/insert_username.c
Examining data/postgresql-12-12.4/contrib/spi/refint.c
Examining data/postgresql-12-12.4/contrib/spi/moddatetime.c
Examining data/postgresql-12-12.4/contrib/jsonb_plpython/jsonb_plpython.c
Examining data/postgresql-12-12.4/contrib/passwordcheck/passwordcheck.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/internal.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/pgcrypto.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/blf.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/pgp-encrypt.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/pgp-decrypt.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/px.h
Examining data/postgresql-12-12.4/contrib/pgcrypto/md5.h
Examining data/postgresql-12-12.4/contrib/pgcrypto/pgp-pubenc.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/md5.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/crypt-gensalt.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/internal-sha2.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/px-crypt.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/pgp-mpi-internal.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/blf.h
Examining data/postgresql-12-12.4/contrib/pgcrypto/pgp-mpi-openssl.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/pgp-pgsql.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/openssl.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/rijndael.h
Examining data/postgresql-12-12.4/contrib/pgcrypto/sha1.h
Examining data/postgresql-12-12.4/contrib/pgcrypto/pgp.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/pgp-mpi.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/px-hmac.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/pgp-pubkey.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/crypt-blowfish.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/pgp.h
Examining data/postgresql-12-12.4/contrib/pgcrypto/crypt-md5.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/pgp-compress.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/imath.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/pgp-info.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/imath.h
Examining data/postgresql-12-12.4/contrib/pgcrypto/rijndael.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/pgcrypto.h
Examining data/postgresql-12-12.4/contrib/pgcrypto/mbuf.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/px-crypt.h
Examining data/postgresql-12-12.4/contrib/pgcrypto/pgp-pubdec.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/sha1.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/crypt-des.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/mbuf.h
Examining data/postgresql-12-12.4/contrib/pgcrypto/pgp-armor.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/pgp-cfb.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/px.c
Examining data/postgresql-12-12.4/contrib/pgcrypto/pgp-s2k.c
Examining data/postgresql-12-12.4/contrib/oid2name/oid2name.c
Examining data/postgresql-12-12.4/contrib/pg_visibility/pg_visibility.c
Examining data/postgresql-12-12.4/contrib/ltree/ltree_op.c
Examining data/postgresql-12-12.4/contrib/ltree/_ltree_gist.c
Examining data/postgresql-12-12.4/contrib/ltree/ltree.h
Examining data/postgresql-12-12.4/contrib/ltree/ltxtquery_io.c
Examining data/postgresql-12-12.4/contrib/ltree/_ltree_op.c
Examining data/postgresql-12-12.4/contrib/ltree/ltxtquery_op.c
Examining data/postgresql-12-12.4/contrib/ltree/lquery_op.c
Examining data/postgresql-12-12.4/contrib/ltree/crc32.c
Examining data/postgresql-12-12.4/contrib/ltree/ltree_gist.c
Examining data/postgresql-12-12.4/contrib/ltree/ltree_io.c
Examining data/postgresql-12-12.4/contrib/ltree/crc32.h
Examining data/postgresql-12-12.4/contrib/pgstattuple/pgstatapprox.c
Examining data/postgresql-12-12.4/contrib/pgstattuple/pgstattuple.c
Examining data/postgresql-12-12.4/contrib/pgstattuple/pgstatindex.c
Examining data/postgresql-12-12.4/contrib/pg_freespacemap/pg_freespacemap.c
Examining data/postgresql-12-12.4/contrib/tablefunc/tablefunc.h
Examining data/postgresql-12-12.4/contrib/tablefunc/tablefunc.c
Examining data/postgresql-12-12.4/contrib/bloom/bloom.h
Examining data/postgresql-12-12.4/contrib/bloom/blvacuum.c
Examining data/postgresql-12-12.4/contrib/bloom/blutils.c
Examining data/postgresql-12-12.4/contrib/bloom/blinsert.c
Examining data/postgresql-12-12.4/contrib/bloom/blscan.c
Examining data/postgresql-12-12.4/contrib/bloom/blcost.c
Examining data/postgresql-12-12.4/contrib/bloom/blvalidate.c
Examining data/postgresql-12-12.4/contrib/pg_stat_statements/pg_stat_statements.c
Examining data/postgresql-12-12.4/contrib/isn/isn.h
Examining data/postgresql-12-12.4/contrib/isn/ISSN.h
Examining data/postgresql-12-12.4/contrib/isn/ISMN.h
Examining data/postgresql-12-12.4/contrib/isn/ISBN.h
Examining data/postgresql-12-12.4/contrib/isn/EAN13.h
Examining data/postgresql-12-12.4/contrib/isn/UPC.h
Examining data/postgresql-12-12.4/contrib/isn/isn.c
Examining data/postgresql-12-12.4/contrib/hstore_plperl/hstore_plperl.c
Examining data/postgresql-12-12.4/contrib/auto_explain/auto_explain.c
Examining data/postgresql-12-12.4/contrib/dict_xsyn/dict_xsyn.c
Examining data/postgresql-12-12.4/contrib/tsm_system_rows/tsm_system_rows.c
Examining data/postgresql-12-12.4/contrib/hstore_plpython/hstore_plpython.c
Examining data/postgresql-12-12.4/contrib/citext/citext.c
Examining data/postgresql-12-12.4/contrib/auth_delay/auth_delay.c
Examining data/postgresql-12-12.4/contrib/jsonb_plperl/jsonb_plperl.c
Examining data/postgresql-12-12.4/contrib/amcheck/verify_nbtree.c
Examining data/postgresql-12-12.4/contrib/btree_gin/btree_gin.c
Examining data/postgresql-12-12.4/contrib/intarray/_int_gin.c
Examining data/postgresql-12-12.4/contrib/intarray/_int_gist.c
Examining data/postgresql-12-12.4/contrib/intarray/_int_selfuncs.c
Examining data/postgresql-12-12.4/contrib/intarray/_intbig_gist.c
Examining data/postgresql-12-12.4/contrib/intarray/_int_tool.c
Examining data/postgresql-12-12.4/contrib/intarray/_int_op.c
Examining data/postgresql-12-12.4/contrib/intarray/_int_bool.c
Examining data/postgresql-12-12.4/contrib/intarray/_int.h
Examining data/postgresql-12-12.4/contrib/pg_trgm/trgm_op.c
Examining data/postgresql-12-12.4/contrib/pg_trgm/trgm_gist.c
Examining data/postgresql-12-12.4/contrib/pg_trgm/trgm_regexp.c
Examining data/postgresql-12-12.4/contrib/pg_trgm/trgm_gin.c
Examining data/postgresql-12-12.4/contrib/pg_trgm/trgm.h
Examining data/postgresql-12-12.4/contrib/tsm_system_time/tsm_system_time.c
Examining data/postgresql-12-12.4/contrib/sepgsql/uavc.c
Examining data/postgresql-12-12.4/contrib/sepgsql/database.c
Examining data/postgresql-12-12.4/contrib/sepgsql/label.c
Examining data/postgresql-12-12.4/contrib/sepgsql/hooks.c
Examining data/postgresql-12-12.4/contrib/sepgsql/dml.c
Examining data/postgresql-12-12.4/contrib/sepgsql/sepgsql.h
Examining data/postgresql-12-12.4/contrib/sepgsql/selinux.c
Examining data/postgresql-12-12.4/contrib/sepgsql/relation.c
Examining data/postgresql-12-12.4/contrib/sepgsql/schema.c
Examining data/postgresql-12-12.4/contrib/sepgsql/proc.c
Examining data/postgresql-12-12.4/contrib/pageinspect/ginfuncs.c
Examining data/postgresql-12-12.4/contrib/pageinspect/btreefuncs.c
Examining data/postgresql-12-12.4/contrib/pageinspect/pageinspect.h
Examining data/postgresql-12-12.4/contrib/pageinspect/hashfuncs.c
Examining data/postgresql-12-12.4/contrib/pageinspect/heapfuncs.c
Examining data/postgresql-12-12.4/contrib/pageinspect/fsmfuncs.c
Examining data/postgresql-12-12.4/contrib/pageinspect/brinfuncs.c
Examining data/postgresql-12-12.4/contrib/pageinspect/rawpage.c
Examining data/postgresql-12-12.4/contrib/earthdistance/earthdistance.c
Examining data/postgresql-12-12.4/contrib/uuid-ossp/uuid-ossp.c
Examining data/postgresql-12-12.4/contrib/dict_int/dict_int.c
Examining data/postgresql-12-12.4/contrib/seg/segscan.c
Examining data/postgresql-12-12.4/contrib/seg/segparse.c
Examining data/postgresql-12-12.4/contrib/seg/seg.c
Examining data/postgresql-12-12.4/contrib/seg/segdata.h
Examining data/postgresql-12-12.4/contrib/vacuumlo/vacuumlo.c
Examining data/postgresql-12-12.4/contrib/pgrowlocks/pgrowlocks.c
Examining data/postgresql-12-12.4/contrib/fuzzystrmatch/fuzzystrmatch.c
Examining data/postgresql-12-12.4/contrib/fuzzystrmatch/dmetaphone.c
Examining data/postgresql-12-12.4/contrib/pg_buffercache/pg_buffercache_pages.c
Examining data/postgresql-12-12.4/contrib/postgres_fdw/postgres_fdw.c
Examining data/postgresql-12-12.4/contrib/postgres_fdw/shippable.c
Examining data/postgresql-12-12.4/contrib/postgres_fdw/deparse.c
Examining data/postgresql-12-12.4/contrib/postgres_fdw/option.c
Examining data/postgresql-12-12.4/contrib/postgres_fdw/connection.c
Examining data/postgresql-12-12.4/contrib/postgres_fdw/postgres_fdw.h
Examining data/postgresql-12-12.4/src/include/snowball/header.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_ISO_8859_1_french.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_UTF_8_finnish.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_UTF_8_turkish.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_ISO_8859_1_portuguese.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_ISO_8859_1_norwegian.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_UTF_8_porter.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_UTF_8_lithuanian.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/api.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_UTF_8_spanish.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_ISO_8859_1_swedish.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_UTF_8_portuguese.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_ISO_8859_1_irish.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_UTF_8_hungarian.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_ISO_8859_1_spanish.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_ISO_8859_1_indonesian.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_UTF_8_romanian.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_ISO_8859_2_romanian.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_ISO_8859_1_porter.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_UTF_8_tamil.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_UTF_8_french.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/header.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_UTF_8_norwegian.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_ISO_8859_1_finnish.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_UTF_8_indonesian.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_UTF_8_russian.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_UTF_8_nepali.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_UTF_8_german.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_UTF_8_dutch.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_ISO_8859_1_english.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_ISO_8859_1_german.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_ISO_8859_2_hungarian.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_UTF_8_danish.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_KOI8_R_russian.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_ISO_8859_1_danish.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_ISO_8859_1_dutch.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_UTF_8_italian.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_UTF_8_irish.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_UTF_8_swedish.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_UTF_8_arabic.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_ISO_8859_1_italian.h
Examining data/postgresql-12-12.4/src/include/snowball/libstemmer/stem_UTF_8_english.h
Examining data/postgresql-12-12.4/src/include/bootstrap/bootstrap.h
Examining data/postgresql-12-12.4/src/include/pg_trace.h
Examining data/postgresql-12-12.4/src/include/rewrite/prs2lock.h
Examining data/postgresql-12-12.4/src/include/rewrite/rewriteRemove.h
Examining data/postgresql-12-12.4/src/include/rewrite/rowsecurity.h
Examining data/postgresql-12-12.4/src/include/rewrite/rewriteManip.h
Examining data/postgresql-12-12.4/src/include/rewrite/rewriteSupport.h
Examining data/postgresql-12-12.4/src/include/rewrite/rewriteHandler.h
Examining data/postgresql-12-12.4/src/include/rewrite/rewriteDefine.h
Examining data/postgresql-12-12.4/src/include/storage/predicate_internals.h
Examining data/postgresql-12-12.4/src/include/storage/pmsignal.h
Examining data/postgresql-12-12.4/src/include/storage/off.h
Examining data/postgresql-12-12.4/src/include/storage/sinvaladt.h
Examining data/postgresql-12-12.4/src/include/storage/sync.h
Examining data/postgresql-12-12.4/src/include/storage/bufpage.h
Examining data/postgresql-12-12.4/src/include/storage/dsm.h
Examining data/postgresql-12-12.4/src/include/storage/sinval.h
Examining data/postgresql-12-12.4/src/include/storage/sharedfileset.h
Examining data/postgresql-12-12.4/src/include/storage/lmgr.h
Examining data/postgresql-12-12.4/src/include/storage/ipc.h
Examining data/postgresql-12-12.4/src/include/storage/proc.h
Examining data/postgresql-12-12.4/src/include/storage/dsm_impl.h
Examining data/postgresql-12-12.4/src/include/storage/barrier.h
Examining data/postgresql-12-12.4/src/include/storage/standby.h
Examining data/postgresql-12-12.4/src/include/storage/pg_sema.h
Examining data/postgresql-12-12.4/src/include/storage/spin.h
Examining data/postgresql-12-12.4/src/include/storage/bufmgr.h
Examining data/postgresql-12-12.4/src/include/storage/item.h
Examining data/postgresql-12-12.4/src/include/storage/backendid.h
Examining data/postgresql-12-12.4/src/include/storage/buf_internals.h
Examining data/postgresql-12-12.4/src/include/storage/procarray.h
Examining data/postgresql-12-12.4/src/include/storage/predicate.h
Examining data/postgresql-12-12.4/src/include/storage/condition_variable.h
Examining data/postgresql-12-12.4/src/include/storage/fd.h
Examining data/postgresql-12-12.4/src/include/storage/proclist.h
Examining data/postgresql-12-12.4/src/include/storage/shm_mq.h
Examining data/postgresql-12-12.4/src/include/storage/s_lock.h
Examining data/postgresql-12-12.4/src/include/storage/md.h
Examining data/postgresql-12-12.4/src/include/storage/relfilenode.h
Examining data/postgresql-12-12.4/src/include/storage/reinit.h
Examining data/postgresql-12-12.4/src/include/storage/buffile.h
Examining data/postgresql-12-12.4/src/include/storage/lwlock.h
Examining data/postgresql-12-12.4/src/include/storage/pg_shmem.h
Examining data/postgresql-12-12.4/src/include/storage/latch.h
Examining data/postgresql-12-12.4/src/include/storage/block.h
Examining data/postgresql-12-12.4/src/include/storage/smgr.h
Examining data/postgresql-12-12.4/src/include/storage/proclist_types.h
Examining data/postgresql-12-12.4/src/include/storage/lock.h
Examining data/postgresql-12-12.4/src/include/storage/checksum.h
Examining data/postgresql-12-12.4/src/include/storage/procsignal.h
Examining data/postgresql-12-12.4/src/include/storage/checksum_impl.h
Examining data/postgresql-12-12.4/src/include/storage/copydir.h
Examining data/postgresql-12-12.4/src/include/storage/fsm_internals.h
Examining data/postgresql-12-12.4/src/include/storage/buf.h
Examining data/postgresql-12-12.4/src/include/storage/freespace.h
Examining data/postgresql-12-12.4/src/include/storage/itemptr.h
Examining data/postgresql-12-12.4/src/include/storage/indexfsm.h
Examining data/postgresql-12-12.4/src/include/storage/shm_toc.h
Examining data/postgresql-12-12.4/src/include/storage/large_object.h
Examining data/postgresql-12-12.4/src/include/storage/itemid.h
Examining data/postgresql-12-12.4/src/include/storage/shmem.h
Examining data/postgresql-12-12.4/src/include/storage/standbydefs.h
Examining data/postgresql-12-12.4/src/include/storage/lockdefs.h
Examining data/postgresql-12-12.4/src/include/postgres.h
Examining data/postgresql-12-12.4/src/include/parser/parse_coerce.h
Examining data/postgresql-12-12.4/src/include/parser/parse_type.h
Examining data/postgresql-12-12.4/src/include/parser/parse_param.h
Examining data/postgresql-12-12.4/src/include/parser/scansup.h
Examining data/postgresql-12-12.4/src/include/parser/parse_func.h
Examining data/postgresql-12-12.4/src/include/parser/parse_utilcmd.h
Examining data/postgresql-12-12.4/src/include/parser/gramparse.h
Examining data/postgresql-12-12.4/src/include/parser/parse_agg.h
Examining data/postgresql-12-12.4/src/include/parser/parse_clause.h
Examining data/postgresql-12-12.4/src/include/parser/kwlist.h
Examining data/postgresql-12-12.4/src/include/parser/parser.h
Examining data/postgresql-12-12.4/src/include/parser/parse_relation.h
Examining data/postgresql-12-12.4/src/include/parser/parse_expr.h
Examining data/postgresql-12-12.4/src/include/parser/parse_collate.h
Examining data/postgresql-12-12.4/src/include/parser/parse_enr.h
Examining data/postgresql-12-12.4/src/include/parser/parse_target.h
Examining data/postgresql-12-12.4/src/include/parser/scanner.h
Examining data/postgresql-12-12.4/src/include/parser/parse_oper.h
Examining data/postgresql-12-12.4/src/include/parser/parse_cte.h
Examining data/postgresql-12-12.4/src/include/parser/parse_node.h
Examining data/postgresql-12-12.4/src/include/parser/parsetree.h
Examining data/postgresql-12-12.4/src/include/parser/analyze.h
Examining data/postgresql-12-12.4/src/include/lib/pairingheap.h
Examining data/postgresql-12-12.4/src/include/lib/binaryheap.h
Examining data/postgresql-12-12.4/src/include/lib/ilist.h
Examining data/postgresql-12-12.4/src/include/lib/dshash.h
Examining data/postgresql-12-12.4/src/include/lib/bipartite_match.h
Examining data/postgresql-12-12.4/src/include/lib/integerset.h
Examining data/postgresql-12-12.4/src/include/lib/knapsack.h
Examining data/postgresql-12-12.4/src/include/lib/simplehash.h
Examining data/postgresql-12-12.4/src/include/lib/stringinfo.h
Examining data/postgresql-12-12.4/src/include/lib/hyperloglog.h
Examining data/postgresql-12-12.4/src/include/lib/rbtree.h
Examining data/postgresql-12-12.4/src/include/lib/bloomfilter.h
Examining data/postgresql-12-12.4/src/include/miscadmin.h
Examining data/postgresql-12-12.4/src/include/libpq/libpq.h
Examining data/postgresql-12-12.4/src/include/libpq/pqmq.h
Examining data/postgresql-12-12.4/src/include/libpq/pqformat.h
Examining data/postgresql-12-12.4/src/include/libpq/auth.h
Examining data/postgresql-12-12.4/src/include/libpq/be-gssapi-common.h
Examining data/postgresql-12-12.4/src/include/libpq/pqsignal.h
Examining data/postgresql-12-12.4/src/include/libpq/libpq-fs.h
Examining data/postgresql-12-12.4/src/include/libpq/crypt.h
Examining data/postgresql-12-12.4/src/include/libpq/scram.h
Examining data/postgresql-12-12.4/src/include/libpq/pqcomm.h
Examining data/postgresql-12-12.4/src/include/libpq/be-fsstubs.h
Examining data/postgresql-12-12.4/src/include/libpq/ifaddr.h
Examining data/postgresql-12-12.4/src/include/libpq/hba.h
Examining data/postgresql-12-12.4/src/include/libpq/libpq-be.h
Examining data/postgresql-12-12.4/src/include/mb/pg_wchar.h
Examining data/postgresql-12-12.4/src/include/pgstat.h
Examining data/postgresql-12-12.4/src/include/replication/slot.h
Examining data/postgresql-12-12.4/src/include/replication/walreceiver.h
Examining data/postgresql-12-12.4/src/include/replication/logicalfuncs.h
Examining data/postgresql-12-12.4/src/include/replication/syncrep.h
Examining data/postgresql-12-12.4/src/include/replication/snapbuild.h
Examining data/postgresql-12-12.4/src/include/replication/reorderbuffer.h
Examining data/postgresql-12-12.4/src/include/replication/logicalproto.h
Examining data/postgresql-12-12.4/src/include/replication/logicallauncher.h
Examining data/postgresql-12-12.4/src/include/replication/message.h
Examining data/postgresql-12-12.4/src/include/replication/basebackup.h
Examining data/postgresql-12-12.4/src/include/replication/origin.h
Examining data/postgresql-12-12.4/src/include/replication/walsender_private.h
Examining data/postgresql-12-12.4/src/include/replication/pgoutput.h
Examining data/postgresql-12-12.4/src/include/replication/logical.h
Examining data/postgresql-12-12.4/src/include/replication/logicalrelation.h
Examining data/postgresql-12-12.4/src/include/replication/output_plugin.h
Examining data/postgresql-12-12.4/src/include/replication/worker_internal.h
Examining data/postgresql-12-12.4/src/include/replication/walsender.h
Examining data/postgresql-12-12.4/src/include/replication/decode.h
Examining data/postgresql-12-12.4/src/include/replication/logicalworker.h
Examining data/postgresql-12-12.4/src/include/jit/jit.h
Examining data/postgresql-12-12.4/src/include/jit/llvmjit_emit.h
Examining data/postgresql-12-12.4/src/include/jit/llvmjit.h
Examining data/postgresql-12-12.4/src/include/statistics/extended_stats_internal.h
Examining data/postgresql-12-12.4/src/include/statistics/statistics.h
Examining data/postgresql-12-12.4/src/include/port.h
Examining data/postgresql-12-12.4/src/include/windowapi.h
Examining data/postgresql-12-12.4/src/include/getaddrinfo.h
Examining data/postgresql-12-12.4/src/include/executor/nodeAppend.h
Examining data/postgresql-12-12.4/src/include/executor/nodeSort.h
Examining data/postgresql-12-12.4/src/include/executor/nodeAgg.h
Examining data/postgresql-12-12.4/src/include/executor/nodeTidscan.h
Examining data/postgresql-12-12.4/src/include/executor/nodeIndexscan.h
Examining data/postgresql-12-12.4/src/include/executor/nodeFunctionscan.h
Examining data/postgresql-12-12.4/src/include/executor/nodeGatherMerge.h
Examining data/postgresql-12-12.4/src/include/executor/nodeNamedtuplestorescan.h
Examining data/postgresql-12-12.4/src/include/executor/execdesc.h
Examining data/postgresql-12-12.4/src/include/executor/execParallel.h
Examining data/postgresql-12-12.4/src/include/executor/tqueue.h
Examining data/postgresql-12-12.4/src/include/executor/spi.h
Examining data/postgresql-12-12.4/src/include/executor/nodeForeignscan.h
Examining data/postgresql-12-12.4/src/include/executor/nodeHash.h
Examining data/postgresql-12-12.4/src/include/executor/execExpr.h
Examining data/postgresql-12-12.4/src/include/executor/nodeWindowAgg.h
Examining data/postgresql-12-12.4/src/include/executor/nodeGroup.h
Examining data/postgresql-12-12.4/src/include/executor/spi_priv.h
Examining data/postgresql-12-12.4/src/include/executor/hashjoin.h
Examining data/postgresql-12-12.4/src/include/executor/tstoreReceiver.h
Examining data/postgresql-12-12.4/src/include/executor/nodeSeqscan.h
Examining data/postgresql-12-12.4/src/include/executor/execdebug.h
Examining data/postgresql-12-12.4/src/include/executor/executor.h
Examining data/postgresql-12-12.4/src/include/executor/nodeMaterial.h
Examining data/postgresql-12-12.4/src/include/executor/nodeLimit.h
Examining data/postgresql-12-12.4/src/include/executor/nodeTableFuncscan.h
Examining data/postgresql-12-12.4/src/include/executor/nodeRecursiveunion.h
Examining data/postgresql-12-12.4/src/include/executor/nodeMergeAppend.h
Examining data/postgresql-12-12.4/src/include/executor/nodeLockRows.h
Examining data/postgresql-12-12.4/src/include/executor/nodeCtescan.h
Examining data/postgresql-12-12.4/src/include/executor/nodeSubqueryscan.h
Examining data/postgresql-12-12.4/src/include/executor/nodeSamplescan.h
Examining data/postgresql-12-12.4/src/include/executor/nodeIndexonlyscan.h
Examining data/postgresql-12-12.4/src/include/executor/nodeBitmapHeapscan.h
Examining data/postgresql-12-12.4/src/include/executor/nodeBitmapIndexscan.h
Examining data/postgresql-12-12.4/src/include/executor/tablefunc.h
Examining data/postgresql-12-12.4/src/include/executor/nodeMergejoin.h
Examining data/postgresql-12-12.4/src/include/executor/nodeBitmapAnd.h
Examining data/postgresql-12-12.4/src/include/executor/nodeSetOp.h
Examining data/postgresql-12-12.4/src/include/executor/nodeGather.h
Examining data/postgresql-12-12.4/src/include/executor/nodeUnique.h
Examining data/postgresql-12-12.4/src/include/executor/nodeSubplan.h
Examining data/postgresql-12-12.4/src/include/executor/nodeResult.h
Examining data/postgresql-12-12.4/src/include/executor/nodeCustom.h
Examining data/postgresql-12-12.4/src/include/executor/nodeHashjoin.h
Examining data/postgresql-12-12.4/src/include/executor/nodeValuesscan.h
Examining data/postgresql-12-12.4/src/include/executor/execPartition.h
Examining data/postgresql-12-12.4/src/include/executor/nodeNestloop.h
Examining data/postgresql-12-12.4/src/include/executor/tuptable.h
Examining data/postgresql-12-12.4/src/include/executor/nodeBitmapOr.h
Examining data/postgresql-12-12.4/src/include/executor/nodeProjectSet.h
Examining data/postgresql-12-12.4/src/include/executor/nodeWorktablescan.h
Examining data/postgresql-12-12.4/src/include/executor/nodeModifyTable.h
Examining data/postgresql-12-12.4/src/include/executor/instrument.h
Examining data/postgresql-12-12.4/src/include/executor/functions.h
Examining data/postgresql-12-12.4/src/include/getopt_long.h
Examining data/postgresql-12-12.4/src/include/tsearch/ts_cache.h
Examining data/postgresql-12-12.4/src/include/tsearch/ts_public.h
Examining data/postgresql-12-12.4/src/include/tsearch/ts_utils.h
Examining data/postgresql-12-12.4/src/include/tsearch/ts_type.h
Examining data/postgresql-12-12.4/src/include/tsearch/ts_locale.h
Examining data/postgresql-12-12.4/src/include/tsearch/dicts/regis.h
Examining data/postgresql-12-12.4/src/include/tsearch/dicts/spell.h
Examining data/postgresql-12-12.4/src/include/fmgr.h
Examining data/postgresql-12-12.4/src/include/portability/mem.h
Examining data/postgresql-12-12.4/src/include/portability/instr_time.h
Examining data/postgresql-12-12.4/src/include/datatype/timestamp.h
Examining data/postgresql-12-12.4/src/include/utils/timestamp.h
Examining data/postgresql-12-12.4/src/include/utils/freepage.h
Examining data/postgresql-12-12.4/src/include/utils/rls.h
Examining data/postgresql-12-12.4/src/include/utils/jsonpath.h
Examining data/postgresql-12-12.4/src/include/utils/builtins.h
Examining data/postgresql-12-12.4/src/include/utils/help_config.h
Examining data/postgresql-12-12.4/src/include/utils/catcache.h
Examining data/postgresql-12-12.4/src/include/utils/timeout.h
Examining data/postgresql-12-12.4/src/include/utils/palloc.h
Examining data/postgresql-12-12.4/src/include/utils/resowner.h
Examining data/postgresql-12-12.4/src/include/utils/dynahash.h
Examining data/postgresql-12-12.4/src/include/utils/relcache.h
Examining data/postgresql-12-12.4/src/include/utils/rel.h
Examining data/postgresql-12-12.4/src/include/utils/pidfile.h
Examining data/postgresql-12-12.4/src/include/utils/hsearch.h
Examining data/postgresql-12-12.4/src/include/utils/inval.h
Examining data/postgresql-12-12.4/src/include/utils/bytea.h
Examining data/postgresql-12-12.4/src/include/utils/jsonapi.h
Examining data/postgresql-12-12.4/src/include/utils/relptr.h
Examining data/postgresql-12-12.4/src/include/utils/typcache.h
Examining data/postgresql-12-12.4/src/include/utils/arrayaccess.h
Examining data/postgresql-12-12.4/src/include/utils/guc_tables.h
Examining data/postgresql-12-12.4/src/include/utils/ruleutils.h
Examining data/postgresql-12-12.4/src/include/utils/sharedtuplestore.h
Examining data/postgresql-12-12.4/src/include/utils/cash.h
Examining data/postgresql-12-12.4/src/include/utils/reltrigger.h
Examining data/postgresql-12-12.4/src/include/utils/jsonb.h
Examining data/postgresql-12-12.4/src/include/utils/rangetypes.h
Examining data/postgresql-12-12.4/src/include/utils/acl.h
Examining data/postgresql-12-12.4/src/include/utils/regproc.h
Examining data/postgresql-12-12.4/src/include/utils/logtape.h
Examining data/postgresql-12-12.4/src/include/utils/dsa.h
Examining data/postgresql-12-12.4/src/include/utils/sortsupport.h
Examining data/postgresql-12-12.4/src/include/utils/ps_status.h
Examining data/postgresql-12-12.4/src/include/utils/elog.h
Examining data/postgresql-12-12.4/src/include/utils/sampling.h
Examining data/postgresql-12-12.4/src/include/utils/varbit.h
Examining data/postgresql-12-12.4/src/include/utils/datum.h
Examining data/postgresql-12-12.4/src/include/utils/relmapper.h
Examining data/postgresql-12-12.4/src/include/utils/plancache.h
Examining data/postgresql-12-12.4/src/include/utils/expandeddatum.h
Examining data/postgresql-12-12.4/src/include/utils/evtcache.h
Examining data/postgresql-12-12.4/src/include/utils/selfuncs.h
Examining data/postgresql-12-12.4/src/include/utils/tzparser.h
Examining data/postgresql-12-12.4/src/include/utils/pg_crc.h
Examining data/postgresql-12-12.4/src/include/utils/attoptcache.h
Examining data/postgresql-12-12.4/src/include/utils/pg_rusage.h
Examining data/postgresql-12-12.4/src/include/utils/inet.h
Examining data/postgresql-12-12.4/src/include/utils/numeric.h
Examining data/postgresql-12-12.4/src/include/utils/date.h
Examining data/postgresql-12-12.4/src/include/utils/index_selfuncs.h
Examining data/postgresql-12-12.4/src/include/utils/snapshot.h
Examining data/postgresql-12-12.4/src/include/utils/queryenvironment.h
Examining data/postgresql-12-12.4/src/include/utils/partcache.h
Examining data/postgresql-12-12.4/src/include/utils/datetime.h
Examining data/postgresql-12-12.4/src/include/utils/formatting.h
Examining data/postgresql-12-12.4/src/include/utils/aclchk_internal.h
Examining data/postgresql-12-12.4/src/include/utils/xml.h
Examining data/postgresql-12-12.4/src/include/utils/tuplesort.h
Examining data/postgresql-12-12.4/src/include/utils/float.h
Examining data/postgresql-12-12.4/src/include/utils/geo_decls.h
Examining data/postgresql-12-12.4/src/include/utils/spccache.h
Examining data/postgresql-12-12.4/src/include/utils/snapmgr.h
Examining data/postgresql-12-12.4/src/include/utils/int8.h
Examining data/postgresql-12-12.4/src/include/utils/memdebug.h
Examining data/postgresql-12-12.4/src/include/utils/pg_lsn.h
Examining data/postgresql-12-12.4/src/include/utils/ascii.h
Examining data/postgresql-12-12.4/src/include/utils/resowner_private.h
Examining data/postgresql-12-12.4/src/include/utils/expandedrecord.h
Examining data/postgresql-12-12.4/src/include/utils/combocid.h
Examining data/postgresql-12-12.4/src/include/utils/syscache.h
Examining data/postgresql-12-12.4/src/include/utils/varlena.h
Examining data/postgresql-12-12.4/src/include/utils/memutils.h
Examining data/postgresql-12-12.4/src/include/utils/array.h
Examining data/postgresql-12-12.4/src/include/utils/fmgrtab.h
Examining data/postgresql-12-12.4/src/include/utils/relfilenodemap.h
Examining data/postgresql-12-12.4/src/include/utils/portal.h
Examining data/postgresql-12-12.4/src/include/utils/tuplestore.h
Examining data/postgresql-12-12.4/src/include/utils/pg_locale.h
Examining data/postgresql-12-12.4/src/include/utils/uuid.h
Examining data/postgresql-12-12.4/src/include/utils/lsyscache.h
Examining data/postgresql-12-12.4/src/include/utils/json.h
Examining data/postgresql-12-12.4/src/include/utils/hashutils.h
Examining data/postgresql-12-12.4/src/include/utils/guc.h
Examining data/postgresql-12-12.4/src/include/optimizer/optimizer.h
Examining data/postgresql-12-12.4/src/include/optimizer/plancat.h
Examining data/postgresql-12-12.4/src/include/optimizer/geqo_selection.h
Examining data/postgresql-12-12.4/src/include/optimizer/cost.h
Examining data/postgresql-12-12.4/src/include/optimizer/prep.h
Examining data/postgresql-12-12.4/src/include/optimizer/inherit.h
Examining data/postgresql-12-12.4/src/include/optimizer/pathnode.h
Examining data/postgresql-12-12.4/src/include/optimizer/clauses.h
Examining data/postgresql-12-12.4/src/include/optimizer/paths.h
Examining data/postgresql-12-12.4/src/include/optimizer/joininfo.h
Examining data/postgresql-12-12.4/src/include/optimizer/geqo_misc.h
Examining data/postgresql-12-12.4/src/include/optimizer/geqo_mutation.h
Examining data/postgresql-12-12.4/src/include/optimizer/appendinfo.h
Examining data/postgresql-12-12.4/src/include/optimizer/planmain.h
Examining data/postgresql-12-12.4/src/include/optimizer/orclauses.h
Examining data/postgresql-12-12.4/src/include/optimizer/geqo_gene.h
Examining data/postgresql-12-12.4/src/include/optimizer/geqo_random.h
Examining data/postgresql-12-12.4/src/include/optimizer/tlist.h
Examining data/postgresql-12-12.4/src/include/optimizer/geqo_copy.h
Examining data/postgresql-12-12.4/src/include/optimizer/planner.h
Examining data/postgresql-12-12.4/src/include/optimizer/geqo_pool.h
Examining data/postgresql-12-12.4/src/include/optimizer/paramassign.h
Examining data/postgresql-12-12.4/src/include/optimizer/placeholder.h
Examining data/postgresql-12-12.4/src/include/optimizer/geqo.h
Examining data/postgresql-12-12.4/src/include/optimizer/subselect.h
Examining data/postgresql-12-12.4/src/include/optimizer/geqo_recombination.h
Examining data/postgresql-12-12.4/src/include/optimizer/restrictinfo.h
Examining data/postgresql-12-12.4/src/include/nodes/plannodes.h
Examining data/postgresql-12-12.4/src/include/nodes/replnodes.h
Examining data/postgresql-12-12.4/src/include/nodes/lockoptions.h
Examining data/postgresql-12-12.4/src/include/nodes/pathnodes.h
Examining data/postgresql-12-12.4/src/include/nodes/primnodes.h
Examining data/postgresql-12-12.4/src/include/nodes/parsenodes.h
Examining data/postgresql-12-12.4/src/include/nodes/nodeFuncs.h
Examining data/postgresql-12-12.4/src/include/nodes/execnodes.h
Examining data/postgresql-12-12.4/src/include/nodes/readfuncs.h
Examining data/postgresql-12-12.4/src/include/nodes/params.h
Examining data/postgresql-12-12.4/src/include/nodes/makefuncs.h
Examining data/postgresql-12-12.4/src/include/nodes/tidbitmap.h
Examining data/postgresql-12-12.4/src/include/nodes/bitmapset.h
Examining data/postgresql-12-12.4/src/include/nodes/memnodes.h
Examining data/postgresql-12-12.4/src/include/nodes/supportnodes.h
Examining data/postgresql-12-12.4/src/include/nodes/value.h
Examining data/postgresql-12-12.4/src/include/nodes/print.h
Examining data/postgresql-12-12.4/src/include/nodes/pg_list.h
Examining data/postgresql-12-12.4/src/include/nodes/nodes.h
Examining data/postgresql-12-12.4/src/include/nodes/extensible.h
Examining data/postgresql-12-12.4/src/include/regex/regexport.h
Examining data/postgresql-12-12.4/src/include/regex/regex.h
Examining data/postgresql-12-12.4/src/include/regex/regerrs.h
Examining data/postgresql-12-12.4/src/include/regex/regcustom.h
Examining data/postgresql-12-12.4/src/include/regex/regguts.h
Examining data/postgresql-12-12.4/src/include/pgtar.h
Examining data/postgresql-12-12.4/src/include/pg_getopt.h
Examining data/postgresql-12-12.4/src/include/fe_utils/psqlscan.h
Examining data/postgresql-12-12.4/src/include/fe_utils/string_utils.h
Examining data/postgresql-12-12.4/src/include/fe_utils/psqlscan_int.h
Examining data/postgresql-12-12.4/src/include/fe_utils/simple_list.h
Examining data/postgresql-12-12.4/src/include/fe_utils/conditional.h
Examining data/postgresql-12-12.4/src/include/fe_utils/connect.h
Examining data/postgresql-12-12.4/src/include/fe_utils/mbprint.h
Examining data/postgresql-12-12.4/src/include/fe_utils/print.h
Examining data/postgresql-12-12.4/src/include/catalog/partition.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_auth_members.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_description.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_enum.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_statistic.h
Examining data/postgresql-12-12.4/src/include/catalog/indexing.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_pltemplate.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_statistic_ext_data.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_constraint.h
Examining data/postgresql-12-12.4/src/include/catalog/binary_upgrade.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_ts_dict.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_default_acl.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_rewrite.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_db_role_setting.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_language.h
Examining data/postgresql-12-12.4/src/include/catalog/heap.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_event_trigger.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_aggregate.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_type.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_user_mapping.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_class.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_sequence.h
Examining data/postgresql-12-12.4/src/include/catalog/opfam_internal.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_trigger.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_amop.h
Examining data/postgresql-12-12.4/src/include/catalog/catalog.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_proc.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_largeobject.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_authid.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_collation.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_foreign_data_wrapper.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_ts_parser.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_shdescription.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_inherits.h
Examining data/postgresql-12-12.4/src/include/catalog/genbki.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_attribute.h
Examining data/postgresql-12-12.4/src/include/catalog/index.h
Examining data/postgresql-12-12.4/src/include/catalog/dependency.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_shdepend.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_range.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_opclass.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_shseclabel.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_attrdef.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_opfamily.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_ts_config_map.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_init_privs.h
Examining data/postgresql-12-12.4/src/include/catalog/objectaddress.h
Examining data/postgresql-12-12.4/src/include/catalog/catversion.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_foreign_table.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_largeobject_metadata.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_replication_origin.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_extension.h
Examining data/postgresql-12-12.4/src/include/catalog/objectaccess.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_foreign_server.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_depend.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_operator.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_seclabel.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_ts_config.h
Examining data/postgresql-12-12.4/src/include/catalog/storage_xlog.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_conversion.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_transform.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_ts_template.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_partitioned_table.h
Examining data/postgresql-12-12.4/src/include/catalog/namespace.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_am.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_amproc.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_publication_rel.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_subscription_rel.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_control.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_subscription.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_namespace.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_index.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_statistic_ext.h
Examining data/postgresql-12-12.4/src/include/catalog/toasting.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_database.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_tablespace.h
Examining data/postgresql-12-12.4/src/include/catalog/storage.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_cast.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_publication.h
Examining data/postgresql-12-12.4/src/include/catalog/pg_policy.h
Examining data/postgresql-12-12.4/src/include/pgtime.h
Examining data/postgresql-12-12.4/src/include/port/pg_bswap.h
Examining data/postgresql-12-12.4/src/include/port/solaris.h
Examining data/postgresql-12-12.4/src/include/port/hpux.h
Examining data/postgresql-12-12.4/src/include/port/darwin.h
Examining data/postgresql-12-12.4/src/include/port/linux.h
Examining data/postgresql-12-12.4/src/include/port/win32_msvc/dirent.h
Examining data/postgresql-12-12.4/src/include/port/win32_msvc/unistd.h
Examining data/postgresql-12-12.4/src/include/port/win32_msvc/sys/time.h
Examining data/postgresql-12-12.4/src/include/port/win32_msvc/sys/param.h
Examining data/postgresql-12-12.4/src/include/port/win32_msvc/sys/file.h
Examining data/postgresql-12-12.4/src/include/port/win32_msvc/utime.h
Examining data/postgresql-12-12.4/src/include/port/aix.h
Examining data/postgresql-12-12.4/src/include/port/netbsd.h
Examining data/postgresql-12-12.4/src/include/port/win32.h
Examining data/postgresql-12-12.4/src/include/port/freebsd.h
Examining data/postgresql-12-12.4/src/include/port/atomics/generic.h
Examining data/postgresql-12-12.4/src/include/port/atomics/generic-msvc.h
Examining data/postgresql-12-12.4/src/include/port/atomics/arch-hppa.h
Examining data/postgresql-12-12.4/src/include/port/atomics/arch-x86.h
Examining data/postgresql-12-12.4/src/include/port/atomics/generic-gcc.h
Examining data/postgresql-12-12.4/src/include/port/atomics/arch-arm.h
Examining data/postgresql-12-12.4/src/include/port/atomics/arch-ppc.h
Examining data/postgresql-12-12.4/src/include/port/atomics/generic-xlc.h
Examining data/postgresql-12-12.4/src/include/port/atomics/fallback.h
Examining data/postgresql-12-12.4/src/include/port/atomics/arch-ia64.h
Examining data/postgresql-12-12.4/src/include/port/atomics/generic-sunpro.h
Examining data/postgresql-12-12.4/src/include/port/atomics/generic-acc.h
Examining data/postgresql-12-12.4/src/include/port/openbsd.h
Examining data/postgresql-12-12.4/src/include/port/atomics.h
Examining data/postgresql-12-12.4/src/include/port/pg_bitutils.h
Examining data/postgresql-12-12.4/src/include/port/win32/pwd.h
Examining data/postgresql-12-12.4/src/include/port/win32/arpa/inet.h
Examining data/postgresql-12-12.4/src/include/port/win32/netinet/in.h
Examining data/postgresql-12-12.4/src/include/port/win32/sys/wait.h
Examining data/postgresql-12-12.4/src/include/port/win32/sys/socket.h
Examining data/postgresql-12-12.4/src/include/port/win32/grp.h
Examining data/postgresql-12-12.4/src/include/port/win32/dlfcn.h
Examining data/postgresql-12-12.4/src/include/port/win32/netdb.h
Examining data/postgresql-12-12.4/src/include/port/win32_port.h
Examining data/postgresql-12-12.4/src/include/port/pg_crc32c.h
Examining data/postgresql-12-12.4/src/include/port/cygwin.h
Examining data/postgresql-12-12.4/src/include/postgres_ext.h
Examining data/postgresql-12-12.4/src/include/common/unicode_norm.h
Examining data/postgresql-12-12.4/src/include/common/md5.h
Examining data/postgresql-12-12.4/src/include/common/sha2.h
Examining data/postgresql-12-12.4/src/include/common/unicode_norm_table.h
Examining data/postgresql-12-12.4/src/include/common/restricted_token.h
Examining data/postgresql-12-12.4/src/include/common/username.h
Examining data/postgresql-12-12.4/src/include/common/keywords.h
Examining data/postgresql-12-12.4/src/include/common/scram-common.h
Examining data/postgresql-12-12.4/src/include/common/int128.h
Examining data/postgresql-12-12.4/src/include/common/relpath.h
Examining data/postgresql-12-12.4/src/include/common/link-canary.h
Examining data/postgresql-12-12.4/src/include/common/saslprep.h
Examining data/postgresql-12-12.4/src/include/common/pg_lzcompress.h
Examining data/postgresql-12-12.4/src/include/common/shortest_dec.h
Examining data/postgresql-12-12.4/src/include/common/config_info.h
Examining data/postgresql-12-12.4/src/include/common/fe_memutils.h
Examining data/postgresql-12-12.4/src/include/common/base64.h
Examining data/postgresql-12-12.4/src/include/common/file_utils.h
Examining data/postgresql-12-12.4/src/include/common/connect.h
Examining data/postgresql-12-12.4/src/include/common/int.h
Examining data/postgresql-12-12.4/src/include/common/kwlookup.h
Examining data/postgresql-12-12.4/src/include/common/logging.h
Examining data/postgresql-12-12.4/src/include/common/file_perm.h
Examining data/postgresql-12-12.4/src/include/common/string.h
Examining data/postgresql-12-12.4/src/include/common/controldata_utils.h
Examining data/postgresql-12-12.4/src/include/common/ip.h
Examining data/postgresql-12-12.4/src/include/rusagestub.h
Examining data/postgresql-12-12.4/src/include/access/gin.h
Examining data/postgresql-12-12.4/src/include/access/bufmask.h
Examining data/postgresql-12-12.4/src/include/access/genam.h
Examining data/postgresql-12-12.4/src/include/access/reloptions.h
Examining data/postgresql-12-12.4/src/include/access/stratnum.h
Examining data/postgresql-12-12.4/src/include/access/htup_details.h
Examining data/postgresql-12-12.4/src/include/access/itup.h
Examining data/postgresql-12-12.4/src/include/access/htup.h
Examining data/postgresql-12-12.4/src/include/access/skey.h
Examining data/postgresql-12-12.4/src/include/access/tupmacs.h
Examining data/postgresql-12-12.4/src/include/access/hash_xlog.h
Examining data/postgresql-12-12.4/src/include/access/rmgrlist.h
Examining data/postgresql-12-12.4/src/include/access/hio.h
Examining data/postgresql-12-12.4/src/include/access/brin_tuple.h
Examining data/postgresql-12-12.4/src/include/access/multixact.h
Examining data/postgresql-12-12.4/src/include/access/hash.h
Examining data/postgresql-12-12.4/src/include/access/timeline.h
Examining data/postgresql-12-12.4/src/include/access/brin_page.h
Examining data/postgresql-12-12.4/src/include/access/gist_private.h
Examining data/postgresql-12-12.4/src/include/access/sysattr.h
Examining data/postgresql-12-12.4/src/include/access/brin_internal.h
Examining data/postgresql-12-12.4/src/include/access/spgist.h
Examining data/postgresql-12-12.4/src/include/access/tupdesc.h
Examining data/postgresql-12-12.4/src/include/access/printtup.h
Examining data/postgresql-12-12.4/src/include/access/ginxlog.h
Examining data/postgresql-12-12.4/src/include/access/session.h
Examining data/postgresql-12-12.4/src/include/access/sdir.h
Examining data/postgresql-12-12.4/src/include/access/valid.h
Examining data/postgresql-12-12.4/src/include/access/xloginsert.h
Examining data/postgresql-12-12.4/src/include/access/xlog_internal.h
Examining data/postgresql-12-12.4/src/include/access/tupconvert.h
Examining data/postgresql-12-12.4/src/include/access/gin_private.h
Examining data/postgresql-12-12.4/src/include/access/tsmapi.h
Examining data/postgresql-12-12.4/src/include/access/gistxlog.h
Examining data/postgresql-12-12.4/src/include/access/brin_xlog.h
Examining data/postgresql-12-12.4/src/include/access/twophase.h
Examining data/postgresql-12-12.4/src/include/access/subtrans.h
Examining data/postgresql-12-12.4/src/include/access/rewriteheap.h
Examining data/postgresql-12-12.4/src/include/access/tuptoaster.h
Examining data/postgresql-12-12.4/src/include/access/tupdesc_details.h
Examining data/postgresql-12-12.4/src/include/access/transam.h
Examining data/postgresql-12-12.4/src/include/access/ginblock.h
Examining data/postgresql-12-12.4/src/include/access/xlogdefs.h
Examining data/postgresql-12-12.4/src/include/access/amapi.h
Examining data/postgresql-12-12.4/src/include/access/nbtree.h
Examining data/postgresql-12-12.4/src/include/access/slru.h
Examining data/postgresql-12-12.4/src/include/access/heapam.h
Examining data/postgresql-12-12.4/src/include/access/rmgr.h
Examining data/postgresql-12-12.4/src/include/access/generic_xlog.h
Examining data/postgresql-12-12.4/src/include/access/gistscan.h
Examining data/postgresql-12-12.4/src/include/access/spgist_private.h
Examining data/postgresql-12-12.4/src/include/access/printsimple.h
Examining data/postgresql-12-12.4/src/include/access/spgxlog.h
Examining data/postgresql-12-12.4/src/include/access/clog.h
Examining data/postgresql-12-12.4/src/include/access/xlogreader.h
Examining data/postgresql-12-12.4/src/include/access/parallel.h
Examining data/postgresql-12-12.4/src/include/access/relation.h
Examining data/postgresql-12-12.4/src/include/access/twophase_rmgr.h
Examining data/postgresql-12-12.4/src/include/access/visibilitymap.h
Examining data/postgresql-12-12.4/src/include/access/gist.h
Examining data/postgresql-12-12.4/src/include/access/amvalidate.h
Examining data/postgresql-12-12.4/src/include/access/xact.h
Examining data/postgresql-12-12.4/src/include/access/xlogutils.h
Examining data/postgresql-12-12.4/src/include/access/brin.h
Examining data/postgresql-12-12.4/src/include/access/tableam.h
Examining data/postgresql-12-12.4/src/include/access/commit_ts.h
Examining data/postgresql-12-12.4/src/include/access/brin_revmap.h
Examining data/postgresql-12-12.4/src/include/access/nbtxlog.h
Examining data/postgresql-12-12.4/src/include/access/heapam_xlog.h
Examining data/postgresql-12-12.4/src/include/access/table.h
Examining data/postgresql-12-12.4/src/include/access/attnum.h
Examining data/postgresql-12-12.4/src/include/access/xlog.h
Examining data/postgresql-12-12.4/src/include/access/xlogrecord.h
Examining data/postgresql-12-12.4/src/include/access/relscan.h
Examining data/postgresql-12-12.4/src/include/access/brin_pageops.h
Examining data/postgresql-12-12.4/src/include/tcop/deparse_utility.h
Examining data/postgresql-12-12.4/src/include/tcop/pquery.h
Examining data/postgresql-12-12.4/src/include/tcop/dest.h
Examining data/postgresql-12-12.4/src/include/tcop/fastpath.h
Examining data/postgresql-12-12.4/src/include/tcop/utility.h
Examining data/postgresql-12-12.4/src/include/tcop/tcopprot.h
Examining data/postgresql-12-12.4/src/include/c.h
Examining data/postgresql-12-12.4/src/include/partitioning/partprune.h
Examining data/postgresql-12-12.4/src/include/partitioning/partdefs.h
Examining data/postgresql-12-12.4/src/include/partitioning/partdesc.h
Examining data/postgresql-12-12.4/src/include/partitioning/partbounds.h
Examining data/postgresql-12-12.4/src/include/funcapi.h
Examining data/postgresql-12-12.4/src/include/commands/matview.h
Examining data/postgresql-12-12.4/src/include/commands/variable.h
Examining data/postgresql-12-12.4/src/include/commands/seclabel.h
Examining data/postgresql-12-12.4/src/include/commands/prepare.h
Examining data/postgresql-12-12.4/src/include/commands/policy.h
Examining data/postgresql-12-12.4/src/include/commands/conversioncmds.h
Examining data/postgresql-12-12.4/src/include/commands/schemacmds.h
Examining data/postgresql-12-12.4/src/include/commands/typecmds.h
Examining data/postgresql-12-12.4/src/include/commands/user.h
Examining data/postgresql-12-12.4/src/include/commands/async.h
Examining data/postgresql-12-12.4/src/include/commands/discard.h
Examining data/postgresql-12-12.4/src/include/commands/tablespace.h
Examining data/postgresql-12-12.4/src/include/commands/explain.h
Examining data/postgresql-12-12.4/src/include/commands/lockcmds.h
Examining data/postgresql-12-12.4/src/include/commands/copy.h
Examining data/postgresql-12-12.4/src/include/commands/cluster.h
Examining data/postgresql-12-12.4/src/include/commands/createas.h
Examining data/postgresql-12-12.4/src/include/commands/progress.h
Examining data/postgresql-12-12.4/src/include/commands/event_trigger.h
Examining data/postgresql-12-12.4/src/include/commands/collationcmds.h
Examining data/postgresql-12-12.4/src/include/commands/tablecmds.h
Examining data/postgresql-12-12.4/src/include/commands/portalcmds.h
Examining data/postgresql-12-12.4/src/include/commands/proclang.h
Examining data/postgresql-12-12.4/src/include/commands/dbcommands_xlog.h
Examining data/postgresql-12-12.4/src/include/commands/publicationcmds.h
Examining data/postgresql-12-12.4/src/include/commands/trigger.h
Examining data/postgresql-12-12.4/src/include/commands/vacuum.h
Examining data/postgresql-12-12.4/src/include/commands/extension.h
Examining data/postgresql-12-12.4/src/include/commands/sequence.h
Examining data/postgresql-12-12.4/src/include/commands/alter.h
Examining data/postgresql-12-12.4/src/include/commands/dbcommands.h
Examining data/postgresql-12-12.4/src/include/commands/view.h
Examining data/postgresql-12-12.4/src/include/commands/subscriptioncmds.h
Examining data/postgresql-12-12.4/src/include/commands/defrem.h
Examining data/postgresql-12-12.4/src/include/commands/comment.h
Examining data/postgresql-12-12.4/src/include/foreign/foreign.h
Examining data/postgresql-12-12.4/src/include/foreign/fdwapi.h
Examining data/postgresql-12-12.4/src/include/postmaster/bgwriter.h
Examining data/postgresql-12-12.4/src/include/postmaster/bgworker.h
Examining data/postgresql-12-12.4/src/include/postmaster/bgworker_internals.h
Examining data/postgresql-12-12.4/src/include/postmaster/syslogger.h
Examining data/postgresql-12-12.4/src/include/postmaster/startup.h
Examining data/postgresql-12-12.4/src/include/postmaster/walwriter.h
Examining data/postgresql-12-12.4/src/include/postmaster/postmaster.h
Examining data/postgresql-12-12.4/src/include/postmaster/fork_process.h
Examining data/postgresql-12-12.4/src/include/postmaster/pgarch.h
Examining data/postgresql-12-12.4/src/include/postmaster/autovacuum.h
Examining data/postgresql-12-12.4/src/include/postgres_fe.h
Examining data/postgresql-12-12.4/src/include/pg_config_manual.h
Examining data/postgresql-12-12.4/src/test/locale/test-ctype.c
Examining data/postgresql-12-12.4/src/test/isolation/isolationtester.h
Examining data/postgresql-12-12.4/src/test/isolation/specscanner.c
Examining data/postgresql-12-12.4/src/test/isolation/isolationtester.c
Examining data/postgresql-12-12.4/src/test/isolation/specparse.c
Examining data/postgresql-12-12.4/src/test/isolation/isolation_main.c
Examining data/postgresql-12-12.4/src/test/examples/testlibpq4.c
Examining data/postgresql-12-12.4/src/test/examples/testlo.c
Examining data/postgresql-12-12.4/src/test/examples/testlibpq2.c
Examining data/postgresql-12-12.4/src/test/examples/testlo64.c
Examining data/postgresql-12-12.4/src/test/examples/testlibpq3.c
Examining data/postgresql-12-12.4/src/test/examples/testlibpq.c
Examining data/postgresql-12-12.4/src/test/thread/thread_test.c
Examining data/postgresql-12-12.4/src/test/regress/pg_regress.c
Examining data/postgresql-12-12.4/src/test/regress/pg_regress_main.c
Examining data/postgresql-12-12.4/src/test/regress/pg_regress.h
Examining data/postgresql-12-12.4/src/test/regress/regress.c
Examining data/postgresql-12-12.4/src/test/modules/test_rls_hooks/test_rls_hooks.c
Examining data/postgresql-12-12.4/src/test/modules/test_rls_hooks/test_rls_hooks.h
Examining data/postgresql-12-12.4/src/test/modules/test_rbtree/test_rbtree.c
Examining data/postgresql-12-12.4/src/test/modules/worker_spi/worker_spi.c
Examining data/postgresql-12-12.4/src/test/modules/test_parser/test_parser.c
Examining data/postgresql-12-12.4/src/test/modules/test_integerset/test_integerset.c
Examining data/postgresql-12-12.4/src/test/modules/dummy_seclabel/dummy_seclabel.c
Examining data/postgresql-12-12.4/src/test/modules/test_bloomfilter/test_bloomfilter.c
Examining data/postgresql-12-12.4/src/test/modules/test_ddl_deparse/test_ddl_deparse.c
Examining data/postgresql-12-12.4/src/test/modules/test_predtest/test_predtest.c
Examining data/postgresql-12-12.4/src/test/modules/test_shm_mq/worker.c
Examining data/postgresql-12-12.4/src/test/modules/test_shm_mq/test.c
Examining data/postgresql-12-12.4/src/test/modules/test_shm_mq/setup.c
Examining data/postgresql-12-12.4/src/test/modules/test_shm_mq/test_shm_mq.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/include/ecpgerrno.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/include/sql3types.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/include/pgtypes_timestamp.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/include/pgtypes_interval.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/include/pgtypes_numeric.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/include/sqlda.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/include/sqlca.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/include/ecpg_informix.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/include/ecpg-pthread-win32.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/include/pgtypes.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/include/ecpgtype.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/include/datetime.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/include/pgtypes_error.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/include/sqlda-native.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/include/sqlda-compat.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/include/sqltypes.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/include/pgtypes_date.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/include/ecpglib.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/include/decimal.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/fetch.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/dynalloc2.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/prepareas.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/oldexec.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/quote.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/parser.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/dyntest.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/indicators.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/createtableas.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/func.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/execute.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/twophase.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/bytea.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/insupd.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/desc.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/define.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/code100.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/array.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/binary.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/copystdout.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/show.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/dynalloc.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/describe.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/connect/test1.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/connect/test4.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/connect/test2.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/connect/test5.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/connect/test3.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_oracle/char_array.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/pgtypeslib-dt_test2.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-desc.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-rfmtlong.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-describe.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-describe.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-strings.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-outofscope.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-comment.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/pgtypeslib-nan_test.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-rfmtdate.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-prepareas.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-rnull.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-show.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-charfuncs.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-quote.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/thread-alloc.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-test_informix.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/pgtypeslib-dt_test.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/thread-descriptor.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-func.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-dynalloc2.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-bytea.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/connect-test3.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/thread-thread_implicit.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_oracle-char_array.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-autoprep.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/thread-thread.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-define.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-indicators.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-array.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-define.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/pgtypeslib-num_test2.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-binary.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-copystdout.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-fetch.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-createtableas.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/connect-test4.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-dec_test.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-oldexec.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/connect-test1.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-whenever.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/pgtypeslib-num_test.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-sqlda.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-describe.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/thread-prep.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-array_of_struct.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-init.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-pointer_to_struct.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-whenever_do_continue.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-twophase.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-variable.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/connect-test5.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-code100.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/connect-test2.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-dynalloc.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-dyntest.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-parser.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-type.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-test_informix2.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-insupd.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-execute.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/thread/descriptor.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/thread/thread_implicit.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/thread/alloc.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/thread/thread.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/thread/prep.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/pg_regress_ecpg.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/whenever_do_continue.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/variable.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/autoprep.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/type.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/pointer_to_struct.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/outofscope.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/array_of_struct.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/define.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/struct.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/whenever.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/comment.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/init.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/strings.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/strings.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/test_informix.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/rfmtdate.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/dec_test.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/test_informix2.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/rfmtlong.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/rnull.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/describe.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/charfuncs.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/pgtypeslib/dt_test.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/pgtypeslib/num_test2.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/pgtypeslib/nan_test.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/pgtypeslib/dt_test2.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/pgtypeslib/num_test.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/regression.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/performance/perftest.pgc
Examining data/postgresql-12-12.4/src/interfaces/ecpg/test/printf_hack.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/descriptor.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/ecpglib_extern.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/data.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/sqlda.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/connect.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/memory.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/prepare.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/misc.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/typename.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/preproc/keywords.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/preproc/c_keywords.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/preproc/descriptor.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/preproc/ecpg_kwlist_d.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/preproc/c_kwlist.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/preproc/ecpg_kwlist.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/preproc/pgc.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc_extern.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/preproc/ecpg.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/preproc/output.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/preproc/parser.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/preproc/c_kwlist_d.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/preproc/ecpg_keywords.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/preproc/variable.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/datetime.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/common.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/pgtypeslib_extern.h
Examining data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/numeric.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/timestamp.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c
Examining data/postgresql-12-12.4/src/interfaces/ecpg/compatlib/informix.c
Examining data/postgresql-12-12.4/src/interfaces/libpq/pthread-win32.c
Examining data/postgresql-12-12.4/src/interfaces/libpq/test/uri-regress.c
Examining data/postgresql-12-12.4/src/interfaces/libpq/pqexpbuffer.h
Examining data/postgresql-12-12.4/src/interfaces/libpq/libpq-events.c
Examining data/postgresql-12-12.4/src/interfaces/libpq/libpq-int.h
Examining data/postgresql-12-12.4/src/interfaces/libpq/win32.c
Examining data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol2.c
Examining data/postgresql-12-12.4/src/interfaces/libpq/fe-auth.h
Examining data/postgresql-12-12.4/src/interfaces/libpq/fe-auth.c
Examining data/postgresql-12-12.4/src/interfaces/libpq/libpq-fe.h
Examining data/postgresql-12-12.4/src/interfaces/libpq/pqexpbuffer.c
Examining data/postgresql-12-12.4/src/interfaces/libpq/fe-exec.c
Examining data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol3.c
Examining data/postgresql-12-12.4/src/interfaces/libpq/fe-gssapi-common.h
Examining data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-openssl.c
Examining data/postgresql-12-12.4/src/interfaces/libpq/fe-secure.c
Examining data/postgresql-12-12.4/src/interfaces/libpq/fe-gssapi-common.c
Examining data/postgresql-12-12.4/src/interfaces/libpq/fe-lobj.c
Examining data/postgresql-12-12.4/src/interfaces/libpq/fe-misc.c
Examining data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c
Examining data/postgresql-12-12.4/src/interfaces/libpq/win32.h
Examining data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c
Examining data/postgresql-12-12.4/src/interfaces/libpq/libpq-events.h
Examining data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-common.h
Examining data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-common.c
Examining data/postgresql-12-12.4/src/interfaces/libpq/fe-auth-scram.c
Examining data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-gssapi.c
Examining data/postgresql-12-12.4/src/interfaces/libpq/legacy-pqsignal.c
Examining data/postgresql-12-12.4/src/backend/snowball/dict_snowball.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_ISO_8859_1_norwegian.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_UTF_8_indonesian.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_UTF_8_french.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_UTF_8_irish.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_UTF_8_swedish.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_KOI8_R_russian.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_UTF_8_arabic.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_UTF_8_romanian.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_UTF_8_norwegian.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/api.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_ISO_8859_1_dutch.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_ISO_8859_1_italian.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_UTF_8_turkish.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_UTF_8_german.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_UTF_8_danish.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_ISO_8859_1_english.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_ISO_8859_1_portuguese.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_UTF_8_hungarian.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_UTF_8_dutch.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_ISO_8859_1_danish.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_UTF_8_tamil.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_ISO_8859_1_swedish.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_UTF_8_spanish.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_ISO_8859_2_hungarian.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_UTF_8_porter.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_ISO_8859_1_indonesian.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_ISO_8859_1_spanish.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_UTF_8_russian.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_ISO_8859_1_porter.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_ISO_8859_1_finnish.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_ISO_8859_1_irish.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_UTF_8_italian.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_UTF_8_english.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_ISO_8859_1_german.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/utilities.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_UTF_8_portuguese.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_ISO_8859_1_french.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_UTF_8_nepali.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_UTF_8_lithuanian.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_ISO_8859_2_romanian.c
Examining data/postgresql-12-12.4/src/backend/snowball/libstemmer/stem_UTF_8_finnish.c
Examining data/postgresql-12-12.4/src/backend/bootstrap/bootscanner.c
Examining data/postgresql-12-12.4/src/backend/bootstrap/bootparse.c
Examining data/postgresql-12-12.4/src/backend/bootstrap/bootstrap.c
Examining data/postgresql-12-12.4/src/backend/rewrite/rewriteRemove.c
Examining data/postgresql-12-12.4/src/backend/rewrite/rewriteHandler.c
Examining data/postgresql-12-12.4/src/backend/rewrite/rewriteSupport.c
Examining data/postgresql-12-12.4/src/backend/rewrite/rowsecurity.c
Examining data/postgresql-12-12.4/src/backend/rewrite/rewriteDefine.c
Examining data/postgresql-12-12.4/src/backend/rewrite/rewriteManip.c
Examining data/postgresql-12-12.4/src/backend/storage/lmgr/lock.c
Examining data/postgresql-12-12.4/src/backend/storage/lmgr/lmgr.c
Examining data/postgresql-12-12.4/src/backend/storage/lmgr/spin.c
Examining data/postgresql-12-12.4/src/backend/storage/lmgr/deadlock.c
Examining data/postgresql-12-12.4/src/backend/storage/lmgr/lwlocknames.c
Examining data/postgresql-12-12.4/src/backend/storage/lmgr/condition_variable.c
Examining data/postgresql-12-12.4/src/backend/storage/lmgr/s_lock.c
Examining data/postgresql-12-12.4/src/backend/storage/lmgr/lwlocknames.h
Examining data/postgresql-12-12.4/src/backend/storage/lmgr/predicate.c
Examining data/postgresql-12-12.4/src/backend/storage/lmgr/lwlock.c
Examining data/postgresql-12-12.4/src/backend/storage/lmgr/proc.c
Examining data/postgresql-12-12.4/src/backend/storage/page/bufpage.c
Examining data/postgresql-12-12.4/src/backend/storage/page/itemptr.c
Examining data/postgresql-12-12.4/src/backend/storage/page/checksum.c
Examining data/postgresql-12-12.4/src/backend/storage/smgr/smgr.c
Examining data/postgresql-12-12.4/src/backend/storage/smgr/md.c
Examining data/postgresql-12-12.4/src/backend/storage/freespace/freespace.c
Examining data/postgresql-12-12.4/src/backend/storage/freespace/fsmpage.c
Examining data/postgresql-12-12.4/src/backend/storage/freespace/indexfsm.c
Examining data/postgresql-12-12.4/src/backend/storage/buffer/bufmgr.c
Examining data/postgresql-12-12.4/src/backend/storage/buffer/freelist.c
Examining data/postgresql-12-12.4/src/backend/storage/buffer/buf_init.c
Examining data/postgresql-12-12.4/src/backend/storage/buffer/localbuf.c
Examining data/postgresql-12-12.4/src/backend/storage/buffer/buf_table.c
Examining data/postgresql-12-12.4/src/backend/storage/sync/sync.c
Examining data/postgresql-12-12.4/src/backend/storage/large_object/inv_api.c
Examining data/postgresql-12-12.4/src/backend/storage/ipc/dsm.c
Examining data/postgresql-12-12.4/src/backend/storage/ipc/sinval.c
Examining data/postgresql-12-12.4/src/backend/storage/ipc/ipci.c
Examining data/postgresql-12-12.4/src/backend/storage/ipc/procsignal.c
Examining data/postgresql-12-12.4/src/backend/storage/ipc/latch.c
Examining data/postgresql-12-12.4/src/backend/storage/ipc/shm_mq.c
Examining data/postgresql-12-12.4/src/backend/storage/ipc/pmsignal.c
Examining data/postgresql-12-12.4/src/backend/storage/ipc/shmqueue.c
Examining data/postgresql-12-12.4/src/backend/storage/ipc/shmem.c
Examining data/postgresql-12-12.4/src/backend/storage/ipc/procarray.c
Examining data/postgresql-12-12.4/src/backend/storage/ipc/dsm_impl.c
Examining data/postgresql-12-12.4/src/backend/storage/ipc/sinvaladt.c
Examining data/postgresql-12-12.4/src/backend/storage/ipc/signalfuncs.c
Examining data/postgresql-12-12.4/src/backend/storage/ipc/shm_toc.c
Examining data/postgresql-12-12.4/src/backend/storage/ipc/ipc.c
Examining data/postgresql-12-12.4/src/backend/storage/ipc/standby.c
Examining data/postgresql-12-12.4/src/backend/storage/ipc/barrier.c
Examining data/postgresql-12-12.4/src/backend/storage/file/sharedfileset.c
Examining data/postgresql-12-12.4/src/backend/storage/file/fd.c
Examining data/postgresql-12-12.4/src/backend/storage/file/copydir.c
Examining data/postgresql-12-12.4/src/backend/storage/file/buffile.c
Examining data/postgresql-12-12.4/src/backend/storage/file/reinit.c
Examining data/postgresql-12-12.4/src/backend/parser/parse_func.c
Examining data/postgresql-12-12.4/src/backend/parser/parse_coerce.c
Examining data/postgresql-12-12.4/src/backend/parser/parse_target.c
Examining data/postgresql-12-12.4/src/backend/parser/parse_oper.c
Examining data/postgresql-12-12.4/src/backend/parser/parse_cte.c
Examining data/postgresql-12-12.4/src/backend/parser/parse_node.c
Examining data/postgresql-12-12.4/src/backend/parser/parse_clause.c
Examining data/postgresql-12-12.4/src/backend/parser/parse_expr.c
Examining data/postgresql-12-12.4/src/backend/parser/parse_agg.c
Examining data/postgresql-12-12.4/src/backend/parser/scansup.c
Examining data/postgresql-12-12.4/src/backend/parser/parse_param.c
Examining data/postgresql-12-12.4/src/backend/parser/gram.h
Examining data/postgresql-12-12.4/src/backend/parser/parser.c
Examining data/postgresql-12-12.4/src/backend/parser/parse_enr.c
Examining data/postgresql-12-12.4/src/backend/parser/gram.c
Examining data/postgresql-12-12.4/src/backend/parser/parse_utilcmd.c
Examining data/postgresql-12-12.4/src/backend/parser/scan.c
Examining data/postgresql-12-12.4/src/backend/parser/parse_collate.c
Examining data/postgresql-12-12.4/src/backend/parser/parse_type.c
Examining data/postgresql-12-12.4/src/backend/parser/parse_relation.c
Examining data/postgresql-12-12.4/src/backend/parser/analyze.c
Examining data/postgresql-12-12.4/src/backend/lib/integerset.c
Examining data/postgresql-12-12.4/src/backend/lib/bipartite_match.c
Examining data/postgresql-12-12.4/src/backend/lib/binaryheap.c
Examining data/postgresql-12-12.4/src/backend/lib/dshash.c
Examining data/postgresql-12-12.4/src/backend/lib/ilist.c
Examining data/postgresql-12-12.4/src/backend/lib/rbtree.c
Examining data/postgresql-12-12.4/src/backend/lib/pairingheap.c
Examining data/postgresql-12-12.4/src/backend/lib/stringinfo.c
Examining data/postgresql-12-12.4/src/backend/lib/hyperloglog.c
Examining data/postgresql-12-12.4/src/backend/lib/bloomfilter.c
Examining data/postgresql-12-12.4/src/backend/lib/knapsack.c
Examining data/postgresql-12-12.4/src/backend/libpq/ifaddr.c
Examining data/postgresql-12-12.4/src/backend/libpq/pqformat.c
Examining data/postgresql-12-12.4/src/backend/libpq/be-secure.c
Examining data/postgresql-12-12.4/src/backend/libpq/auth.c
Examining data/postgresql-12-12.4/src/backend/libpq/be-secure-gssapi.c
Examining data/postgresql-12-12.4/src/backend/libpq/be-gssapi-common.c
Examining data/postgresql-12-12.4/src/backend/libpq/pqmq.c
Examining data/postgresql-12-12.4/src/backend/libpq/be-fsstubs.c
Examining data/postgresql-12-12.4/src/backend/libpq/crypt.c
Examining data/postgresql-12-12.4/src/backend/libpq/pqcomm.c
Examining data/postgresql-12-12.4/src/backend/libpq/hba.c
Examining data/postgresql-12-12.4/src/backend/libpq/pqsignal.c
Examining data/postgresql-12-12.4/src/backend/libpq/auth-scram.c
Examining data/postgresql-12-12.4/src/backend/libpq/be-secure-common.c
Examining data/postgresql-12-12.4/src/backend/libpq/be-secure-openssl.c
Examining data/postgresql-12-12.4/src/backend/replication/walreceiverfuncs.c
Examining data/postgresql-12-12.4/src/backend/replication/pgoutput/pgoutput.c
Examining data/postgresql-12-12.4/src/backend/replication/logical/launcher.c
Examining data/postgresql-12-12.4/src/backend/replication/logical/message.c
Examining data/postgresql-12-12.4/src/backend/replication/logical/tablesync.c
Examining data/postgresql-12-12.4/src/backend/replication/logical/origin.c
Examining data/postgresql-12-12.4/src/backend/replication/logical/logicalfuncs.c
Examining data/postgresql-12-12.4/src/backend/replication/logical/worker.c
Examining data/postgresql-12-12.4/src/backend/replication/logical/proto.c
Examining data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c
Examining data/postgresql-12-12.4/src/backend/replication/logical/snapbuild.c
Examining data/postgresql-12-12.4/src/backend/replication/logical/logical.c
Examining data/postgresql-12-12.4/src/backend/replication/logical/decode.c
Examining data/postgresql-12-12.4/src/backend/replication/logical/relation.c
Examining data/postgresql-12-12.4/src/backend/replication/walsender.c
Examining data/postgresql-12-12.4/src/backend/replication/syncrep.c
Examining data/postgresql-12-12.4/src/backend/replication/basebackup.c
Examining data/postgresql-12-12.4/src/backend/replication/syncrep_gram.c
Examining data/postgresql-12-12.4/src/backend/replication/walreceiver.c
Examining data/postgresql-12-12.4/src/backend/replication/slot.c
Examining data/postgresql-12-12.4/src/backend/replication/repl_gram.c
Examining data/postgresql-12-12.4/src/backend/replication/slotfuncs.c
Examining data/postgresql-12-12.4/src/backend/replication/syncrep_scanner.c
Examining data/postgresql-12-12.4/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c
Examining data/postgresql-12-12.4/src/backend/replication/repl_scanner.c
Examining data/postgresql-12-12.4/src/backend/jit/llvm/llvmjit_error.cpp
Examining data/postgresql-12-12.4/src/backend/jit/llvm/llvmjit.c
Examining data/postgresql-12-12.4/src/backend/jit/llvm/llvmjit_types.c
Examining data/postgresql-12-12.4/src/backend/jit/llvm/llvmjit_inline.cpp
Examining data/postgresql-12-12.4/src/backend/jit/llvm/llvmjit_deform.c
Examining data/postgresql-12-12.4/src/backend/jit/llvm/llvmjit_wrap.cpp
Examining data/postgresql-12-12.4/src/backend/jit/llvm/llvmjit_expr.c
Examining data/postgresql-12-12.4/src/backend/jit/jit.c
Examining data/postgresql-12-12.4/src/backend/statistics/mcv.c
Examining data/postgresql-12-12.4/src/backend/statistics/mvdistinct.c
Examining data/postgresql-12-12.4/src/backend/statistics/dependencies.c
Examining data/postgresql-12-12.4/src/backend/statistics/extended_stats.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeSamplescan.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeHash.c
Examining data/postgresql-12-12.4/src/backend/executor/execIndexing.c
Examining data/postgresql-12-12.4/src/backend/executor/instrument.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeGatherMerge.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeBitmapAnd.c
Examining data/postgresql-12-12.4/src/backend/executor/execExpr.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeTidscan.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeCustom.c
Examining data/postgresql-12-12.4/src/backend/executor/execProcnode.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeHashjoin.c
Examining data/postgresql-12-12.4/src/backend/executor/execJunk.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeSubplan.c
Examining data/postgresql-12-12.4/src/backend/executor/execCurrent.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeIndexonlyscan.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeMaterial.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeNamedtuplestorescan.c
Examining data/postgresql-12-12.4/src/backend/executor/execMain.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeForeignscan.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeFunctionscan.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeValuesscan.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeLimit.c
Examining data/postgresql-12-12.4/src/backend/executor/execExprInterp.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeResult.c
Examining data/postgresql-12-12.4/src/backend/executor/execAmi.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeBitmapHeapscan.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeWindowAgg.c
Examining data/postgresql-12-12.4/src/backend/executor/tqueue.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeBitmapIndexscan.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeNestloop.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeTableFuncscan.c
Examining data/postgresql-12-12.4/src/backend/executor/execPartition.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeBitmapOr.c
Examining data/postgresql-12-12.4/src/backend/executor/execUtils.c
Examining data/postgresql-12-12.4/src/backend/executor/execParallel.c
Examining data/postgresql-12-12.4/src/backend/executor/execScan.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeRecursiveunion.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeSeqscan.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeMergejoin.c
Examining data/postgresql-12-12.4/src/backend/executor/tstoreReceiver.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeModifyTable.c
Examining data/postgresql-12-12.4/src/backend/executor/execSRF.c
Examining data/postgresql-12-12.4/src/backend/executor/spi.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeGather.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeUnique.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeAgg.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeIndexscan.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeMergeAppend.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeAppend.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeGroup.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeSort.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeProjectSet.c
Examining data/postgresql-12-12.4/src/backend/executor/execTuples.c
Examining data/postgresql-12-12.4/src/backend/executor/functions.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeWorktablescan.c
Examining data/postgresql-12-12.4/src/backend/executor/execGrouping.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeCtescan.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeSetOp.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeSubqueryscan.c
Examining data/postgresql-12-12.4/src/backend/executor/nodeLockRows.c
Examining data/postgresql-12-12.4/src/backend/executor/execReplication.c
Examining data/postgresql-12-12.4/src/backend/tsearch/regis.c
Examining data/postgresql-12-12.4/src/backend/tsearch/to_tsany.c
Examining data/postgresql-12-12.4/src/backend/tsearch/ts_typanalyze.c
Examining data/postgresql-12-12.4/src/backend/tsearch/wparser.c
Examining data/postgresql-12-12.4/src/backend/tsearch/wparser_def.c
Examining data/postgresql-12-12.4/src/backend/tsearch/ts_selfuncs.c
Examining data/postgresql-12-12.4/src/backend/tsearch/dict.c
Examining data/postgresql-12-12.4/src/backend/tsearch/dict_synonym.c
Examining data/postgresql-12-12.4/src/backend/tsearch/spell.c
Examining data/postgresql-12-12.4/src/backend/tsearch/dict_ispell.c
Examining data/postgresql-12-12.4/src/backend/tsearch/ts_utils.c
Examining data/postgresql-12-12.4/src/backend/tsearch/dict_thesaurus.c
Examining data/postgresql-12-12.4/src/backend/tsearch/ts_locale.c
Examining data/postgresql-12-12.4/src/backend/tsearch/ts_parse.c
Examining data/postgresql-12-12.4/src/backend/tsearch/dict_simple.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/numutils.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/dbsize.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/rangetypes_typanalyze.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/cash.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/tid.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/like_match.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/int.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/partitionfuncs.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/windowfuncs.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/genfile.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/lockfuncs.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/like_support.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/oid.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/cryptohashes.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/datetime.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/bool.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/array_expanded.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/tsquery_gist.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/tsvector.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/quote.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/format_type.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/orderedsetaggs.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/float.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/ascii.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/expandedrecord.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/levenshtein.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/tsquery.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/geo_spgist.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/name.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/enum.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/tsquery_op.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/pseudotypes.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/varchar.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/array_selfuncs.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/jsonpath_scan.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/jsonb_op.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/tsrank.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/array_typanalyze.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/rangetypes_spgist.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/amutils.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/tsvector_op.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/jsonpath_gram.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/rangetypes.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/tsvector_parser.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/datum.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/uuid.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/regexp.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/jsonpath_exec.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/regproc.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/network.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/jsonb.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/tsquery_rewrite.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/numeric.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/tsquery_util.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/xid.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/formatting.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/acl.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/jsonb_util.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/timestamp.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/oracle_compat.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/jsonb_gin.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/tsgistidx.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/rangetypes_selfuncs.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/tsquery_cleanup.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/char.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/pg_upgrade_support.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/json.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/tsginidx.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/rowtypes.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/int8.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/pgstatfuncs.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/date.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/like.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/xml.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/inet_net_pton.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/pg_lsn.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/array_userfuncs.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/arrayutils.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/trigfuncs.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/version.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/misc.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/expandeddatum.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/mac.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/ruleutils.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/network_selfuncs.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/geo_selfuncs.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/rangetypes_gist.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/encode.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/mac8.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/varlena.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/inet_cidr_ntop.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/jsonfuncs.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/txid.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/selfuncs.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/network_gist.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/jsonpath.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/network_spgist.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/varbit.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/geo_ops.c
Examining data/postgresql-12-12.4/src/backend/utils/adt/domains.c
Examining data/postgresql-12-12.4/src/backend/utils/fmgr/funcapi.c
Examining data/postgresql-12-12.4/src/backend/utils/fmgr/fmgr.c
Examining data/postgresql-12-12.4/src/backend/utils/fmgr/dfmgr.c
Examining data/postgresql-12-12.4/src/backend/utils/misc/pg_config.c
Examining data/postgresql-12-12.4/src/backend/utils/misc/rls.c
Examining data/postgresql-12-12.4/src/backend/utils/misc/queryenvironment.c
Examining data/postgresql-12-12.4/src/backend/utils/misc/superuser.c
Examining data/postgresql-12-12.4/src/backend/utils/misc/pg_rusage.c
Examining data/postgresql-12-12.4/src/backend/utils/misc/help_config.c
Examining data/postgresql-12-12.4/src/backend/utils/misc/pg_controldata.c
Examining data/postgresql-12-12.4/src/backend/utils/misc/sampling.c
Examining data/postgresql-12-12.4/src/backend/utils/misc/ps_status.c
Examining data/postgresql-12-12.4/src/backend/utils/misc/timeout.c
Examining data/postgresql-12-12.4/src/backend/utils/misc/guc-file.c
Examining data/postgresql-12-12.4/src/backend/utils/misc/tzparser.c
Examining data/postgresql-12-12.4/src/backend/utils/misc/guc.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/iso.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/conv.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/wstrcmp.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/encnames.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/win866.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/win1251.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/conversion_procs/utf8_and_big5/utf8_and_big5.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/conversion_procs/utf8_and_ascii/utf8_and_ascii.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/conversion_procs/utf8_and_iso8859_1/utf8_and_iso8859_1.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/conversion_procs/utf8_and_uhc/utf8_and_uhc.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/conversion_procs/euc_jp_and_sjis/euc_jp_and_sjis.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/conversion_procs/utf8_and_sjis2004/utf8_and_sjis2004.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/conversion_procs/utf8_and_euc_cn/utf8_and_euc_cn.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/conversion_procs/latin_and_mic/latin_and_mic.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/conversion_procs/utf8_and_euc_jp/utf8_and_euc_jp.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/conversion_procs/utf8_and_sjis/utf8_and_sjis.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/conversion_procs/euc2004_sjis2004/euc2004_sjis2004.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/conversion_procs/euc_cn_and_mic/euc_cn_and_mic.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/conversion_procs/utf8_and_iso8859/utf8_and_iso8859.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/conversion_procs/utf8_and_gb18030/utf8_and_gb18030.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/conversion_procs/utf8_and_euc_kr/utf8_and_euc_kr.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/conversion_procs/utf8_and_cyrillic/utf8_and_cyrillic.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/conversion_procs/latin2_and_win1250/latin2_and_win1250.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/conversion_procs/ascii_and_mic/ascii_and_mic.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/conversion_procs/utf8_and_euc2004/utf8_and_euc2004.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/conversion_procs/utf8_and_win/utf8_and_win.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/conversion_procs/utf8_and_euc_tw/utf8_and_euc_tw.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/conversion_procs/utf8_and_gbk/utf8_and_gbk.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/conversion_procs/euc_tw_and_big5/big5.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/conversion_procs/euc_tw_and_big5/euc_tw_and_big5.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/conversion_procs/euc_kr_and_mic/euc_kr_and_mic.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/conversion_procs/cyrillic_and_mic/cyrillic_and_mic.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/conversion_procs/utf8_and_johab/utf8_and_johab.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/wchar.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/wstrncmp.c
Examining data/postgresql-12-12.4/src/backend/utils/mb/mbutils.c
Examining data/postgresql-12-12.4/src/backend/utils/errcodes.h
Examining data/postgresql-12-12.4/src/backend/utils/fmgrtab.c
Examining data/postgresql-12-12.4/src/backend/utils/init/postinit.c
Examining data/postgresql-12-12.4/src/backend/utils/init/miscinit.c
Examining data/postgresql-12-12.4/src/backend/utils/init/globals.c
Examining data/postgresql-12-12.4/src/backend/utils/mmgr/mcxt.c
Examining data/postgresql-12-12.4/src/backend/utils/mmgr/memdebug.c
Examining data/postgresql-12-12.4/src/backend/utils/mmgr/generation.c
Examining data/postgresql-12-12.4/src/backend/utils/mmgr/portalmem.c
Examining data/postgresql-12-12.4/src/backend/utils/mmgr/slab.c
Examining data/postgresql-12-12.4/src/backend/utils/mmgr/freepage.c
Examining data/postgresql-12-12.4/src/backend/utils/mmgr/dsa.c
Examining data/postgresql-12-12.4/src/backend/utils/mmgr/aset.c
Examining data/postgresql-12-12.4/src/backend/utils/time/snapmgr.c
Examining data/postgresql-12-12.4/src/backend/utils/time/combocid.c
Examining data/postgresql-12-12.4/src/backend/utils/cache/lsyscache.c
Examining data/postgresql-12-12.4/src/backend/utils/cache/spccache.c
Examining data/postgresql-12-12.4/src/backend/utils/cache/syscache.c
Examining data/postgresql-12-12.4/src/backend/utils/cache/ts_cache.c
Examining data/postgresql-12-12.4/src/backend/utils/cache/partcache.c
Examining data/postgresql-12-12.4/src/backend/utils/cache/catcache.c
Examining data/postgresql-12-12.4/src/backend/utils/cache/plancache.c
Examining data/postgresql-12-12.4/src/backend/utils/cache/typcache.c
Examining data/postgresql-12-12.4/src/backend/utils/cache/relmapper.c
Examining data/postgresql-12-12.4/src/backend/utils/cache/attoptcache.c
Examining data/postgresql-12-12.4/src/backend/utils/cache/evtcache.c
Examining data/postgresql-12-12.4/src/backend/utils/cache/relfilenodemap.c
Examining data/postgresql-12-12.4/src/backend/utils/cache/inval.c
Examining data/postgresql-12-12.4/src/backend/utils/cache/relcache.c
Examining data/postgresql-12-12.4/src/backend/utils/hash/pg_crc.c
Examining data/postgresql-12-12.4/src/backend/utils/hash/hashfn.c
Examining data/postgresql-12-12.4/src/backend/utils/hash/dynahash.c
Examining data/postgresql-12-12.4/src/backend/utils/sort/qsort_tuple.c
Examining data/postgresql-12-12.4/src/backend/utils/sort/logtape.c
Examining data/postgresql-12-12.4/src/backend/utils/sort/sharedtuplestore.c
Examining data/postgresql-12-12.4/src/backend/utils/sort/tuplestore.c
Examining data/postgresql-12-12.4/src/backend/utils/sort/sortsupport.c
Examining data/postgresql-12-12.4/src/backend/utils/sort/tuplesort.c
Examining data/postgresql-12-12.4/src/backend/utils/fmgrprotos.h
Examining data/postgresql-12-12.4/src/backend/utils/resowner/resowner.c
Examining data/postgresql-12-12.4/src/backend/utils/error/assert.c
Examining data/postgresql-12-12.4/src/backend/utils/error/elog.c
Examining data/postgresql-12-12.4/src/backend/utils/fmgroids.h
Examining data/postgresql-12-12.4/src/backend/optimizer/prep/prepjointree.c
Examining data/postgresql-12-12.4/src/backend/optimizer/prep/prepqual.c
Examining data/postgresql-12-12.4/src/backend/optimizer/prep/prepunion.c
Examining data/postgresql-12-12.4/src/backend/optimizer/prep/preptlist.c
Examining data/postgresql-12-12.4/src/backend/optimizer/util/clauses.c
Examining data/postgresql-12-12.4/src/backend/optimizer/util/relnode.c
Examining data/postgresql-12-12.4/src/backend/optimizer/util/tlist.c
Examining data/postgresql-12-12.4/src/backend/optimizer/util/predtest.c
Examining data/postgresql-12-12.4/src/backend/optimizer/util/paramassign.c
Examining data/postgresql-12-12.4/src/backend/optimizer/util/plancat.c
Examining data/postgresql-12-12.4/src/backend/optimizer/util/var.c
Examining data/postgresql-12-12.4/src/backend/optimizer/util/restrictinfo.c
Examining data/postgresql-12-12.4/src/backend/optimizer/util/pathnode.c
Examining data/postgresql-12-12.4/src/backend/optimizer/util/joininfo.c
Examining data/postgresql-12-12.4/src/backend/optimizer/util/appendinfo.c
Examining data/postgresql-12-12.4/src/backend/optimizer/util/placeholder.c
Examining data/postgresql-12-12.4/src/backend/optimizer/util/inherit.c
Examining data/postgresql-12-12.4/src/backend/optimizer/util/orclauses.c
Examining data/postgresql-12-12.4/src/backend/optimizer/plan/initsplan.c
Examining data/postgresql-12-12.4/src/backend/optimizer/plan/createplan.c
Examining data/postgresql-12-12.4/src/backend/optimizer/plan/analyzejoins.c
Examining data/postgresql-12-12.4/src/backend/optimizer/plan/planagg.c
Examining data/postgresql-12-12.4/src/backend/optimizer/plan/subselect.c
Examining data/postgresql-12-12.4/src/backend/optimizer/plan/planmain.c
Examining data/postgresql-12-12.4/src/backend/optimizer/plan/planner.c
Examining data/postgresql-12-12.4/src/backend/optimizer/plan/setrefs.c
Examining data/postgresql-12-12.4/src/backend/optimizer/path/costsize.c
Examining data/postgresql-12-12.4/src/backend/optimizer/path/allpaths.c
Examining data/postgresql-12-12.4/src/backend/optimizer/path/joinrels.c
Examining data/postgresql-12-12.4/src/backend/optimizer/path/joinpath.c
Examining data/postgresql-12-12.4/src/backend/optimizer/path/clausesel.c
Examining data/postgresql-12-12.4/src/backend/optimizer/path/indxpath.c
Examining data/postgresql-12-12.4/src/backend/optimizer/path/pathkeys.c
Examining data/postgresql-12-12.4/src/backend/optimizer/path/equivclass.c
Examining data/postgresql-12-12.4/src/backend/optimizer/path/tidpath.c
Examining data/postgresql-12-12.4/src/backend/optimizer/geqo/geqo_px.c
Examining data/postgresql-12-12.4/src/backend/optimizer/geqo/geqo_misc.c
Examining data/postgresql-12-12.4/src/backend/optimizer/geqo/geqo_cx.c
Examining data/postgresql-12-12.4/src/backend/optimizer/geqo/geqo_recombination.c
Examining data/postgresql-12-12.4/src/backend/optimizer/geqo/geqo_ox1.c
Examining data/postgresql-12-12.4/src/backend/optimizer/geqo/geqo_ox2.c
Examining data/postgresql-12-12.4/src/backend/optimizer/geqo/geqo_copy.c
Examining data/postgresql-12-12.4/src/backend/optimizer/geqo/geqo_pool.c
Examining data/postgresql-12-12.4/src/backend/optimizer/geqo/geqo_erx.c
Examining data/postgresql-12-12.4/src/backend/optimizer/geqo/geqo_main.c
Examining data/postgresql-12-12.4/src/backend/optimizer/geqo/geqo_mutation.c
Examining data/postgresql-12-12.4/src/backend/optimizer/geqo/geqo_eval.c
Examining data/postgresql-12-12.4/src/backend/optimizer/geqo/geqo_pmx.c
Examining data/postgresql-12-12.4/src/backend/optimizer/geqo/geqo_random.c
Examining data/postgresql-12-12.4/src/backend/optimizer/geqo/geqo_selection.c
Examining data/postgresql-12-12.4/src/backend/main/main.c
Examining data/postgresql-12-12.4/src/backend/nodes/tidbitmap.c
Examining data/postgresql-12-12.4/src/backend/nodes/read.c
Examining data/postgresql-12-12.4/src/backend/nodes/outfuncs.c
Examining data/postgresql-12-12.4/src/backend/nodes/nodeFuncs.c
Examining data/postgresql-12-12.4/src/backend/nodes/copyfuncs.c
Examining data/postgresql-12-12.4/src/backend/nodes/value.c
Examining data/postgresql-12-12.4/src/backend/nodes/readfuncs.c
Examining data/postgresql-12-12.4/src/backend/nodes/list.c
Examining data/postgresql-12-12.4/src/backend/nodes/extensible.c
Examining data/postgresql-12-12.4/src/backend/nodes/print.c
Examining data/postgresql-12-12.4/src/backend/nodes/makefuncs.c
Examining data/postgresql-12-12.4/src/backend/nodes/params.c
Examining data/postgresql-12-12.4/src/backend/nodes/equalfuncs.c
Examining data/postgresql-12-12.4/src/backend/nodes/nodes.c
Examining data/postgresql-12-12.4/src/backend/nodes/bitmapset.c
Examining data/postgresql-12-12.4/src/backend/regex/regc_lex.c
Examining data/postgresql-12-12.4/src/backend/regex/regexport.c
Examining data/postgresql-12-12.4/src/backend/regex/regcomp.c
Examining data/postgresql-12-12.4/src/backend/regex/regerror.c
Examining data/postgresql-12-12.4/src/backend/regex/regc_locale.c
Examining data/postgresql-12-12.4/src/backend/regex/regc_cvec.c
Examining data/postgresql-12-12.4/src/backend/regex/regfree.c
Examining data/postgresql-12-12.4/src/backend/regex/regc_pg_locale.c
Examining data/postgresql-12-12.4/src/backend/regex/rege_dfa.c
Examining data/postgresql-12-12.4/src/backend/regex/regprefix.c
Examining data/postgresql-12-12.4/src/backend/regex/regexec.c
Examining data/postgresql-12-12.4/src/backend/regex/regc_color.c
Examining data/postgresql-12-12.4/src/backend/regex/regc_nfa.c
Examining data/postgresql-12-12.4/src/backend/catalog/pg_tablespace_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_constraint_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/objectaddress.c
Examining data/postgresql-12-12.4/src/backend/catalog/pg_publication_rel_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_ts_parser_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_type.c
Examining data/postgresql-12-12.4/src/backend/catalog/pg_proc_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_amproc_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_authid_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_replication_origin_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_extension_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_type_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_attribute_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_ts_config_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_statistic_ext_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_collation_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_auth_members_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_user_mapping_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_pltemplate_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_transform_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_publication_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_database_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/indexing.c
Examining data/postgresql-12-12.4/src/backend/catalog/pg_cast_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_shseclabel_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_ts_config_map_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_inherits_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_shdescription_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_largeobject.c
Examining data/postgresql-12-12.4/src/backend/catalog/toasting.c
Examining data/postgresql-12-12.4/src/backend/catalog/storage.c
Examining data/postgresql-12-12.4/src/backend/catalog/pg_sequence_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_foreign_server_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/partition.c
Examining data/postgresql-12-12.4/src/backend/catalog/heap.c
Examining data/postgresql-12-12.4/src/backend/catalog/pg_subscription.c
Examining data/postgresql-12-12.4/src/backend/catalog/pg_amop_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_default_acl_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_shdepend.c
Examining data/postgresql-12-12.4/src/backend/catalog/pg_aggregate.c
Examining data/postgresql-12-12.4/src/backend/catalog/pg_subscription_rel_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_class_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_attrdef_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/schemapg.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_enum_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_event_trigger_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_depend_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_enum.c
Examining data/postgresql-12-12.4/src/backend/catalog/pg_partitioned_table_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_description_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_publication.c
Examining data/postgresql-12-12.4/src/backend/catalog/pg_collation.c
Examining data/postgresql-12-12.4/src/backend/catalog/pg_rewrite_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_depend.c
Examining data/postgresql-12-12.4/src/backend/catalog/pg_init_privs_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_range_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_conversion.c
Examining data/postgresql-12-12.4/src/backend/catalog/pg_seclabel_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_range.c
Examining data/postgresql-12-12.4/src/backend/catalog/pg_conversion_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_am_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_opfamily_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_policy_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_aggregate_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_ts_dict_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/aclchk.c
Examining data/postgresql-12-12.4/src/backend/catalog/namespace.c
Examining data/postgresql-12-12.4/src/backend/catalog/pg_statistic_ext_data_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_namespace_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/catalog.c
Examining data/postgresql-12-12.4/src/backend/catalog/index.c
Examining data/postgresql-12-12.4/src/backend/catalog/pg_language_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_inherits.c
Examining data/postgresql-12-12.4/src/backend/catalog/pg_ts_template_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_largeobject_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_operator.c
Examining data/postgresql-12-12.4/src/backend/catalog/pg_proc.c
Examining data/postgresql-12-12.4/src/backend/catalog/objectaccess.c
Examining data/postgresql-12-12.4/src/backend/catalog/pg_shdepend_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_largeobject_metadata_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_operator_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_namespace.c
Examining data/postgresql-12-12.4/src/backend/catalog/pg_constraint.c
Examining data/postgresql-12-12.4/src/backend/catalog/pg_statistic_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_trigger_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_foreign_data_wrapper_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_db_role_setting_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_opclass_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_index_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_foreign_table_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/pg_db_role_setting.c
Examining data/postgresql-12-12.4/src/backend/catalog/pg_subscription_d.h
Examining data/postgresql-12-12.4/src/backend/catalog/dependency.c
Examining data/postgresql-12-12.4/src/backend/port/win32_shmem.c
Examining data/postgresql-12-12.4/src/backend/port/win32_sema.c
Examining data/postgresql-12-12.4/src/backend/port/sysv_sema.c
Examining data/postgresql-12-12.4/src/backend/port/posix_sema.c
Examining data/postgresql-12-12.4/src/backend/port/sysv_shmem.c
Examining data/postgresql-12-12.4/src/backend/port/win32/timer.c
Examining data/postgresql-12-12.4/src/backend/port/win32/mingwcompat.c
Examining data/postgresql-12-12.4/src/backend/port/win32/signal.c
Examining data/postgresql-12-12.4/src/backend/port/win32/socket.c
Examining data/postgresql-12-12.4/src/backend/port/win32/crashdump.c
Examining data/postgresql-12-12.4/src/backend/port/atomics.c
Examining data/postgresql-12-12.4/src/backend/access/rmgrdesc/gindesc.c
Examining data/postgresql-12-12.4/src/backend/access/rmgrdesc/logicalmsgdesc.c
Examining data/postgresql-12-12.4/src/backend/access/rmgrdesc/spgdesc.c
Examining data/postgresql-12-12.4/src/backend/access/rmgrdesc/relmapdesc.c
Examining data/postgresql-12-12.4/src/backend/access/rmgrdesc/nbtdesc.c
Examining data/postgresql-12-12.4/src/backend/access/rmgrdesc/xlogdesc.c
Examining data/postgresql-12-12.4/src/backend/access/rmgrdesc/standbydesc.c
Examining data/postgresql-12-12.4/src/backend/access/rmgrdesc/committsdesc.c
Examining data/postgresql-12-12.4/src/backend/access/rmgrdesc/seqdesc.c
Examining data/postgresql-12-12.4/src/backend/access/rmgrdesc/heapdesc.c
Examining data/postgresql-12-12.4/src/backend/access/rmgrdesc/replorigindesc.c
Examining data/postgresql-12-12.4/src/backend/access/rmgrdesc/brindesc.c
Examining data/postgresql-12-12.4/src/backend/access/rmgrdesc/tblspcdesc.c
Examining data/postgresql-12-12.4/src/backend/access/rmgrdesc/xactdesc.c
Examining data/postgresql-12-12.4/src/backend/access/rmgrdesc/clogdesc.c
Examining data/postgresql-12-12.4/src/backend/access/rmgrdesc/gistdesc.c
Examining data/postgresql-12-12.4/src/backend/access/rmgrdesc/dbasedesc.c
Examining data/postgresql-12-12.4/src/backend/access/rmgrdesc/smgrdesc.c
Examining data/postgresql-12-12.4/src/backend/access/rmgrdesc/genericdesc.c
Examining data/postgresql-12-12.4/src/backend/access/rmgrdesc/hashdesc.c
Examining data/postgresql-12-12.4/src/backend/access/rmgrdesc/mxactdesc.c
Examining data/postgresql-12-12.4/src/backend/access/gist/gistsplit.c
Examining data/postgresql-12-12.4/src/backend/access/gist/gistbuild.c
Examining data/postgresql-12-12.4/src/backend/access/gist/gistproc.c
Examining data/postgresql-12-12.4/src/backend/access/gist/gistxlog.c
Examining data/postgresql-12-12.4/src/backend/access/gist/gistvacuum.c
Examining data/postgresql-12-12.4/src/backend/access/gist/gistget.c
Examining data/postgresql-12-12.4/src/backend/access/gist/gistscan.c
Examining data/postgresql-12-12.4/src/backend/access/gist/gist.c
Examining data/postgresql-12-12.4/src/backend/access/gist/gistbuildbuffers.c
Examining data/postgresql-12-12.4/src/backend/access/gist/gistutil.c
Examining data/postgresql-12-12.4/src/backend/access/gist/gistvalidate.c
Examining data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c
Examining data/postgresql-12-12.4/src/backend/access/transam/clog.c
Examining data/postgresql-12-12.4/src/backend/access/transam/parallel.c
Examining data/postgresql-12-12.4/src/backend/access/transam/twophase.c
Examining data/postgresql-12-12.4/src/backend/access/transam/xloginsert.c
Examining data/postgresql-12-12.4/src/backend/access/transam/commit_ts.c
Examining data/postgresql-12-12.4/src/backend/access/transam/rmgr.c
Examining data/postgresql-12-12.4/src/backend/access/transam/multixact.c
Examining data/postgresql-12-12.4/src/backend/access/transam/xact.c
Examining data/postgresql-12-12.4/src/backend/access/transam/varsup.c
Examining data/postgresql-12-12.4/src/backend/access/transam/xlog.c
Examining data/postgresql-12-12.4/src/backend/access/transam/xlogutils.c
Examining data/postgresql-12-12.4/src/backend/access/transam/generic_xlog.c
Examining data/postgresql-12-12.4/src/backend/access/transam/xlogreader.c
Examining data/postgresql-12-12.4/src/backend/access/transam/transam.c
Examining data/postgresql-12-12.4/src/backend/access/transam/twophase_rmgr.c
Examining data/postgresql-12-12.4/src/backend/access/transam/slru.c
Examining data/postgresql-12-12.4/src/backend/access/transam/subtrans.c
Examining data/postgresql-12-12.4/src/backend/access/transam/xlogfuncs.c
Examining data/postgresql-12-12.4/src/backend/access/transam/timeline.c
Examining data/postgresql-12-12.4/src/backend/access/spgist/spgvalidate.c
Examining data/postgresql-12-12.4/src/backend/access/spgist/spginsert.c
Examining data/postgresql-12-12.4/src/backend/access/spgist/spgquadtreeproc.c
Examining data/postgresql-12-12.4/src/backend/access/spgist/spgtextproc.c
Examining data/postgresql-12-12.4/src/backend/access/spgist/spgutils.c
Examining data/postgresql-12-12.4/src/backend/access/spgist/spgxlog.c
Examining data/postgresql-12-12.4/src/backend/access/spgist/spgscan.c
Examining data/postgresql-12-12.4/src/backend/access/spgist/spgdoinsert.c
Examining data/postgresql-12-12.4/src/backend/access/spgist/spgproc.c
Examining data/postgresql-12-12.4/src/backend/access/spgist/spgvacuum.c
Examining data/postgresql-12-12.4/src/backend/access/spgist/spgkdtreeproc.c
Examining data/postgresql-12-12.4/src/backend/access/heap/heapam_visibility.c
Examining data/postgresql-12-12.4/src/backend/access/heap/hio.c
Examining data/postgresql-12-12.4/src/backend/access/heap/pruneheap.c
Examining data/postgresql-12-12.4/src/backend/access/heap/tuptoaster.c
Examining data/postgresql-12-12.4/src/backend/access/heap/syncscan.c
Examining data/postgresql-12-12.4/src/backend/access/heap/heapam_handler.c
Examining data/postgresql-12-12.4/src/backend/access/heap/heapam.c
Examining data/postgresql-12-12.4/src/backend/access/heap/rewriteheap.c
Examining data/postgresql-12-12.4/src/backend/access/heap/vacuumlazy.c
Examining data/postgresql-12-12.4/src/backend/access/heap/visibilitymap.c
Examining data/postgresql-12-12.4/src/backend/access/nbtree/nbtree.c
Examining data/postgresql-12-12.4/src/backend/access/nbtree/nbtxlog.c
Examining data/postgresql-12-12.4/src/backend/access/nbtree/nbtsort.c
Examining data/postgresql-12-12.4/src/backend/access/nbtree/nbtutils.c
Examining data/postgresql-12-12.4/src/backend/access/nbtree/nbtpage.c
Examining data/postgresql-12-12.4/src/backend/access/nbtree/nbtcompare.c
Examining data/postgresql-12-12.4/src/backend/access/nbtree/nbtinsert.c
Examining data/postgresql-12-12.4/src/backend/access/nbtree/nbtsplitloc.c
Examining data/postgresql-12-12.4/src/backend/access/nbtree/nbtsearch.c
Examining data/postgresql-12-12.4/src/backend/access/nbtree/nbtvalidate.c
Examining data/postgresql-12-12.4/src/backend/access/index/amapi.c
Examining data/postgresql-12-12.4/src/backend/access/index/amvalidate.c
Examining data/postgresql-12-12.4/src/backend/access/index/genam.c
Examining data/postgresql-12-12.4/src/backend/access/index/indexam.c
Examining data/postgresql-12-12.4/src/backend/access/table/table.c
Examining data/postgresql-12-12.4/src/backend/access/table/tableamapi.c
Examining data/postgresql-12-12.4/src/backend/access/table/tableam.c
Examining data/postgresql-12-12.4/src/backend/access/gin/ginvalidate.c
Examining data/postgresql-12-12.4/src/backend/access/gin/ginutil.c
Examining data/postgresql-12-12.4/src/backend/access/gin/ginxlog.c
Examining data/postgresql-12-12.4/src/backend/access/gin/gindatapage.c
Examining data/postgresql-12-12.4/src/backend/access/gin/ginfast.c
Examining data/postgresql-12-12.4/src/backend/access/gin/gininsert.c
Examining data/postgresql-12-12.4/src/backend/access/gin/ginscan.c
Examining data/postgresql-12-12.4/src/backend/access/gin/ginbulk.c
Examining data/postgresql-12-12.4/src/backend/access/gin/ginlogic.c
Examining data/postgresql-12-12.4/src/backend/access/gin/ginarrayproc.c
Examining data/postgresql-12-12.4/src/backend/access/gin/ginget.c
Examining data/postgresql-12-12.4/src/backend/access/gin/ginvacuum.c
Examining data/postgresql-12-12.4/src/backend/access/gin/ginbtree.c
Examining data/postgresql-12-12.4/src/backend/access/gin/ginpostinglist.c
Examining data/postgresql-12-12.4/src/backend/access/gin/ginentrypage.c
Examining data/postgresql-12-12.4/src/backend/access/hash/hashinsert.c
Examining data/postgresql-12-12.4/src/backend/access/hash/hashpage.c
Examining data/postgresql-12-12.4/src/backend/access/hash/hashsort.c
Examining data/postgresql-12-12.4/src/backend/access/hash/hashutil.c
Examining data/postgresql-12-12.4/src/backend/access/hash/hashvalidate.c
Examining data/postgresql-12-12.4/src/backend/access/hash/hash.c
Examining data/postgresql-12-12.4/src/backend/access/hash/hashfunc.c
Examining data/postgresql-12-12.4/src/backend/access/hash/hashsearch.c
Examining data/postgresql-12-12.4/src/backend/access/hash/hashovfl.c
Examining data/postgresql-12-12.4/src/backend/access/hash/hash_xlog.c
Examining data/postgresql-12-12.4/src/backend/access/common/session.c
Examining data/postgresql-12-12.4/src/backend/access/common/printsimple.c
Examining data/postgresql-12-12.4/src/backend/access/common/scankey.c
Examining data/postgresql-12-12.4/src/backend/access/common/tupconvert.c
Examining data/postgresql-12-12.4/src/backend/access/common/heaptuple.c
Examining data/postgresql-12-12.4/src/backend/access/common/indextuple.c
Examining data/postgresql-12-12.4/src/backend/access/common/bufmask.c
Examining data/postgresql-12-12.4/src/backend/access/common/tupdesc.c
Examining data/postgresql-12-12.4/src/backend/access/common/reloptions.c
Examining data/postgresql-12-12.4/src/backend/access/common/printtup.c
Examining data/postgresql-12-12.4/src/backend/access/common/relation.c
Examining data/postgresql-12-12.4/src/backend/access/tablesample/system.c
Examining data/postgresql-12-12.4/src/backend/access/tablesample/tablesample.c
Examining data/postgresql-12-12.4/src/backend/access/tablesample/bernoulli.c
Examining data/postgresql-12-12.4/src/backend/access/brin/brin_validate.c
Examining data/postgresql-12-12.4/src/backend/access/brin/brin_xlog.c
Examining data/postgresql-12-12.4/src/backend/access/brin/brin_pageops.c
Examining data/postgresql-12-12.4/src/backend/access/brin/brin.c
Examining data/postgresql-12-12.4/src/backend/access/brin/brin_revmap.c
Examining data/postgresql-12-12.4/src/backend/access/brin/brin_inclusion.c
Examining data/postgresql-12-12.4/src/backend/access/brin/brin_minmax.c
Examining data/postgresql-12-12.4/src/backend/access/brin/brin_tuple.c
Examining data/postgresql-12-12.4/src/backend/tcop/utility.c
Examining data/postgresql-12-12.4/src/backend/tcop/fastpath.c
Examining data/postgresql-12-12.4/src/backend/tcop/dest.c
Examining data/postgresql-12-12.4/src/backend/tcop/postgres.c
Examining data/postgresql-12-12.4/src/backend/tcop/pquery.c
Examining data/postgresql-12-12.4/src/backend/partitioning/partprune.c
Examining data/postgresql-12-12.4/src/backend/partitioning/partbounds.c
Examining data/postgresql-12-12.4/src/backend/partitioning/partdesc.c
Examining data/postgresql-12-12.4/src/backend/commands/aggregatecmds.c
Examining data/postgresql-12-12.4/src/backend/commands/explain.c
Examining data/postgresql-12-12.4/src/backend/commands/lockcmds.c
Examining data/postgresql-12-12.4/src/backend/commands/alter.c
Examining data/postgresql-12-12.4/src/backend/commands/conversioncmds.c
Examining data/postgresql-12-12.4/src/backend/commands/proclang.c
Examining data/postgresql-12-12.4/src/backend/commands/tablecmds.c
Examining data/postgresql-12-12.4/src/backend/commands/createas.c
Examining data/postgresql-12-12.4/src/backend/commands/event_trigger.c
Examining data/postgresql-12-12.4/src/backend/commands/view.c
Examining data/postgresql-12-12.4/src/backend/commands/collationcmds.c
Examining data/postgresql-12-12.4/src/backend/commands/subscriptioncmds.c
Examining data/postgresql-12-12.4/src/backend/commands/tsearchcmds.c
Examining data/postgresql-12-12.4/src/backend/commands/operatorcmds.c
Examining data/postgresql-12-12.4/src/backend/commands/matview.c
Examining data/postgresql-12-12.4/src/backend/commands/publicationcmds.c
Examining data/postgresql-12-12.4/src/backend/commands/seclabel.c
Examining data/postgresql-12-12.4/src/backend/commands/statscmds.c
Examining data/postgresql-12-12.4/src/backend/commands/portalcmds.c
Examining data/postgresql-12-12.4/src/backend/commands/discard.c
Examining data/postgresql-12-12.4/src/backend/commands/tablespace.c
Examining data/postgresql-12-12.4/src/backend/commands/foreigncmds.c
Examining data/postgresql-12-12.4/src/backend/commands/vacuum.c
Examining data/postgresql-12-12.4/src/backend/commands/user.c
Examining data/postgresql-12-12.4/src/backend/commands/cluster.c
Examining data/postgresql-12-12.4/src/backend/commands/dbcommands.c
Examining data/postgresql-12-12.4/src/backend/commands/constraint.c
Examining data/postgresql-12-12.4/src/backend/commands/prepare.c
Examining data/postgresql-12-12.4/src/backend/commands/trigger.c
Examining data/postgresql-12-12.4/src/backend/commands/define.c
Examining data/postgresql-12-12.4/src/backend/commands/copy.c
Examining data/postgresql-12-12.4/src/backend/commands/opclasscmds.c
Examining data/postgresql-12-12.4/src/backend/commands/amcmds.c
Examining data/postgresql-12-12.4/src/backend/commands/comment.c
Examining data/postgresql-12-12.4/src/backend/commands/sequence.c
Examining data/postgresql-12-12.4/src/backend/commands/indexcmds.c
Examining data/postgresql-12-12.4/src/backend/commands/policy.c
Examining data/postgresql-12-12.4/src/backend/commands/dropcmds.c
Examining data/postgresql-12-12.4/src/backend/commands/async.c
Examining data/postgresql-12-12.4/src/backend/commands/analyze.c
Examining data/postgresql-12-12.4/src/backend/commands/typecmds.c
Examining data/postgresql-12-12.4/src/backend/commands/variable.c
Examining data/postgresql-12-12.4/src/backend/commands/functioncmds.c
Examining data/postgresql-12-12.4/src/backend/commands/schemacmds.c
Examining data/postgresql-12-12.4/src/backend/commands/extension.c
Examining data/postgresql-12-12.4/src/backend/foreign/foreign.c
Examining data/postgresql-12-12.4/src/backend/postmaster/postmaster.c
Examining data/postgresql-12-12.4/src/backend/postmaster/bgworker.c
Examining data/postgresql-12-12.4/src/backend/postmaster/syslogger.c
Examining data/postgresql-12-12.4/src/backend/postmaster/bgwriter.c
Examining data/postgresql-12-12.4/src/backend/postmaster/pgstat.c
Examining data/postgresql-12-12.4/src/backend/postmaster/startup.c
Examining data/postgresql-12-12.4/src/backend/postmaster/autovacuum.c
Examining data/postgresql-12-12.4/src/backend/postmaster/checkpointer.c
Examining data/postgresql-12-12.4/src/backend/postmaster/pgarch.c
Examining data/postgresql-12-12.4/src/backend/postmaster/walwriter.c
Examining data/postgresql-12-12.4/src/backend/postmaster/fork_process.c
Examining data/postgresql-12-12.4/src/bin/pg_checksums/pg_checksums.c
Examining data/postgresql-12-12.4/src/bin/pg_waldump/pg_waldump.c
Examining data/postgresql-12-12.4/src/bin/pg_waldump/rmgrdesc.h
Examining data/postgresql-12-12.4/src/bin/pg_waldump/rmgrdesc.c
Examining data/postgresql-12-12.4/src/bin/pg_waldump/compat.c
Examining data/postgresql-12-12.4/src/bin/pg_resetwal/pg_resetwal.c
Examining data/postgresql-12-12.4/src/bin/pgevent/pgevent.c
Examining data/postgresql-12-12.4/src/bin/pgevent/pgmsgevent.h
Examining data/postgresql-12-12.4/src/bin/pg_test_timing/pg_test_timing.c
Examining data/postgresql-12-12.4/src/bin/pgbench/pgbench.c
Examining data/postgresql-12-12.4/src/bin/pgbench/exprscan.c
Examining data/postgresql-12-12.4/src/bin/pgbench/pgbench.h
Examining data/postgresql-12-12.4/src/bin/pgbench/exprparse.c
Examining data/postgresql-12-12.4/src/bin/pg_rewind/fetch.h
Examining data/postgresql-12-12.4/src/bin/pg_rewind/fetch.c
Examining data/postgresql-12-12.4/src/bin/pg_rewind/datapagemap.h
Examining data/postgresql-12-12.4/src/bin/pg_rewind/filemap.h
Examining data/postgresql-12-12.4/src/bin/pg_rewind/file_ops.c
Examining data/postgresql-12-12.4/src/bin/pg_rewind/pg_rewind.h
Examining data/postgresql-12-12.4/src/bin/pg_rewind/pg_rewind.c
Examining data/postgresql-12-12.4/src/bin/pg_rewind/filemap.c
Examining data/postgresql-12-12.4/src/bin/pg_rewind/copy_fetch.c
Examining data/postgresql-12-12.4/src/bin/pg_rewind/libpq_fetch.c
Examining data/postgresql-12-12.4/src/bin/pg_rewind/file_ops.h
Examining data/postgresql-12-12.4/src/bin/pg_rewind/datapagemap.c
Examining data/postgresql-12-12.4/src/bin/pg_rewind/timeline.c
Examining data/postgresql-12-12.4/src/bin/pg_rewind/parsexlog.c
Examining data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c
Examining data/postgresql-12-12.4/src/bin/pg_dump/parallel.c
Examining data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.h
Examining data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.h
Examining data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c
Examining data/postgresql-12-12.4/src/bin/pg_dump/pg_restore.c
Examining data/postgresql-12-12.4/src/bin/pg_dump/pg_dump_sort.c
Examining data/postgresql-12-12.4/src/bin/pg_dump/pg_backup.h
Examining data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_utils.c
Examining data/postgresql-12-12.4/src/bin/pg_dump/common.c
Examining data/postgresql-12-12.4/src/bin/pg_dump/pg_dumpall.c
Examining data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c
Examining data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_utils.h
Examining data/postgresql-12-12.4/src/bin/pg_dump/compress_io.c
Examining data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c
Examining data/postgresql-12-12.4/src/bin/pg_dump/dumputils.c
Examining data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_db.c
Examining data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_db.h
Examining data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_custom.c
Examining data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_null.c
Examining data/postgresql-12-12.4/src/bin/pg_dump/compress_io.h
Examining data/postgresql-12-12.4/src/bin/pg_dump/parallel.h
Examining data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.h
Examining data/postgresql-12-12.4/src/bin/pg_dump/dumputils.h
Examining data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_directory.c
Examining data/postgresql-12-12.4/src/bin/pg_controldata/pg_controldata.c
Examining data/postgresql-12-12.4/src/bin/initdb/findtimezone.c
Examining data/postgresql-12-12.4/src/bin/initdb/initdb.c
Examining data/postgresql-12-12.4/src/bin/pg_config/pg_config.c
Examining data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c
Examining data/postgresql-12-12.4/src/bin/scripts/createuser.c
Examining data/postgresql-12-12.4/src/bin/scripts/dropdb.c
Examining data/postgresql-12-12.4/src/bin/scripts/createdb.c
Examining data/postgresql-12-12.4/src/bin/scripts/clusterdb.c
Examining data/postgresql-12-12.4/src/bin/scripts/reindexdb.c
Examining data/postgresql-12-12.4/src/bin/scripts/common.c
Examining data/postgresql-12-12.4/src/bin/scripts/common.h
Examining data/postgresql-12-12.4/src/bin/scripts/dropuser.c
Examining data/postgresql-12-12.4/src/bin/scripts/pg_isready.c
Examining data/postgresql-12-12.4/src/bin/scripts/vacuumdb.c
Examining data/postgresql-12-12.4/src/bin/pg_basebackup/walmethods.h
Examining data/postgresql-12-12.4/src/bin/pg_basebackup/pg_recvlogical.c
Examining data/postgresql-12-12.4/src/bin/pg_basebackup/streamutil.h
Examining data/postgresql-12-12.4/src/bin/pg_basebackup/streamutil.c
Examining data/postgresql-12-12.4/src/bin/pg_basebackup/walmethods.c
Examining data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c
Examining data/postgresql-12-12.4/src/bin/pg_basebackup/receivelog.c
Examining data/postgresql-12-12.4/src/bin/pg_basebackup/pg_receivewal.c
Examining data/postgresql-12-12.4/src/bin/pg_basebackup/receivelog.h
Examining data/postgresql-12-12.4/src/bin/pg_upgrade/server.c
Examining data/postgresql-12-12.4/src/bin/pg_upgrade/info.c
Examining data/postgresql-12-12.4/src/bin/pg_upgrade/parallel.c
Examining data/postgresql-12-12.4/src/bin/pg_upgrade/file.c
Examining data/postgresql-12-12.4/src/bin/pg_upgrade/relfilenode.c
Examining data/postgresql-12-12.4/src/bin/pg_upgrade/util.c
Examining data/postgresql-12-12.4/src/bin/pg_upgrade/option.c
Examining data/postgresql-12-12.4/src/bin/pg_upgrade/exec.c
Examining data/postgresql-12-12.4/src/bin/pg_upgrade/tablespace.c
Examining data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c
Examining data/postgresql-12-12.4/src/bin/pg_upgrade/function.c
Examining data/postgresql-12-12.4/src/bin/pg_upgrade/pg_upgrade.c
Examining data/postgresql-12-12.4/src/bin/pg_upgrade/dump.c
Examining data/postgresql-12-12.4/src/bin/pg_upgrade/version.c
Examining data/postgresql-12-12.4/src/bin/pg_upgrade/check.c
Examining data/postgresql-12-12.4/src/bin/pg_upgrade/pg_upgrade.h
Examining data/postgresql-12-12.4/src/bin/psql/tab-complete.h
Examining data/postgresql-12-12.4/src/bin/psql/prompt.h
Examining data/postgresql-12-12.4/src/bin/psql/crosstabview.c
Examining data/postgresql-12-12.4/src/bin/psql/describe.c
Examining data/postgresql-12-12.4/src/bin/psql/mainloop.c
Examining data/postgresql-12-12.4/src/bin/psql/psqlscanslash.h
Examining data/postgresql-12-12.4/src/bin/psql/command.h
Examining data/postgresql-12-12.4/src/bin/psql/help.h
Examining data/postgresql-12-12.4/src/bin/psql/large_obj.h
Examining data/postgresql-12-12.4/src/bin/psql/variables.c
Examining data/postgresql-12-12.4/src/bin/psql/common.c
Examining data/postgresql-12-12.4/src/bin/psql/stringutils.h
Examining data/postgresql-12-12.4/src/bin/psql/copy.h
Examining data/postgresql-12-12.4/src/bin/psql/common.h
Examining data/postgresql-12-12.4/src/bin/psql/psqlscanslash.c
Examining data/postgresql-12-12.4/src/bin/psql/stringutils.c
Examining data/postgresql-12-12.4/src/bin/psql/crosstabview.h
Examining data/postgresql-12-12.4/src/bin/psql/large_obj.c
Examining data/postgresql-12-12.4/src/bin/psql/command.c
Examining data/postgresql-12-12.4/src/bin/psql/startup.c
Examining data/postgresql-12-12.4/src/bin/psql/describe.h
Examining data/postgresql-12-12.4/src/bin/psql/copy.c
Examining data/postgresql-12-12.4/src/bin/psql/input.c
Examining data/postgresql-12-12.4/src/bin/psql/sql_help.c
Examining data/postgresql-12-12.4/src/bin/psql/prompt.c
Examining data/postgresql-12-12.4/src/bin/psql/mainloop.h
Examining data/postgresql-12-12.4/src/bin/psql/tab-complete.c
Examining data/postgresql-12-12.4/src/bin/psql/sql_help.h
Examining data/postgresql-12-12.4/src/bin/psql/help.c
Examining data/postgresql-12-12.4/src/bin/psql/variables.h
Examining data/postgresql-12-12.4/src/bin/psql/input.h
Examining data/postgresql-12-12.4/src/bin/psql/settings.h
Examining data/postgresql-12-12.4/src/bin/pg_archivecleanup/pg_archivecleanup.c
Examining data/postgresql-12-12.4/src/fe_utils/mbprint.c
Examining data/postgresql-12-12.4/src/fe_utils/string_utils.c
Examining data/postgresql-12-12.4/src/fe_utils/print.c
Examining data/postgresql-12-12.4/src/fe_utils/psqlscan.c
Examining data/postgresql-12-12.4/src/fe_utils/simple_list.c
Examining data/postgresql-12-12.4/src/fe_utils/conditional.c
Examining data/postgresql-12-12.4/src/tutorial/funcs.c
Examining data/postgresql-12-12.4/src/tutorial/complex.c
Examining data/postgresql-12-12.4/src/tutorial/funcs_new.c
Examining data/postgresql-12-12.4/src/port/strlcat.c
Examining data/postgresql-12-12.4/src/port/pgsleep.c
Examining data/postgresql-12-12.4/src/port/chklocale.c
Examining data/postgresql-12-12.4/src/port/inet_aton.c
Examining data/postgresql-12-12.4/src/port/dirmod.c
Examining data/postgresql-12-12.4/src/port/pthread-win32.h
Examining data/postgresql-12-12.4/src/port/pgcheckdir.c
Examining data/postgresql-12-12.4/src/port/pg_crc32c_sse42_choose.c
Examining data/postgresql-12-12.4/src/port/qsort.c
Examining data/postgresql-12-12.4/src/port/system.c
Examining data/postgresql-12-12.4/src/port/thread.c
Examining data/postgresql-12-12.4/src/port/strtof.c
Examining data/postgresql-12-12.4/src/port/win32security.c
Examining data/postgresql-12-12.4/src/port/dlopen.c
Examining data/postgresql-12-12.4/src/port/rint.c
Examining data/postgresql-12-12.4/src/port/pgmkdirp.c
Examining data/postgresql-12-12.4/src/port/pg_strong_random.c
Examining data/postgresql-12-12.4/src/port/kill.c
Examining data/postgresql-12-12.4/src/port/sprompt.c
Examining data/postgresql-12-12.4/src/port/unsetenv.c
Examining data/postgresql-12-12.4/src/port/pread.c
Examining data/postgresql-12-12.4/src/port/win32setlocale.c
Examining data/postgresql-12-12.4/src/port/fseeko.c
Examining data/postgresql-12-12.4/src/port/pg_crc32c_armv8.c
Examining data/postgresql-12-12.4/src/port/gettimeofday.c
Examining data/postgresql-12-12.4/src/port/random.c
Examining data/postgresql-12-12.4/src/port/snprintf.c
Examining data/postgresql-12-12.4/src/port/win32error.c
Examining data/postgresql-12-12.4/src/port/mkdtemp.c
Examining data/postgresql-12-12.4/src/port/strnlen.c
Examining data/postgresql-12-12.4/src/port/getpeereid.c
Examining data/postgresql-12-12.4/src/port/getopt.c
Examining data/postgresql-12-12.4/src/port/getaddrinfo.c
Examining data/postgresql-12-12.4/src/port/isinf.c
Examining data/postgresql-12-12.4/src/port/dirent.c
Examining data/postgresql-12-12.4/src/port/quotes.c
Examining data/postgresql-12-12.4/src/port/pwrite.c
Examining data/postgresql-12-12.4/src/port/strlcpy.c
Examining data/postgresql-12-12.4/src/port/pgstrsignal.c
Examining data/postgresql-12-12.4/src/port/pg_bitutils.c
Examining data/postgresql-12-12.4/src/port/getopt_long.c
Examining data/postgresql-12-12.4/src/port/qsort_arg.c
Examining data/postgresql-12-12.4/src/port/crypt.c
Examining data/postgresql-12-12.4/src/port/fls.c
Examining data/postgresql-12-12.4/src/port/pg_crc32c_armv8_choose.c
Examining data/postgresql-12-12.4/src/port/win32env.c
Examining data/postgresql-12-12.4/src/port/erand48.c
Examining data/postgresql-12-12.4/src/port/pqsignal.c
Examining data/postgresql-12-12.4/src/port/noblock.c
Examining data/postgresql-12-12.4/src/port/tar.c
Examining data/postgresql-12-12.4/src/port/srandom.c
Examining data/postgresql-12-12.4/src/port/getrusage.c
Examining data/postgresql-12-12.4/src/port/inet_net_ntop.c
Examining data/postgresql-12-12.4/src/port/pgstrcasecmp.c
Examining data/postgresql-12-12.4/src/port/pg_crc32c_sb8.c
Examining data/postgresql-12-12.4/src/port/pg_crc32c_sse42.c
Examining data/postgresql-12-12.4/src/port/strerror.c
Examining data/postgresql-12-12.4/src/port/path.c
Examining data/postgresql-12-12.4/src/port/open.c
Examining data/postgresql-12-12.4/src/timezone/strftime.c
Examining data/postgresql-12-12.4/src/timezone/localtime.c
Examining data/postgresql-12-12.4/src/timezone/tzfile.h
Examining data/postgresql-12-12.4/src/timezone/pgtz.c
Examining data/postgresql-12-12.4/src/timezone/zic.c
Examining data/postgresql-12-12.4/src/timezone/private.h
Examining data/postgresql-12-12.4/src/timezone/pgtz.h
Examining data/postgresql-12-12.4/src/tools/testint128.c
Examining data/postgresql-12-12.4/src/tools/ifaddrs/test_ifaddrs.c
Examining data/postgresql-12-12.4/src/tools/findoidjoins/findoidjoins.c
Examining data/postgresql-12-12.4/src/pl/plpgsql/src/pl_reserved_kwlist.h
Examining data/postgresql-12-12.4/src/pl/plpgsql/src/pl_reserved_kwlist_d.h
Examining data/postgresql-12-12.4/src/pl/plpgsql/src/pl_unreserved_kwlist_d.h
Examining data/postgresql-12-12.4/src/pl/plpgsql/src/pl_handler.c
Examining data/postgresql-12-12.4/src/pl/plpgsql/src/pl_funcs.c
Examining data/postgresql-12-12.4/src/pl/plpgsql/src/pl_exec.c
Examining data/postgresql-12-12.4/src/pl/plpgsql/src/pl_unreserved_kwlist.h
Examining data/postgresql-12-12.4/src/pl/plpgsql/src/plpgsql.h
Examining data/postgresql-12-12.4/src/pl/plpgsql/src/pl_comp.c
Examining data/postgresql-12-12.4/src/pl/plpgsql/src/pl_gram.c
Examining data/postgresql-12-12.4/src/pl/plpgsql/src/pl_scanner.c
Examining data/postgresql-12-12.4/src/pl/plpgsql/src/plerrcodes.h
Examining data/postgresql-12-12.4/src/pl/plpgsql/src/pl_gram.h
Examining data/postgresql-12-12.4/src/pl/plperl/plperl_helpers.h
Examining data/postgresql-12-12.4/src/pl/plperl/ppport.h
Examining data/postgresql-12-12.4/src/pl/plperl/plperl.c
Examining data/postgresql-12-12.4/src/pl/plperl/plperl.h
Examining data/postgresql-12-12.4/src/pl/tcl/pltclerrcodes.h
Examining data/postgresql-12-12.4/src/pl/tcl/pltcl.c
Examining data/postgresql-12-12.4/src/pl/plpython/plpy_util.h
Examining data/postgresql-12-12.4/src/pl/plpython/plpy_resultobject.h
Examining data/postgresql-12-12.4/src/pl/plpython/plpy_planobject.h
Examining data/postgresql-12-12.4/src/pl/plpython/plpy_subxactobject.h
Examining data/postgresql-12-12.4/src/pl/plpython/plpy_cursorobject.c
Examining data/postgresql-12-12.4/src/pl/plpython/plpy_plpymodule.h
Examining data/postgresql-12-12.4/src/pl/plpython/plpy_elog.h
Examining data/postgresql-12-12.4/src/pl/plpython/plpy_subxactobject.c
Examining data/postgresql-12-12.4/src/pl/plpython/plpy_procedure.h
Examining data/postgresql-12-12.4/src/pl/plpython/plpy_util.c
Examining data/postgresql-12-12.4/src/pl/plpython/plpy_spi.c
Examining data/postgresql-12-12.4/src/pl/plpython/plpy_typeio.h
Examining data/postgresql-12-12.4/src/pl/plpython/plpy_exec.c
Examining data/postgresql-12-12.4/src/pl/plpython/plpy_elog.c
Examining data/postgresql-12-12.4/src/pl/plpython/plpy_procedure.c
Examining data/postgresql-12-12.4/src/pl/plpython/plpy_planobject.c
Examining data/postgresql-12-12.4/src/pl/plpython/plpython.h
Examining data/postgresql-12-12.4/src/pl/plpython/plpy_spi.h
Examining data/postgresql-12-12.4/src/pl/plpython/plpy_plpymodule.c
Examining data/postgresql-12-12.4/src/pl/plpython/plpy_main.c
Examining data/postgresql-12-12.4/src/pl/plpython/plpy_main.h
Examining data/postgresql-12-12.4/src/pl/plpython/plpy_typeio.c
Examining data/postgresql-12-12.4/src/pl/plpython/plpy_resultobject.c
Examining data/postgresql-12-12.4/src/pl/plpython/plpy_exec.h
Examining data/postgresql-12-12.4/src/pl/plpython/plpy_cursorobject.h
Examining data/postgresql-12-12.4/src/pl/plpython/spiexceptions.h
Examining data/postgresql-12-12.4/src/common/keywords.c
Examining data/postgresql-12-12.4/src/common/file_perm.c
Examining data/postgresql-12-12.4/src/common/kwlist_d.h
Examining data/postgresql-12-12.4/src/common/logging.c
Examining data/postgresql-12-12.4/src/common/kwlookup.c
Examining data/postgresql-12-12.4/src/common/base64.c
Examining data/postgresql-12-12.4/src/common/unicode/norm_test.c
Examining data/postgresql-12-12.4/src/common/md5.c
Examining data/postgresql-12-12.4/src/common/ryu_common.h
Examining data/postgresql-12-12.4/src/common/config_info.c
Examining data/postgresql-12-12.4/src/common/relpath.c
Examining data/postgresql-12-12.4/src/common/d2s_intrinsics.h
Examining data/postgresql-12-12.4/src/common/scram-common.c
Examining data/postgresql-12-12.4/src/common/f2s.c
Examining data/postgresql-12-12.4/src/common/ip.c
Examining data/postgresql-12-12.4/src/common/exec.c
Examining data/postgresql-12-12.4/src/common/pg_lzcompress.c
Examining data/postgresql-12-12.4/src/common/link-canary.c
Examining data/postgresql-12-12.4/src/common/digit_table.h
Examining data/postgresql-12-12.4/src/common/fe_memutils.c
Examining data/postgresql-12-12.4/src/common/d2s_full_table.h
Examining data/postgresql-12-12.4/src/common/controldata_utils.c
Examining data/postgresql-12-12.4/src/common/string.c
Examining data/postgresql-12-12.4/src/common/sha2_openssl.c
Examining data/postgresql-12-12.4/src/common/restricted_token.c
Examining data/postgresql-12-12.4/src/common/psprintf.c
Examining data/postgresql-12-12.4/src/common/rmtree.c
Examining data/postgresql-12-12.4/src/common/unicode_norm.c
Examining data/postgresql-12-12.4/src/common/pgfnames.c
Examining data/postgresql-12-12.4/src/common/sha2.c
Examining data/postgresql-12-12.4/src/common/wait_error.c
Examining data/postgresql-12-12.4/src/common/file_utils.c
Examining data/postgresql-12-12.4/src/common/d2s.c
Examining data/postgresql-12-12.4/src/common/saslprep.c
Examining data/postgresql-12-12.4/src/common/username.c

FINAL RESULTS:

data/postgresql-12-12.4/src/backend/access/transam/xlog.c:10513:12:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
			rllen = readlink(fullpath, linkpath, sizeof(linkpath));
data/postgresql-12-12.4/src/backend/commands/tablespace.c:593:6:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	if (chmod(location, pg_dir_create_mode) != 0)
data/postgresql-12-12.4/src/backend/libpq/pqcomm.c:681:7:  [5] (race) chown:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchown( ) instead.
		if (chown(sock_path, -1, gid) == -1)
data/postgresql-12-12.4/src/backend/libpq/pqcomm.c:692:6:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	if (chmod(sock_path, Unix_socket_permissions) == -1)
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:1233:8:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
			if (chmod(external_pid_file, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) != 0)
data/postgresql-12-12.4/src/backend/replication/basebackup.c:1248:12:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
			rllen = readlink(pathbuf, linkpath, sizeof(linkpath));
data/postgresql-12-12.4/src/backend/utils/adt/misc.c:334:10:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
	rllen = readlink(sourcepath, targetpath, sizeof(targetpath));
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:555:8:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
	len = readlink(linkname, link_target, sizeof(link_target));
data/postgresql-12-12.4/src/bin/initdb/initdb.c:1237:6:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	if (chmod(path, pg_file_create_mode) != 0)
data/postgresql-12-12.4/src/bin/initdb/initdb.c:1256:6:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	if (chmod(path, pg_file_create_mode) != 0)
data/postgresql-12-12.4/src/bin/initdb/initdb.c:1342:6:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	if (chmod(path, pg_file_create_mode) != 0)
data/postgresql-12-12.4/src/bin/initdb/initdb.c:1357:6:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	if (chmod(path, pg_file_create_mode) != 0)
data/postgresql-12-12.4/src/bin/initdb/initdb.c:2752:8:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
			if (chmod(pg_data, pg_dir_create_mode) != 0)
data/postgresql-12-12.4/src/bin/initdb/initdb.c:2835:9:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
				if (chmod(xlog_dir, pg_dir_create_mode) != 0)
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:1526:10:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
					if (chmod(filename, (mode_t) filemode))
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:1575:8:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
			if (chmod(filename, (mode_t) filemode))
data/postgresql-12-12.4/src/bin/pg_rewind/copy_fetch.c:115:10:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
			len = readlink(fullpath, link_target, sizeof(link_target));
data/postgresql-12-12.4/src/bin/pg_upgrade/check.c:527:6:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	if (chmod(*analyze_script_file_name, S_IRWXU) != 0)
data/postgresql-12-12.4/src/bin/pg_upgrade/check.c:656:6:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	if (chmod(*deletion_script_file_name, S_IRWXU) != 0)
data/postgresql-12-12.4/src/common/exec.c:284:11:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
		rllen = readlink(fname, link_buf, sizeof(link_buf));
data/postgresql-12-12.4/src/include/port.h:261:9:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
#define readlink(path, buf, size)	pgreadlink(path, buf, size)
data/postgresql-12-12.4/src/include/port/win32_port.h:231:9:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
#define readlink(path, buf, size)	pgreadlink(path, buf, size)
data/postgresql-12-12.4/src/timezone/zic.c:1138:14:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
	return 0 <= readlink(name, &c, 1);
data/postgresql-12-12.4/contrib/adminpack/adminpack.c:300:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access(fn1, W_OK) < 0)
data/postgresql-12-12.4/contrib/adminpack/adminpack.c:309:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (fn3 && access(fn2, W_OK) < 0)
data/postgresql-12-12.4/contrib/adminpack/adminpack.c:318:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	rc = access(fn3 ? fn3 : fn2, W_OK);
data/postgresql-12-12.4/contrib/adminpack/adminpack.c:386:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access(filename, W_OK) < 0)
data/postgresql-12-12.4/contrib/adminpack/adminpack.c:424:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access(filename, W_OK) < 0)
data/postgresql-12-12.4/contrib/adminpack/adminpack.c:549:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(timestampbuf, de->d_name + 11);
data/postgresql-12-12.4/contrib/cube/cubeparse.c:597:21:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define YYFPRINTF fprintf
data/postgresql-12-12.4/contrib/cube/cubeparse.c:1363:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(yyval, yyvsp[0]);
data/postgresql-12-12.4/contrib/cube/cubeparse.c:1373:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(yyval, yyvsp[0]);
data/postgresql-12-12.4/contrib/cube/cubescan.c:739:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef fprintf
data/postgresql-12-12.4/contrib/cube/cubescan.c:740:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define fprintf(file, fmt, msg)  fprintf_to_ereport(fmt, msg)
data/postgresql-12-12.4/contrib/dblink/dblink.c:2755:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(dblink_context_msg, sizeof(dblink_context_msg), fmt, ap);
data/postgresql-12-12.4/contrib/fuzzystrmatch/dmetaphone.c:389:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(s->str, new_str);
data/postgresql-12-12.4/contrib/intarray/_int_bool.c:627:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(in->cur, " %c %s", op, nrm.buf);
data/postgresql-12-12.4/contrib/isn/isn.c:430:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(eanbuf, sizeof(eanbuf), EAN13_FORMAT, ean);
data/postgresql-12-12.4/contrib/isn/isn.c:667:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(eanbuf, sizeof(eanbuf), EAN13_FORMAT, ean);
data/postgresql-12-12.4/contrib/ltree/ltxtquery_io.c:502:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(in->cur, " %c %s", op, nrm.buf);
data/postgresql-12-12.4/contrib/oid2name/oid2name.c:519:10:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		ptr += sprintf(ptr, "c.oid IN (%s)", comma_oids);
data/postgresql-12-12.4/contrib/oid2name/oid2name.c:526:10:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		ptr += sprintf(ptr, "pg_catalog.pg_relation_filenode(c.oid) IN (%s)", comma_filenodes);
data/postgresql-12-12.4/contrib/oid2name/oid2name.c:533:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(ptr, "c.relname ~~ ANY (ARRAY[%s])", comma_tables);
data/postgresql-12-12.4/contrib/pg_standby/pg_standby.c:100:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(restoreCommand, MAXPGPATH, cmd " \"%s\" \"%s\"", arg1, arg2)
data/postgresql-12-12.4/contrib/pg_standby/pg_standby.c:572:8:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		rc = system(restoreCommand);
data/postgresql-12-12.4/contrib/pgcrypto/crypt-des.c:723:3:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		StrNCpy(output, setting, 10);
data/postgresql-12-12.4/contrib/pgcrypto/crypt-md5.c:102:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(passwd, magic);
data/postgresql-12-12.4/contrib/pgcrypto/openssl.c:673:2:  [4] (crypto) EVP_des_ecb:
  DES only supports a 56-bit keysize, which is too small given today's
  computers (CWE-327). Use a different patent-free encryption algorithm with
  a larger keysize, such as 3DES or AES.
	EVP_des_ecb,
data/postgresql-12-12.4/contrib/pgcrypto/openssl.c:679:2:  [4] (crypto) EVP_des_cbc:
  DES only supports a 56-bit keysize, which is too small given today's
  computers (CWE-327). Use a different patent-free encryption algorithm with
  a larger keysize, such as 3DES or AES.
	EVP_des_cbc,
data/postgresql-12-12.4/contrib/pgcrypto/px-crypt.c:47:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(buf, res);
data/postgresql-12-12.4/contrib/pgcrypto/px-crypt.c:75:13:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	char	   *(*crypt) (const char *psw, const char *salt,
data/postgresql-12-12.4/contrib/pgcrypto/px-crypt.c:106:12:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	return c->crypt(psw, salt, buf, len);
data/postgresql-12-12.4/contrib/pgcrypto/px.c:161:3:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		vsnprintf(buf, sizeof(buf), fmt, ap);
data/postgresql-12-12.4/contrib/pgcrypto/px.c:415:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(buf, name);
data/postgresql-12-12.4/contrib/pgcrypto/rijndael.c:617:4:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			printf(i % 16 ? ", " : ",\n  ");
data/postgresql-12-12.4/contrib/pgcrypto/rijndael.c:637:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
				printf(j % 4 ? ", " : ",\n  ");
data/postgresql-12-12.4/contrib/pgcrypto/rijndael.c:639:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		printf(i < 3 ? "\n}, {\n  " : "\n}\n");
data/postgresql-12-12.4/contrib/pgcrypto/rijndael.c:652:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf(hdr);
data/postgresql-12-12.4/contrib/pgrowlocks/pgrowlocks.c:213:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
						strcat(values[Atnum_xids], buf);
data/postgresql-12-12.4/contrib/pgrowlocks/pgrowlocks.c:235:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
						strcat(values[Atnum_modes], buf);
data/postgresql-12-12.4/contrib/pgrowlocks/pgrowlocks.c:238:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
						strcat(values[Atnum_pids], buf);
data/postgresql-12-12.4/contrib/pgstattuple/pgstattuple.c:136:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(values[i++], NCHARS, INT64_FORMAT, stat->table_len);
data/postgresql-12-12.4/contrib/pgstattuple/pgstattuple.c:137:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(values[i++], NCHARS, INT64_FORMAT, stat->tuple_count);
data/postgresql-12-12.4/contrib/pgstattuple/pgstattuple.c:138:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(values[i++], NCHARS, INT64_FORMAT, stat->tuple_len);
data/postgresql-12-12.4/contrib/pgstattuple/pgstattuple.c:140:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(values[i++], NCHARS, INT64_FORMAT, stat->dead_tuple_count);
data/postgresql-12-12.4/contrib/pgstattuple/pgstattuple.c:141:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(values[i++], NCHARS, INT64_FORMAT, stat->dead_tuple_len);
data/postgresql-12-12.4/contrib/pgstattuple/pgstattuple.c:143:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(values[i++], NCHARS, INT64_FORMAT, stat->free_space);
data/postgresql-12-12.4/contrib/seg/seg.c:1002:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(result, &buf[9]);
data/postgresql-12-12.4/contrib/seg/seg.c:1005:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(result, &buf[10]);
data/postgresql-12-12.4/contrib/seg/seg.c:1017:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(result, &buf[9]);
data/postgresql-12-12.4/contrib/seg/seg.c:1020:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(result, &buf[10]);
data/postgresql-12-12.4/contrib/seg/seg.c:1031:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(result, &buf[dp - 2]);
data/postgresql-12-12.4/contrib/seg/seg.c:1034:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(result, &buf[dp - 1]);
data/postgresql-12-12.4/contrib/seg/segparse.c:610:21:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define YYFPRINTF fprintf
data/postgresql-12-12.4/contrib/seg/segscan.c:731:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef fprintf
data/postgresql-12-12.4/contrib/seg/segscan.c:732:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define fprintf(file, fmt, msg)  fprintf_to_ereport(fmt, msg)
data/postgresql-12-12.4/contrib/sepgsql/hooks.c:88:40:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
sepgsql_object_access(ObjectAccessType access,
data/postgresql-12-12.4/contrib/sepgsql/hooks.c:95:31:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		(*next_object_access_hook) (access, classId, objectId, subId, arg);
data/postgresql-12-12.4/contrib/sepgsql/hooks.c:97:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	switch (access)
data/postgresql-12-12.4/contrib/sepgsql/hooks.c:267:59:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
			elog(ERROR, "unexpected object access type: %d", (int) access);
data/postgresql-12-12.4/contrib/uuid-ossp/uuid-ossp.c:280:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(strbuf + (36 - len), ptr);
data/postgresql-12-12.4/contrib/uuid-ossp/uuid-ossp.c:301:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
							strcpy(strbuf + (36 - len), ptr);
data/postgresql-12-12.4/src/backend/access/common/reloptions.c:945:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(VARDATA(t), "%s=%s", def->defname, value);
data/postgresql-12-12.4/src/backend/access/common/reloptions.c:1350:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
							strcpy((char *) rdopts + offset, string_val);
data/postgresql-12-12.4/src/backend/access/gin/ginbtree.c:63:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	return access;
data/postgresql-12-12.4/src/backend/access/gin/ginbtree.c:98:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		int			access;
data/postgresql-12-12.4/src/backend/access/gin/ginbtree.c:127:62:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
			stack->buffer = ginStepRight(stack->buffer, btree->index, access);
data/postgresql-12-12.4/src/backend/access/hash/hashpage.c:69:51:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
_hash_getbuf(Relation rel, BlockNumber blkno, int access, int flags)
data/postgresql-12-12.4/src/backend/access/hash/hashpage.c:78:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access != HASH_NOLOCK)
data/postgresql-12-12.4/src/backend/access/hash/hashpage.c:79:19:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		LockBuffer(buf, access);
data/postgresql-12-12.4/src/backend/access/hash/hashpage.c:239:14:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
						   int access, int flags,
data/postgresql-12-12.4/src/backend/access/hash/hashpage.c:249:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access != HASH_NOLOCK)
data/postgresql-12-12.4/src/backend/access/hash/hashpage.c:250:19:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		LockBuffer(buf, access);
data/postgresql-12-12.4/src/backend/access/hash/hashpage.c:1558:67:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
_hash_getbucketbuf_from_hashkey(Relation rel, uint32 hashkey, int access,
data/postgresql-12-12.4/src/backend/access/hash/hashpage.c:1591:34:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		buf = _hash_getbuf(rel, blkno, access, LH_BUCKET_PAGE);
data/postgresql-12-12.4/src/backend/access/heap/rewriteheap.c:1019:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(path, MAXPGPATH,
data/postgresql-12-12.4/src/backend/access/heap/rewriteheap.c:1142:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(path, MAXPGPATH,
data/postgresql-12-12.4/src/backend/access/heap/rewriteheap.c:1267:7:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
		if (sscanf(mapping_de->d_name, LOGICAL_REWRITE_FORMAT,
data/postgresql-12-12.4/src/backend/access/nbtree/nbtpage.c:261:31:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
_bt_getroot(Relation rel, int access)
data/postgresql-12-12.4/src/backend/access/nbtree/nbtpage.c:348:28:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
			return _bt_getroot(rel, access);
data/postgresql-12-12.4/src/backend/access/nbtree/nbtpage.c:763:49:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
_bt_getbuf(Relation rel, BlockNumber blkno, int access)
data/postgresql-12-12.4/src/backend/access/nbtree/nbtpage.c:771:19:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		LockBuffer(buf, access);
data/postgresql-12-12.4/src/backend/access/nbtree/nbtpage.c:899:68:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
_bt_relandgetbuf(Relation rel, Buffer obuf, BlockNumber blkno, int access)
data/postgresql-12-12.4/src/backend/access/nbtree/nbtpage.c:907:18:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	LockBuffer(buf, access);
data/postgresql-12-12.4/src/backend/access/nbtree/nbtsearch.c:92:62:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
_bt_search(Relation rel, BTScanInsert key, Buffer *bufP, int access,
data/postgresql-12-12.4/src/backend/access/nbtree/nbtsearch.c:99:27:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	*bufP = _bt_getroot(rel, access);
data/postgresql-12-12.4/src/backend/access/nbtree/nbtsearch.c:249:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
			  int access,
data/postgresql-12-12.4/src/backend/access/nbtree/nbtsearch.c:304:33:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
			buf = _bt_getbuf(rel, blkno, access);
data/postgresql-12-12.4/src/backend/access/nbtree/nbtsearch.c:311:56:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
			buf = _bt_relandgetbuf(rel, buf, opaque->btpo_next, access);
data/postgresql-12-12.4/src/backend/access/transam/parallel.c:433:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(entrypointstate, pcxt->library_name);
data/postgresql-12-12.4/src/backend/access/transam/parallel.c:434:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(entrypointstate + lnamelen + 1, pcxt->function_name);
data/postgresql-12-12.4/src/backend/access/transam/slru.c:251:2:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	StrNCpy(ctl->Dir, subdir, sizeof(ctl->Dir));
data/postgresql-12-12.4/src/backend/access/transam/timeline.c:319:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(tmppath, MAXPGPATH, XLOGDIR "/xlogtemp.%d", (int) getpid());
data/postgresql-12-12.4/src/backend/access/transam/timeline.c:475:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(tmppath, MAXPGPATH, XLOGDIR "/xlogtemp.%d", (int) getpid());
data/postgresql-12-12.4/src/backend/access/transam/twophase.c:493:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(gxact->gid, gid);
data/postgresql-12-12.4/src/backend/access/transam/twophase.c:891:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(path, MAXPGPATH, TWOPHASE_DIR "/%08X", xid)
data/postgresql-12-12.4/src/backend/access/transam/twophase.c:2435:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(gxact->gid, gid);
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:3247:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(tmppath, MAXPGPATH, XLOGDIR "/xlogtemp.%d", (int) getpid());
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:3419:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(tmppath, MAXPGPATH, XLOGDIR "/xlogtemp.%d", (int) getpid());
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:3671:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(path, MAXPGPATH, XLOGDIR "/%s", xlogfname);
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:3957:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(path, MAXPGPATH, XLOGDIR "/%s", xlde->d_name);
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:4120:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(path, MAXPGPATH, XLOGDIR "/%s", segname);
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:4212:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(path, MAXPGPATH, XLOGDIR "/archive_status");
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:4254:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
				snprintf(path, sizeof(path), XLOGDIR "/%s", xlde->d_name);
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:7539:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(recoveryPath, MAXPGPATH, XLOGDIR "/RECOVERYXLOG");
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:7543:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(recoveryPath, MAXPGPATH, XLOGDIR "/RECOVERYHISTORY");
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:11489:8:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
			if (sscanf(str, "%s %n", tbsoid, &n) != 1)
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:101:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(xlogpath, MAXPGPATH, XLOGDIR "/%s", recovername);
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:168:6:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					StrNCpy(dp, xlogpath, endp - dp);
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:175:6:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					StrNCpy(dp, xlogfname, endp - dp);
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:181:6:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					StrNCpy(dp, lastRestartPointFname, endp - dp);
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:217:7:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	rc = system(xlogRestoreCmd);
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:261:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(path, xlogpath);
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:316:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(path, MAXPGPATH, XLOGDIR "/%s", xlogfname);
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:371:6:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					StrNCpy(dp, lastRestartPointFname, endp - dp);
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:401:7:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	rc = system(xlogRecoveryCmd);
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:431:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(xlogfpath, MAXPGPATH, XLOGDIR "/%s", xlogfname);
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:695:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(archiveStatusPath, MAXPGPATH, XLOGDIR "/%s", xlog);
data/postgresql-12-12.4/src/backend/access/transam/xlogreader.c:59:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(state->errormsg_buf, MAX_ERRORMSG_LEN, fmt, args);
data/postgresql-12-12.4/src/backend/access/transam/xlogreader.c:793:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(fhdrident_str, sizeof(fhdrident_str), UINT64_FORMAT,
data/postgresql-12-12.4/src/backend/access/transam/xlogreader.c:795:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(sysident_str, sizeof(sysident_str), UINT64_FORMAT,
data/postgresql-12-12.4/src/backend/bootstrap/bootparse.c:788:21:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define YYFPRINTF fprintf
data/postgresql-12-12.4/src/backend/bootstrap/bootscanner.c:831:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef fprintf
data/postgresql-12-12.4/src/backend/bootstrap/bootscanner.c:832:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define fprintf(file, fmt, msg)  fprintf_to_ereport(fmt, msg)
data/postgresql-12-12.4/src/backend/catalog/catalog.c:446:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (access(rpath, F_OK) == 0)
data/postgresql-12-12.4/src/backend/catalog/pg_constraint.c:502:2:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	StrNCpy(modlabel, label, sizeof(modlabel));
data/postgresql-12-12.4/src/backend/catalog/pg_type.c:801:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(arr + i, typeName);
data/postgresql-12-12.4/src/backend/commands/async.c:624:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(actrec->channel, channel);
data/postgresql-12-12.4/src/backend/commands/copy.c:2245:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(curlineno_str, sizeof(curlineno_str), UINT64_FORMAT,
data/postgresql-12-12.4/src/backend/commands/createas.c:358:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(completionTag, COMPLETION_TAG_BUFSIZE,
data/postgresql-12-12.4/src/backend/commands/explain.c:3610:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(buf, sizeof(buf), INT64_FORMAT, value);
data/postgresql-12-12.4/src/backend/commands/foreigncmds.c:82:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(VARDATA(t), "%s=%s", def->defname, value);
data/postgresql-12-12.4/src/backend/commands/indexcmds.c:2173:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(name + ndx, label);
data/postgresql-12-12.4/src/backend/commands/indexcmds.c:2215:2:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	StrNCpy(modlabel, label, sizeof(modlabel));
data/postgresql-12-12.4/src/backend/commands/indexcmds.c:2374:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(buf + nlen, nbuf);
data/postgresql-12-12.4/src/backend/commands/portalcmds.c:206:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(completionTag, COMPLETION_TAG_BUFSIZE, "%s " UINT64_FORMAT,
data/postgresql-12-12.4/src/backend/commands/sequence.c:706:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
					snprintf(buf, sizeof(buf), INT64_FORMAT, maxv);
data/postgresql-12-12.4/src/backend/commands/sequence.c:729:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
					snprintf(buf, sizeof(buf), INT64_FORMAT, minv);
data/postgresql-12-12.4/src/backend/commands/sequence.c:958:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(bufv, sizeof(bufv), INT64_FORMAT, next);
data/postgresql-12-12.4/src/backend/commands/sequence.c:959:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(bufm, sizeof(bufm), INT64_FORMAT, minv);
data/postgresql-12-12.4/src/backend/commands/sequence.c:960:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(bufx, sizeof(bufx), INT64_FORMAT, maxv);
data/postgresql-12-12.4/src/backend/commands/sequence.c:1470:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(bufx, sizeof(bufx), INT64_FORMAT, seqform->seqmax);
data/postgresql-12-12.4/src/backend/commands/sequence.c:1507:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(bufm, sizeof(bufm), INT64_FORMAT, seqform->seqmin);
data/postgresql-12-12.4/src/backend/commands/sequence.c:1521:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(bufm, sizeof(bufm), INT64_FORMAT, seqform->seqmin);
data/postgresql-12-12.4/src/backend/commands/sequence.c:1522:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(bufx, sizeof(bufx), INT64_FORMAT, seqform->seqmax);
data/postgresql-12-12.4/src/backend/commands/sequence.c:1548:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(bufs, sizeof(bufs), INT64_FORMAT, seqform->seqstart);
data/postgresql-12-12.4/src/backend/commands/sequence.c:1549:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(bufm, sizeof(bufm), INT64_FORMAT, seqform->seqmin);
data/postgresql-12-12.4/src/backend/commands/sequence.c:1560:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(bufs, sizeof(bufs), INT64_FORMAT, seqform->seqstart);
data/postgresql-12-12.4/src/backend/commands/sequence.c:1561:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(bufm, sizeof(bufm), INT64_FORMAT, seqform->seqmax);
data/postgresql-12-12.4/src/backend/commands/sequence.c:1590:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(bufs, sizeof(bufs), INT64_FORMAT, seqdataform->last_value);
data/postgresql-12-12.4/src/backend/commands/sequence.c:1591:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(bufm, sizeof(bufm), INT64_FORMAT, seqform->seqmin);
data/postgresql-12-12.4/src/backend/commands/sequence.c:1602:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(bufs, sizeof(bufs), INT64_FORMAT, seqdataform->last_value);
data/postgresql-12-12.4/src/backend/commands/sequence.c:1603:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(bufm, sizeof(bufm), INT64_FORMAT, seqform->seqmax);
data/postgresql-12-12.4/src/backend/commands/sequence.c:1618:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(buf, sizeof(buf), INT64_FORMAT, seqform->seqcache);
data/postgresql-12-12.4/src/backend/commands/statscmds.c:574:2:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	StrNCpy(modlabel, label, sizeof(modlabel));
data/postgresql-12-12.4/src/backend/commands/tablecmds.c:589:2:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	StrNCpy(relname, stmt->relation->relname, NAMEDATALEN);
data/postgresql-12-12.4/src/backend/libpq/auth.c:1687:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(domainname, p + 1);
data/postgresql-12-12.4/src/backend/libpq/auth.c:1702:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(accountname, upname);
data/postgresql-12-12.4/src/backend/libpq/hba.c:394:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(inc_fullname, outer_filename);
data/postgresql-12-12.4/src/backend/libpq/hba.c:2864:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(regexp_pgrole, ofs + 2);
data/postgresql-12-12.4/src/backend/optimizer/plan/subselect.c:558:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(splan->plan_name, "%s %d",
data/postgresql-12-12.4/src/backend/optimizer/plan/subselect.c:568:11:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			ptr += sprintf(ptr, "$%d%s",
data/postgresql-12-12.4/src/backend/parser/gram.c:25042:21:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define YYFPRINTF fprintf
data/postgresql-12-12.4/src/backend/parser/scan.c:8767:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef fprintf
data/postgresql-12-12.4/src/backend/parser/scan.c:8768:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define fprintf(file, fmt, msg)  fprintf_to_ereport(fmt, msg)
data/postgresql-12-12.4/src/backend/postmaster/bgworker.c:639:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(worker->bgw_type, worker->bgw_name);
data/postgresql-12-12.4/src/backend/postmaster/bgworker.c:1266:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(result, slot->worker.bgw_type);
data/postgresql-12-12.4/src/backend/postmaster/pgarch.c:483:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(pathname, MAXPGPATH, XLOGDIR "/%s", xlog);
data/postgresql-12-12.4/src/backend/postmaster/pgarch.c:566:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(pathname, MAXPGPATH, XLOGDIR "/%s", xlog);
data/postgresql-12-12.4/src/backend/postmaster/pgarch.c:623:7:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	rc = system(xlogarchcmd);
data/postgresql-12-12.4/src/backend/postmaster/pgarch.c:720:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(XLogArchiveStatusDir, MAXPGPATH, XLOGDIR "/archive_status");
data/postgresql-12-12.4/src/backend/postmaster/pgarch.c:759:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(xlog, basename);
data/postgresql-12-12.4/src/backend/postmaster/pgarch.c:766:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(xlog, basename);
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:3437:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(localappname, (char *) beentry->st_appname);
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:3439:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(localclienthostname, (char *) beentry->st_clienthostname);
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:3441:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(localactivity, (char *) beentry->st_activity_raw);
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:4380:2:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	StrNCpy(msg.m_xlog, xlog, sizeof(msg.m_xlog));
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:4577:7:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		if (execv(postgres_exec_path, argv) < 0)
data/postgresql-12-12.4/src/backend/regex/regerror.c:101:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
				sprintf(convbuf, unk, errcode);
data/postgresql-12-12.4/src/backend/regex/regerror.c:111:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(errbuf, msg);
data/postgresql-12-12.4/src/backend/replication/basebackup.c:513:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(pathbuf, MAXPGPATH, XLOGDIR "/%s", walFiles[i]);
data/postgresql-12-12.4/src/backend/replication/basebackup.c:604:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(pathbuf, MAXPGPATH, XLOGDIR "/%s", fname);
data/postgresql-12-12.4/src/backend/replication/basebackup.c:629:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(buf, sizeof(buf), INT64_FORMAT, total_checksum_failures);
data/postgresql-12-12.4/src/backend/replication/basebackup.c:799:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(is, INT64_FORMAT, intval);
data/postgresql-12-12.4/src/backend/replication/logical/logical.c:276:2:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	StrNCpy(NameStr(slot->data.plugin), plugin, NAMEDATALEN);
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2850:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(path, "pg_replslot/%s", slotname);
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:3307:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(path, "pg_logical/mappings/%s", fname);
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:3455:7:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
		if (sscanf(mapping_de->d_name, LOGICAL_REWRITE_FORMAT,
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:3481:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(f->fname, mapping_de->d_name);
data/postgresql-12-12.4/src/backend/replication/repl_gram.c:708:21:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define YYFPRINTF fprintf
data/postgresql-12-12.4/src/backend/replication/repl_scanner.c:951:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef fprintf
data/postgresql-12-12.4/src/backend/replication/repl_scanner.c:952:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define fprintf(file, fmt, msg)  fprintf_to_ereport(fmt, msg)
data/postgresql-12-12.4/src/backend/replication/slot.c:277:2:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	StrNCpy(NameStr(slot->data.name), name, NAMEDATALEN);
data/postgresql-12-12.4/src/backend/replication/slot.c:560:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(path, "pg_replslot/%s", NameStr(slot->data.name));
data/postgresql-12-12.4/src/backend/replication/slot.c:561:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(tmppath, "pg_replslot/%s.tmp", NameStr(slot->data.name));
data/postgresql-12-12.4/src/backend/replication/slot.c:651:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(path, "pg_replslot/%s", NameStr(MyReplicationSlot->data.name));
data/postgresql-12-12.4/src/backend/replication/slot.c:1098:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(path, "pg_replslot/%s", NameStr(s->data.name));
data/postgresql-12-12.4/src/backend/replication/slot.c:1181:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(path, "pg_replslot/%s", NameStr(slot->data.name));
data/postgresql-12-12.4/src/backend/replication/slot.c:1182:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(tmppath, "pg_replslot/%s.tmp", NameStr(slot->data.name));
data/postgresql-12-12.4/src/backend/replication/slot.c:1253:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(tmppath, "%s/state.tmp", dir);
data/postgresql-12-12.4/src/backend/replication/slot.c:1254:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(path, "%s/state", dir);
data/postgresql-12-12.4/src/backend/replication/slot.c:1398:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(slotdir, "pg_replslot/%s", name);
data/postgresql-12-12.4/src/backend/replication/slot.c:1399:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(path, "%s/state.tmp", slotdir);
data/postgresql-12-12.4/src/backend/replication/slot.c:1405:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(path, "%s/state", slotdir);
data/postgresql-12-12.4/src/backend/replication/syncrep_gram.c:621:21:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define YYFPRINTF fprintf
data/postgresql-12-12.4/src/backend/replication/syncrep_gram.c:1580:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(ptr, standby_name);
data/postgresql-12-12.4/src/backend/replication/syncrep_scanner.c:745:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef fprintf
data/postgresql-12-12.4/src/backend/replication/syncrep_scanner.c:746:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define fprintf(file, fmt, msg)  fprintf_to_ereport(fmt, msg)
data/postgresql-12-12.4/src/backend/replication/walreceiver.c:317:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(standby_sysid, sizeof(standby_sysid), UINT64_FORMAT,
data/postgresql-12-12.4/src/backend/replication/walsender.c:363:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(sysid, sizeof(sysid), UINT64_FORMAT,
data/postgresql-12-12.4/src/backend/storage/file/fd.c:2339:9:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	file = popen(command, mode);
data/postgresql-12-12.4/src/backend/storage/ipc/dsm.c:299:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(buf, sizeof(buf), PG_DYNSHMEM_DIR "/%s", dent->d_name);
data/postgresql-12-12.4/src/backend/storage/ipc/dsm_impl.c:781:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(name, 64, PG_DYNSHMEM_DIR "/" PG_DYNSHMEM_MMAP_FILE_PREFIX "%u",
data/postgresql-12-12.4/src/backend/storage/lmgr/lwlock.c:478:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(name, request->tranche_name);
data/postgresql-12-12.4/src/backend/storage/lmgr/lwlock.c:670:2:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	StrNCpy(request->tranche_name, tranche_name, NAMEDATALEN);
data/postgresql-12-12.4/src/backend/storage/smgr/md.c:347:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(segpath, "%s.%u", path, segno);
data/postgresql-12-12.4/src/backend/tcop/pquery.c:173:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
				snprintf(completionTag, COMPLETION_TAG_BUFSIZE,
data/postgresql-12-12.4/src/backend/tcop/pquery.c:180:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
				snprintf(completionTag, COMPLETION_TAG_BUFSIZE,
data/postgresql-12-12.4/src/backend/tcop/pquery.c:185:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
				snprintf(completionTag, COMPLETION_TAG_BUFSIZE,
data/postgresql-12-12.4/src/backend/tcop/pquery.c:190:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
				snprintf(completionTag, COMPLETION_TAG_BUFSIZE,
data/postgresql-12-12.4/src/backend/tcop/pquery.c:780:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
						snprintf(completionTag, COMPLETION_TAG_BUFSIZE,
data/postgresql-12-12.4/src/backend/tcop/pquery.c:783:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(completionTag, portal->commandTag);
data/postgresql-12-12.4/src/backend/tcop/pquery.c:1367:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(completionTag, portal->commandTag);
data/postgresql-12-12.4/src/backend/tcop/utility.c:555:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
					snprintf(completionTag, COMPLETION_TAG_BUFSIZE,
data/postgresql-12-12.4/src/backend/tsearch/spell.c:165:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(res, str);
data/postgresql-12-12.4/src/backend/tsearch/spell.c:501:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(Conf->Spell[Conf->nspell]->word, word);
data/postgresql-12-12.4/src/backend/tsearch/spell.c:724:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(tmask, "%s$", mask);
data/postgresql-12-12.4/src/backend/tsearch/spell.c:726:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(tmask, "^%s", mask);
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1590:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(*ptr, "%s,%s", Conf->AffixData[a1], Conf->AffixData[a2]);
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1597:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(*ptr, "%s%s", Conf->AffixData[a1], Conf->AffixData[a2]);
data/postgresql-12-12.4/src/backend/tsearch/spell.c:2098:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(newword, word);
data/postgresql-12-12.4/src/backend/tsearch/spell.c:2099:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(newword + len - Affix->replen, Affix->find);
data/postgresql-12-12.4/src/backend/tsearch/spell.c:2111:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(newword, Affix->find);
data/postgresql-12-12.4/src/backend/tsearch/spell.c:2112:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(newword, word + Affix->replen);
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:1197:25:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
#define APPENDSTR(str)	(strcpy(p, (str)), p += strlen(p))
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:58:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(buf, "%s hundred", small[value / 100]);
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:67:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(buf, "%s hundred %s",
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:70:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(buf, "%s hundred and %s",
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:73:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(buf, "%s hundred %s %s",
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:80:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(buf, "%s", big[tu / 10]);
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:82:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(buf, "%s", small[tu]);
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:84:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(buf, "%s %s", big[tu / 10], small[tu % 10]);
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:982:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(buf, num_word(m6));
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:988:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(buf, num_word(m5));
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:994:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(buf, num_word(m4));
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:1000:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(buf, num_word(m3));
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:1006:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(buf, num_word(m2));
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:1011:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(buf, num_word(m1));
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:1016:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(buf, (val / 100) == 1 ? " dollar and " : " dollars and ");
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:1017:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(buf, num_word(m0));
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:1018:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(buf, m0 == 1 ? " cent" : " cents");
data/postgresql-12-12.4/src/backend/utils/adt/date.c:293:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(str, EARLY);
data/postgresql-12-12.4/src/backend/utils/adt/date.c:295:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(str, LATE);
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4145:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(cp, "%s%s%d %s%s",
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4176:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(cp, " %d %s%s", value, units, (value == 1) ? "" : "s");
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4341:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(cp, "%s%s%02d:%02d:",
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4374:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(cp, " sec%s",
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4539:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(dtza->zone, abbr->zone);
data/postgresql-12-12.4/src/backend/utils/adt/dbsize.c:542:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(buf, sizeof(buf), INT64_FORMAT " bytes", size);
data/postgresql-12-12.4/src/backend/utils/adt/dbsize.c:547:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(buf, sizeof(buf), INT64_FORMAT " kB",
data/postgresql-12-12.4/src/backend/utils/adt/dbsize.c:553:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
				snprintf(buf, sizeof(buf), INT64_FORMAT " MB",
data/postgresql-12-12.4/src/backend/utils/adt/dbsize.c:559:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
					snprintf(buf, sizeof(buf), INT64_FORMAT " GB",
data/postgresql-12-12.4/src/backend/utils/adt/dbsize.c:564:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
					snprintf(buf, sizeof(buf), INT64_FORMAT " TB",
data/postgresql-12-12.4/src/backend/utils/adt/format_type.c:462:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(result, typename);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:1456:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(dest, num);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:1457:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(dest, get_th(num, type));
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2451:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(s, n->character);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2460:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(s, (tm->tm_hour % HOURS_PER_DAY >= HOURS_PER_DAY / 2)
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2466:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(s, (tm->tm_hour % HOURS_PER_DAY >= HOURS_PER_DAY / 2)
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2472:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(s, (tm->tm_hour % HOURS_PER_DAY >= HOURS_PER_DAY / 2)
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2478:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(s, (tm->tm_hour % HOURS_PER_DAY >= HOURS_PER_DAY / 2)
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2544:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(s, p);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2553:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(s, tmtcTzn(in));
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2587:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(s, (tm->tm_year <= 0 ? B_C_STR : A_D_STR));
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2593:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(s, (tm->tm_year <= 0 ? BC_STR : AD_STR));
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2599:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(s, (tm->tm_year <= 0 ? b_c_STR : a_d_STR));
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2605:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(s, (tm->tm_year <= 0 ? bc_STR : ad_STR));
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2617:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(s, str);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2624:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
					sprintf(s, "%*s", S_FM(n->suffix) ? 0 : -9,
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2637:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(s, str);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2644:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
					sprintf(s, "%*s", S_FM(n->suffix) ? 0 : -9,
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2657:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(s, str);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2664:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
					sprintf(s, "%*s", S_FM(n->suffix) ? 0 : -9,
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2677:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(s, str);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2684:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(s, asc_toupper_z(months[tm->tm_mon - 1]));
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2696:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(s, str);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2703:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(s, months[tm->tm_mon - 1]);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2715:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(s, str);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2722:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(s, asc_tolower_z(months[tm->tm_mon - 1]));
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2739:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(s, str);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2746:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
					sprintf(s, "%*s", S_FM(n->suffix) ? 0 : -9,
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2757:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(s, str);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2764:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
					sprintf(s, "%*s", S_FM(n->suffix) ? 0 : -9,
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2775:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(s, str);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2782:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
					sprintf(s, "%*s", S_FM(n->suffix) ? 0 : -9,
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2793:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(s, str);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2800:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(s, asc_toupper_z(days_short[tm->tm_wday]));
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2810:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(s, str);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2817:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(s, days_short[tm->tm_wday]);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2827:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(s, str);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2834:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(s, asc_tolower_z(days_short[tm->tm_wday]));
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2978:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(s, "%*s", S_FM(n->suffix) ? 0 : -4,
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2985:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(s, "%*s", S_FM(n->suffix) ? 0 : -4,
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:3433:3:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		StrNCpy(old->str, str, DCH_CACHE_SIZE + 1);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:3447:3:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		StrNCpy(ent->str, str, DCH_CACHE_SIZE + 1);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:4114:3:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		StrNCpy(old->str, str, NUM_CACHE_SIZE + 1);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:4128:3:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		StrNCpy(ent->str, str, NUM_CACHE_SIZE + 1);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:4277:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
				strcat(result, rm100[num]);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:4279:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
				strcat(result, rm10[num]);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:4281:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
				strcat(result, rm1[num]);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:4664:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(Np->inout_p, Np->L_negative_sign);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:4666:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(Np->inout_p, Np->L_positive_sign);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:4732:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(Np->inout_p, Np->decimal);	/* Write DEC/D */
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:4742:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(Np->inout_p, Np->decimal);	/* Write DEC/D */
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:4802:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(Np->inout_p, Np->L_negative_sign);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:4804:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(Np->inout_p, Np->L_positive_sign);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:4860:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		return strcpy(inout, number);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:5092:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
							strcpy(Np->inout_p, pattern);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:5122:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(Np->inout_p, pattern);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:5135:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(Np->inout_p, Np->number_p);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:5140:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
						sprintf(Np->inout_p, "%15s", Np->number_p);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:5148:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(Np->inout_p, asc_tolower_z(Np->number_p));
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:5153:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
						sprintf(Np->inout_p, "%15s", asc_tolower_z(Np->number_p));
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:5165:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(Np->inout_p, get_th(Np->number, TH_LOWER));
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:5183:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(Np->inout_p, get_th(Np->number, TH_UPPER));
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:5270:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(Np->inout_p, n->character);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:5461:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(numstr + 1, orgnum);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:5597:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(numstr, orgnum);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:5668:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(numstr + 1, orgnum);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:5707:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(numstr, orgnum);
data/postgresql-12-12.4/src/backend/utils/adt/inet_cidr_ntop.c:35:27:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#define SPRINTF(x) strlen(sprintf/**/x)
data/postgresql-12-12.4/src/backend/utils/adt/inet_cidr_ntop.c:37:29:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#define SPRINTF(x) ((size_t)sprintf x)
data/postgresql-12-12.4/src/backend/utils/adt/inet_cidr_ntop.c:287:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dst, outbuf);
data/postgresql-12-12.4/src/backend/utils/adt/jsonpath_gram.c:809:21:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define YYFPRINTF fprintf
data/postgresql-12-12.4/src/backend/utils/adt/jsonpath_scan.c:2437:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef fprintf
data/postgresql-12-12.4/src/backend/utils/adt/jsonpath_scan.c:2438:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define fprintf(file, fmt, msg)  fprintf_to_ereport(fmt, msg)
data/postgresql-12-12.4/src/backend/utils/adt/name.c:237:2:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	StrNCpy(NameStr(*n1), NameStr(*n2), NAMEDATALEN);
data/postgresql-12-12.4/src/backend/utils/adt/name.c:254:2:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	StrNCpy(NameStr(*name), str, NAMEDATALEN);
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:79:8:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
#undef StrNCpy
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:81:8:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
#ifdef StrNCpy
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:1022:5:  [4] (buffer) wcscpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
				wcscpy(argv[1], pStr);
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:1045:6:  [4] (buffer) wcscpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
					wcscpy(argv[1], pStr);
data/postgresql-12-12.4/src/backend/utils/adt/pg_lsn.c:218:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(buf, sizeof buf, "-" UINT64_FORMAT, lsn2 - lsn1);
data/postgresql-12-12.4/src/backend/utils/adt/pg_lsn.c:220:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(buf, sizeof buf, UINT64_FORMAT, lsn1 - lsn2);
data/postgresql-12-12.4/src/backend/utils/adt/regproc.c:607:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(result, "%s.%s", nspname, oprname);
data/postgresql-12-12.4/src/backend/utils/adt/ruleutils.c:2468:3:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		StrNCpy(NameStr(*result), NameStr(role_rec->rolname), NAMEDATALEN);
data/postgresql-12-12.4/src/backend/utils/adt/timestamp.c:1516:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(str, EARLY);
data/postgresql-12-12.4/src/backend/utils/adt/timestamp.c:1518:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(str, LATE);
data/postgresql-12-12.4/src/backend/utils/adt/timestamp.c:1617:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(buf, sizeof(buf), templ, tp.tv_usec);
data/postgresql-12-12.4/src/backend/utils/adt/tsgistidx.c:102:3:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		sprintf(outbuf, ARROUTSTR, (int) ARRNELEM(key));
data/postgresql-12-12.4/src/backend/utils/adt/tsgistidx.c:107:3:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		sprintf(outbuf, SINGOUTSTR, cnttrue, (int) SIGLENBIT - cnttrue);
data/postgresql-12-12.4/src/backend/utils/adt/tsquery.c:1104:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(in->cur, " | %s", nrm.buf);
data/postgresql-12-12.4/src/backend/utils/adt/tsquery.c:1107:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(in->cur, " & %s", nrm.buf);
data/postgresql-12-12.4/src/backend/utils/adt/tsquery.c:1111:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
					sprintf(in->cur, " <%d> %s", distance, nrm.buf);
data/postgresql-12-12.4/src/backend/utils/adt/tsquery.c:1113:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
					sprintf(in->cur, " <-> %s", nrm.buf);
data/postgresql-12-12.4/src/backend/utils/error/elog.c:3395:2:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vfprintf(stderr, fmt, ap);
data/postgresql-12-12.4/src/backend/utils/error/elog.c:3398:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(errbuf, sizeof(errbuf), fmt, ap);
data/postgresql-12-12.4/src/backend/utils/fmgr/dfmgr.c:233:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(file_scanner->filename, libname);
data/postgresql-12-12.4/src/backend/utils/fmgr/dfmgr.c:671:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(full, "%s/%s", mangled, basename);
data/postgresql-12-12.4/src/backend/utils/hash/dynahash.c:353:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(hashp->tabname, tabname);
data/postgresql-12-12.4/src/backend/utils/init/postinit.c:915:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(out_dbname, dbname);
data/postgresql-12-12.4/src/backend/utils/init/postinit.c:1007:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (access(fullpath, F_OK) == -1)
data/postgresql-12-12.4/src/backend/utils/misc/guc-file.c:776:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef fprintf
data/postgresql-12-12.4/src/backend/utils/misc/guc-file.c:777:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define fprintf(file, fmt, msg) GUC_flex_fatal(msg)
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:5364:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(fname, "%s/%s", configdir, CONFIG_FILENAME);
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:5457:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(fname, "%s/%s", configdir, HBA_FILENAME);
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:5480:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(fname, "%s/%s", configdir, IDENT_FILENAME);
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:9564:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
					snprintf(buffer, sizeof(buffer), INT64_FORMAT "%s",
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:10029:6:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	n = vsnprintf(*destptr, *maxbytes, fmt, vargs);
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:11380:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(dname, "%s", newval);
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:11384:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(tname, "%s/global.tmp", newval);
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:11386:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(fname, "%s/global.stat", newval);
data/postgresql-12-12.4/src/backend/utils/misc/ps_status.c:307:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(ps_buffer, ps_buffer_size,
data/postgresql-12-12.4/src/backend/utils/misc/ps_status.c:313:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(ps_buffer, ps_buffer_size,
data/postgresql-12-12.4/src/backend/utils/misc/ps_status.c:396:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(name, "pgident(%d): %s", MyProcPid, ps_buffer);
data/postgresql-12-12.4/src/backend/utils/sort/sharedtuplestore.c:147:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(sts->name, name);
data/postgresql-12-12.4/src/backend/utils/time/snapmgr.c:1245:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(path, sizeof(path), SNAPSHOT_EXPORT_DIR "/%08X-%08X-%d",
data/postgresql-12-12.4/src/backend/utils/time/snapmgr.c:1509:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(path, MAXPGPATH, SNAPSHOT_EXPORT_DIR "/%s", idstr);
data/postgresql-12-12.4/src/backend/utils/time/snapmgr.c:1669:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(buf, sizeof(buf), SNAPSHOT_EXPORT_DIR "/%s", s_de->d_name);
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:76:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(fullname, name);
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:117:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tz.TZname, name);
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:460:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(std_zone_name, cbuf);
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:468:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(dst_zone_name, cbuf);
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:494:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(resultbuf, std_zone_name);
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:595:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(bestzonename, cur_name);
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:1614:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(localtzname, keyname);
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:1632:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(localtzname, keyname);
data/postgresql-12-12.4/src/bin/initdb/initdb.c:312:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	if (fprintf(cmdfd, fmt, arg1) < 0 || fflush(cmdfd) < 0) \
data/postgresql-12-12.4/src/bin/initdb/initdb.c:318:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	if (fprintf(cmdfd, fmt, arg1, arg2) < 0 || fflush(cmdfd) < 0) \
data/postgresql-12-12.4/src/bin/initdb/initdb.c:324:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	if (fprintf(cmdfd, fmt, arg1, arg2, arg3) < 0 || fflush(cmdfd) < 0) \
data/postgresql-12-12.4/src/bin/initdb/initdb.c:440:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(newline + pre + replen, lines[i] + pre + toklen);
data/postgresql-12-12.4/src/bin/initdb/initdb.c:580:10:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	cmdfd = popen(command, mode);
data/postgresql-12-12.4/src/bin/initdb/initdb.c:1005:12:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		status = system(cmd);
data/postgresql-12-12.4/src/bin/initdb/initdb.c:1041:12:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		status = system(cmd);
data/postgresql-12-12.4/src/bin/initdb/initdb.c:1253:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(path, "%s/postgresql.auto.conf", pg_data);
data/postgresql-12-12.4/src/bin/initdb/initdb.c:2510:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(bin_path, backend_exec);
data/postgresql-12-12.4/src/bin/pg_archivecleanup/pg_archivecleanup.c:196:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(exclusiveCleanupFileName, restartWALFileName);
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:746:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(totaldone_str, sizeof(totaldone_str), INT64_FORMAT,
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:748:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(totalsize_str, sizeof(totalsize_str), INT64_FORMAT, totalsize);
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:759:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(stderr,
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:771:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(stderr,
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:787:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(stderr,
data/postgresql-12-12.4/src/bin/pg_basebackup/receivelog.c:467:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(slotcmd, "SLOT \"%s\" ", stream->replication_slot);
data/postgresql-12-12.4/src/bin/pg_basebackup/streamutil.c:315:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	if (sscanf(PQgetvalue(res, 0, 0), "%d%s", &xlog_val, xlog_unit) != 2)
data/postgresql-12-12.4/src/bin/pg_basebackup/walmethods.c:1001:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(tar_data->tarfilename, "%s%s", tarbase, suffix);
data/postgresql-12-12.4/src/bin/pg_checksums/pg_checksums.c:155:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(total_size_str, sizeof(total_size_str), INT64_FORMAT,
data/postgresql-12-12.4/src/bin/pg_checksums/pg_checksums.c:157:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(current_size_str, sizeof(current_size_str), INT64_FORMAT,
data/postgresql-12-12.4/src/bin/pg_checksums/pg_checksums.c:165:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(stderr, isatty(fileno(stderr)) ? "\r" : "\n");
data/postgresql-12-12.4/src/bin/pg_controldata/pg_controldata.c:181:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		printf(ngettext("The WAL segment size stored in the file, %d byte, is not a power of two\n"
data/postgresql-12-12.4/src/bin/pg_controldata/pg_controldata.c:230:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(sysident_str, sizeof(sysident_str), UINT64_FORMAT,
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:216:2:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vfprintf(stderr, fmt, ap);
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:227:3:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		vsnprintf(errbuf, sizeof(errbuf), fmt, ap);
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:233:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		vfprintf(stderr, fmt, ap);
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:503:9:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	(void) execl("/bin/sh", "/bin/sh", "-c", cmd, (char *) NULL);
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:850:6:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	if (system(cmd) != 0)
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:2247:7:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	fd = popen(cmd, "r");
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_directory.c:458:7:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
		if (sscanf(line, "%u %s\n", &oid, fname) != 2)
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_directory.c:729:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(buf, dname);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_directory.c:731:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(buf, relativeFilename);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:968:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(fname, "blob_%u.dat%s", oid, sfx);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:1115:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(buf1, sizeof(buf1), INT64_FORMAT, (int64) len);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:1116:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(buf2, sizeof(buf2), INT64_FORMAT, (int64) th->fileLen);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:1152:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(buf1, sizeof(buf1), INT64_FORMAT, (int64) ctx->tarFHpos);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:1153:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(buf2, sizeof(buf2), INT64_FORMAT, (int64) ctx->tarNextMember);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:1164:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(buf, sizeof(buf), INT64_FORMAT, (int64) ctx->tarFHpos);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:1276:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(posbuf, sizeof(posbuf), UINT64_FORMAT, (uint64) hPos);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:1277:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(lenbuf, sizeof(lenbuf), UINT64_FORMAT, (uint64) len);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:1286:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(posbuf, sizeof(posbuf), UINT64_FORMAT,
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:17108:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(bufm, sizeof(bufm), INT64_FORMAT, default_minv);
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:17109:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(bufx, sizeof(bufx), INT64_FORMAT, default_maxv);
data/postgresql-12-12.4/src/bin/pg_dump/pg_dumpall.c:400:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(role_catalog, "%s", PG_ROLES);
data/postgresql-12-12.4/src/bin/pg_dump/pg_dumpall.c:402:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(role_catalog, "%s", PG_AUTHID);
data/postgresql-12-12.4/src/bin/pg_dump/pg_dumpall.c:1589:8:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	ret = system(cmd->data);
data/postgresql-12-12.4/src/bin/pg_resetwal/pg_resetwal.c:762:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(sysident_str, sizeof(sysident_str), UINT64_FORMAT,
data/postgresql-12-12.4/src/bin/pg_rewind/libpq_fetch.c:359:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(chunkoff_str, sizeof(chunkoff_str), INT64_FORMAT, chunkoff);
data/postgresql-12-12.4/src/bin/pg_rewind/pg_rewind.c:493:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(fetch_done_str, sizeof(fetch_done_str), INT64_FORMAT,
data/postgresql-12-12.4/src/bin/pg_rewind/pg_rewind.c:495:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(fetch_size_str, sizeof(fetch_size_str), INT64_FORMAT,
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:197:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf(ngettext("%d second per test\n",
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:259:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf(LABEL_FORMAT, "open_datasync");
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:265:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		printf(NA_FORMAT, _("n/a*"));
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:283:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf(NA_FORMAT, _("n/a"));
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:289:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf(LABEL_FORMAT, "fdatasync");
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:308:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf(NA_FORMAT, _("n/a"));
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:314:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf(LABEL_FORMAT, "fsync");
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:336:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf(LABEL_FORMAT, "fsync_writethrough");
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:356:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf(NA_FORMAT, _("n/a"));
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:362:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf(LABEL_FORMAT, "open_sync");
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:368:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		printf(NA_FORMAT, _("n/a*"));
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:393:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf(NA_FORMAT, _("n/a"));
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:429:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf(LABEL_FORMAT, msg);
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:434:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		printf(NA_FORMAT, _("n/a*"));
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:451:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf(NA_FORMAT, _("n/a"));
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:475:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf(LABEL_FORMAT, "write, fsync, close");
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:503:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf(LABEL_FORMAT, "write, close, fsync");
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:534:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf(LABEL_FORMAT, "write");
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:587:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf(_(OPS_FORMAT), per_second, avg_op_time_us);
data/postgresql-12-12.4/src/bin/pg_test_timing/pg_test_timing.c:94:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		printf(ngettext("Testing timing overhead for %d second.\n",
data/postgresql-12-12.4/src/bin/pg_test_timing/pg_test_timing.c:197:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(buf, sizeof(buf), INT64_FORMAT, histogram[i]);
data/postgresql-12-12.4/src/bin/pg_upgrade/check.c:610:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(script, RMDIR_CMD " %c%s%c\n", PATH_QUOTE,
data/postgresql-12-12.4/src/bin/pg_upgrade/check.c:628:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
				fprintf(script, RM_CMD " %s%cPG_VERSION\n",
data/postgresql-12-12.4/src/bin/pg_upgrade/check.c:633:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
				fprintf(script, RMDIR_CMD " %c%s%c%d%c\n", PATH_QUOTE,
data/postgresql-12-12.4/src/bin/pg_upgrade/check.c:646:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(script, RMDIR_CMD " %c%s%s%c\n", PATH_QUOTE,
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:126:17:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		if ((output = popen(cmd, "r")) == NULL)
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:194:16:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	if ((output = popen(cmd, "r")) == NULL)
data/postgresql-12-12.4/src/bin/pg_upgrade/dump.c:52:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(sql_file_name, sizeof(sql_file_name), DB_DUMP_FILE_MASK, old_db->db_oid);
data/postgresql-12-12.4/src/bin/pg_upgrade/dump.c:53:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(log_file_name, sizeof(log_file_name), DB_DUMP_LOG_FILE_MASK, old_db->db_oid);
data/postgresql-12-12.4/src/bin/pg_upgrade/exec.c:42:16:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	if ((output = popen(cmd, "r")) == NULL ||
data/postgresql-12-12.4/src/bin/pg_upgrade/exec.c:101:13:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	written += vsnprintf(cmd + written, MAXCMDLEN - written, fmt, ap);
data/postgresql-12-12.4/src/bin/pg_upgrade/exec.c:124:12:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		result = system(cmd);
data/postgresql-12-12.4/src/bin/pg_upgrade/exec.c:173:12:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		result = system(cmd);
data/postgresql-12-12.4/src/bin/pg_upgrade/exec.c:253:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access(".", R_OK | W_OK | X_OK) != 0)
data/postgresql-12-12.4/src/bin/pg_upgrade/exec.c:438:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access(path, R_OK) != 0)
data/postgresql-12-12.4/src/bin/pg_upgrade/exec.c:446:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access(path, X_OK) != 0)
data/postgresql-12-12.4/src/bin/pg_upgrade/option.c:441:16:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	if ((output = popen(cmd, "r")) == NULL ||
data/postgresql-12-12.4/src/bin/pg_upgrade/parallel.c:77:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(cmd, sizeof(cmd), fmt, args);
data/postgresql-12-12.4/src/bin/pg_upgrade/pg_upgrade.c:337:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(sql_file_name, sizeof(sql_file_name), DB_DUMP_FILE_MASK, old_db->db_oid);
data/postgresql-12-12.4/src/bin/pg_upgrade/pg_upgrade.c:338:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(log_file_name, sizeof(log_file_name), DB_DUMP_LOG_FILE_MASK, old_db->db_oid);
data/postgresql-12-12.4/src/bin/pg_upgrade/pg_upgrade.c:374:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(sql_file_name, sizeof(sql_file_name), DB_DUMP_FILE_MASK, old_db->db_oid);
data/postgresql-12-12.4/src/bin/pg_upgrade/pg_upgrade.c:375:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(log_file_name, sizeof(log_file_name), DB_DUMP_LOG_FILE_MASK, old_db->db_oid);
data/postgresql-12-12.4/src/bin/pg_upgrade/pg_upgrade.c:701:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
				snprintf(sql_file_name, sizeof(sql_file_name), DB_DUMP_FILE_MASK, old_db->db_oid);
data/postgresql-12-12.4/src/bin/pg_upgrade/pg_upgrade.c:704:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
				snprintf(log_file_name, sizeof(log_file_name), DB_DUMP_LOG_FILE_MASK, old_db->db_oid);
data/postgresql-12-12.4/src/bin/pg_upgrade/server.c:129:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(query, sizeof(query), fmt, args);
data/postgresql-12-12.4/src/bin/pg_upgrade/util.c:35:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(message, sizeof(message), fmt, args);
data/postgresql-12-12.4/src/bin/pg_upgrade/util.c:76:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(message, sizeof(message), fmt, args);
data/postgresql-12-12.4/src/bin/pg_upgrade/util.c:92:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(message, sizeof(message), _(fmt), ap);
data/postgresql-12-12.4/src/bin/pg_waldump/compat.c:77:2:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vprintf(fmt, args);
data/postgresql-12-12.4/src/bin/pg_waldump/pg_waldump.c:1124:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		printf(ngettext("first record is after %X/%X, at %X/%X, skipping over %u byte\n",
data/postgresql-12-12.4/src/bin/pgbench/exprparse.c:738:21:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define YYFPRINTF fprintf
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:1274:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(stringform, sizeof(stringform),
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:2548:7:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		if (system(command))
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:2558:12:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	if ((fp = popen(command, "r")) == NULL)
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:3492:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
					fprintf(logfile, " " INT64_FORMAT, agg->skipped);
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:3766:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(sql, sizeof(sql),
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:3787:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(stderr, INT64_FORMAT " of " INT64_FORMAT " tuples (%d%%) done (elapsed %.2f s, remaining %.2f s)\n",
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:3804:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
				fprintf(stderr, INT64_FORMAT " of " INT64_FORMAT " tuples (%d%%) done (elapsed %.2f s, remaining %.2f s)\n",
data/postgresql-12-12.4/src/bin/psql/command.c:2107:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
				strcat(newval, opt);
data/postgresql-12-12.4/src/bin/psql/command.c:2428:11:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
					fd = popen(&fname[1], "w");
data/postgresql-12-12.4/src/bin/psql/command.c:3437:11:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	result = system(sys);
data/postgresql-12-12.4/src/bin/psql/command.c:4182:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		printf(ngettext("Pager won't be used for less than %d line.\n",
data/postgresql-12-12.4/src/bin/psql/command.c:4402:12:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		result = system(sys);
data/postgresql-12-12.4/src/bin/psql/command.c:4406:12:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		result = system(command);
data/postgresql-12-12.4/src/bin/psql/common.c:60:11:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		*fout = popen(fname + 1, "w");
data/postgresql-12-12.4/src/bin/psql/common.c:1924:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(buf, sizeof(buf), INT64_FORMAT, total_tuples);
data/postgresql-12-12.4/src/bin/psql/copy.c:296:18:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
				copystream = popen(options->file, PG_BINARY_R);
data/postgresql-12-12.4/src/bin/psql/copy.c:316:18:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
				copystream = popen(options->file, PG_BINARY_W);
data/postgresql-12-12.4/src/bin/psql/large_obj.c:29:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		vfprintf(pset.queryFout, fmt, ap);
data/postgresql-12-12.4/src/bin/psql/large_obj.c:41:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		vfprintf(pset.logfile, fmt, ap);
data/postgresql-12-12.4/src/bin/psql/prompt.c:247:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
					snprintf(buf, sizeof(buf), UINT64_FORMAT, pset.stmt_lineno);
data/postgresql-12-12.4/src/bin/psql/prompt.c:270:12:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
						fd = popen(file, "r");
data/postgresql-12-12.4/src/bin/psql/psqlscanslash.c:3435:7:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	fd = popen(cmd, PG_BINARY_R);
data/postgresql-12-12.4/src/bin/psql/startup.c:807:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access(psqlrc_minor, R_OK) == 0)
data/postgresql-12-12.4/src/bin/psql/startup.c:809:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	else if (access(psqlrc_major, R_OK) == 0)
data/postgresql-12-12.4/src/bin/psql/startup.c:811:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	else if (access(filename, R_OK) == 0)
data/postgresql-12-12.4/src/bin/psql/stringutils.c:81:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(storage, s);
data/postgresql-12-12.4/src/bin/psql/tab-complete.c:3403:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
					snprintf(querybuf, sizeof(querybuf),
data/postgresql-12-12.4/src/bin/psql/tab-complete.c:4603:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(s + 1, text);
data/postgresql-12-12.4/src/common/exec.c:45:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	(fprintf(stderr, __VA_ARGS__), fputc('\n', stderr))
data/postgresql-12-12.4/src/common/exec.c:104:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	is_r = (access(path, R_OK) == 0);
data/postgresql-12-12.4/src/common/exec.c:105:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	is_x = (access(path, X_OK) == 0);
data/postgresql-12-12.4/src/common/exec.c:148:4:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			StrNCpy(retpath, argv0, MAXPGPATH);
data/postgresql-12-12.4/src/common/exec.c:188:4:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			StrNCpy(test_path, startp, Min(endp - startp + 1, MAXPGPATH));
data/postgresql-12-12.4/src/common/exec.c:292:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(path, link_buf);
data/postgresql-12-12.4/src/common/exec.c:375:15:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	if ((pgver = popen(cmd, "r")) == NULL)
data/postgresql-12-12.4/src/common/ip.c:218:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(unp->sun_path, path);
data/postgresql-12-12.4/src/common/logging.c:215:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(stderr, ANSI_ESCAPE_FMT, sgr_locus);
data/postgresql-12-12.4/src/common/logging.c:222:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
				fprintf(stderr, UINT64_FORMAT ":", lineno);
data/postgresql-12-12.4/src/common/logging.c:226:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(stderr, ANSI_ESCAPE_RESET);
data/postgresql-12-12.4/src/common/logging.c:235:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
					fprintf(stderr, ANSI_ESCAPE_FMT, sgr_error);
data/postgresql-12-12.4/src/common/logging.c:238:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
					fprintf(stderr, ANSI_ESCAPE_RESET);
data/postgresql-12-12.4/src/common/logging.c:242:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
					fprintf(stderr, ANSI_ESCAPE_FMT, sgr_error);
data/postgresql-12-12.4/src/common/logging.c:245:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
					fprintf(stderr, ANSI_ESCAPE_RESET);
data/postgresql-12-12.4/src/common/logging.c:249:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
					fprintf(stderr, ANSI_ESCAPE_FMT, sgr_warning);
data/postgresql-12-12.4/src/common/logging.c:252:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
					fprintf(stderr, ANSI_ESCAPE_RESET);
data/postgresql-12-12.4/src/common/logging.c:262:17:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	required_len = vsnprintf(NULL, 0, fmt, ap2) + 1;
data/postgresql-12-12.4/src/common/logging.c:272:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		vfprintf(stderr, fmt, ap);
data/postgresql-12-12.4/src/common/logging.c:276:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, required_len, fmt, ap);
data/postgresql-12-12.4/src/common/psprintf.c:110:13:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	nprinted = vsnprintf(buf, len, fmt, args);
data/postgresql-12-12.4/src/fe_utils/print.c:286:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(&new_str[new_str_pos], thousands_sep);
data/postgresql-12-12.4/src/fe_utils/print.c:296:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(&new_str[new_str_pos], decimal_point);
data/postgresql-12-12.4/src/fe_utils/print.c:302:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(&new_str[new_str_pos], &my_str[i]);
data/postgresql-12-12.4/src/fe_utils/print.c:352:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(default_footer, sizeof(default_footer),
data/postgresql-12-12.4/src/fe_utils/print.c:3028:16:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
			pagerpipe = popen(pagerprog, "w");
data/postgresql-12-12.4/src/fe_utils/simple_list.c:72:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(cell->val, val);
data/postgresql-12-12.4/src/include/access/hash.h:390:14:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
						   int access, int flags);
data/postgresql-12-12.4/src/include/access/hash.h:396:18:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
											  int access,
data/postgresql-12-12.4/src/include/access/hash.h:404:16:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
										 int access, int flags,
data/postgresql-12-12.4/src/include/access/nbtree.h:751:45:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
extern Buffer _bt_getroot(Relation rel, int access);
data/postgresql-12-12.4/src/include/access/nbtree.h:756:63:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
extern Buffer _bt_getbuf(Relation rel, BlockNumber blkno, int access);
data/postgresql-12-12.4/src/include/access/nbtree.h:758:34:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
							   BlockNumber blkno, int access);
data/postgresql-12-12.4/src/include/access/nbtree.h:774:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
						  int access, Snapshot snapshot);
data/postgresql-12-12.4/src/include/access/nbtree.h:776:43:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
							bool forupdate, BTStack stack, int access, Snapshot snapshot);
data/postgresql-12-12.4/src/include/access/reloptions.h:224:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(((char *)(base)) + (offset), string_val);	\
data/postgresql-12-12.4/src/include/access/xlog_internal.h:186:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(path, MAXPGPATH, XLOGDIR "/%08X%08X%08X", tli,	\
data/postgresql-12-12.4/src/include/access/xlog_internal.h:199:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(path, MAXPGPATH, XLOGDIR "/%08X.history", tli)
data/postgresql-12-12.4/src/include/access/xlog_internal.h:202:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(path, MAXPGPATH, XLOGDIR "/archive_status/%s%s", xlog, suffix)
data/postgresql-12-12.4/src/include/access/xlog_internal.h:216:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(path, MAXPGPATH, XLOGDIR "/%08X%08X%08X.%08X.backup", tli, \
data/postgresql-12-12.4/src/include/c.h:914:9:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
#define StrNCpy(dst,src,len) \
data/postgresql-12-12.4/src/include/catalog/objectaccess.h:120:59:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
typedef void (*object_access_hook_type) (ObjectAccessType access,
data/postgresql-12-12.4/src/include/executor/execdebug.h:71:26:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define NL_printf(s)					printf(s)
data/postgresql-12-12.4/src/include/executor/execdebug.h:72:29:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define NL1_printf(s, a)				printf(s, a)
data/postgresql-12-12.4/src/include/executor/execdebug.h:87:26:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define SO_printf(s)					printf(s)
data/postgresql-12-12.4/src/include/executor/execdebug.h:88:29:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define SO1_printf(s, p)				printf(s, p)
data/postgresql-12-12.4/src/include/executor/execdebug.h:102:26:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define MJ_printf(s)					printf(s)
data/postgresql-12-12.4/src/include/executor/execdebug.h:103:29:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define MJ1_printf(s, p)				printf(s, p)
data/postgresql-12-12.4/src/include/executor/execdebug.h:104:33:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define MJ2_printf(s, p1, p2)			printf(s, p1, p2)
data/postgresql-12-12.4/src/include/jit/llvmjit_emit.h:143:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, sizeof(buf), fmt, args);
data/postgresql-12-12.4/src/include/jit/llvmjit_emit.h:163:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, sizeof(buf), fmt, args);
data/postgresql-12-12.4/src/include/port.h:149:8:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#ifdef vsnprintf
data/postgresql-12-12.4/src/include/port.h:150:8:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#undef vsnprintf
data/postgresql-12-12.4/src/include/port.h:152:8:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#ifdef snprintf
data/postgresql-12-12.4/src/include/port.h:153:8:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#undef snprintf
data/postgresql-12-12.4/src/include/port.h:155:8:  [4] (buffer) vsprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#ifdef vsprintf
data/postgresql-12-12.4/src/include/port.h:156:8:  [4] (buffer) vsprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#undef vsprintf
data/postgresql-12-12.4/src/include/port.h:158:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#ifdef sprintf
data/postgresql-12-12.4/src/include/port.h:159:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#undef sprintf
data/postgresql-12-12.4/src/include/port.h:161:8:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#ifdef vfprintf
data/postgresql-12-12.4/src/include/port.h:162:8:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef vfprintf
data/postgresql-12-12.4/src/include/port.h:164:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#ifdef fprintf
data/postgresql-12-12.4/src/include/port.h:165:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef fprintf
data/postgresql-12-12.4/src/include/port.h:167:8:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#ifdef vprintf
data/postgresql-12-12.4/src/include/port.h:168:8:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef vprintf
data/postgresql-12-12.4/src/include/port.h:170:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#ifdef printf
data/postgresql-12-12.4/src/include/port.h:171:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef printf
data/postgresql-12-12.4/src/include/port.h:191:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define vsnprintf		pg_vsnprintf
data/postgresql-12-12.4/src/include/port.h:192:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf		pg_snprintf
data/postgresql-12-12.4/src/include/port.h:193:9:  [4] (buffer) vsprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#define vsprintf		pg_vsprintf
data/postgresql-12-12.4/src/include/port.h:194:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#define sprintf			pg_sprintf
data/postgresql-12-12.4/src/include/port.h:195:9:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define vfprintf		pg_vfprintf
data/postgresql-12-12.4/src/include/port.h:196:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define fprintf			pg_fprintf
data/postgresql-12-12.4/src/include/port.h:197:9:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define vprintf			pg_vprintf
data/postgresql-12-12.4/src/include/port.h:198:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define printf(...)		pg_printf(__VA_ARGS__)
data/postgresql-12-12.4/src/include/port.h:283:8:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
#ifdef popen
data/postgresql-12-12.4/src/include/port.h:284:8:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
#undef popen
data/postgresql-12-12.4/src/include/port.h:297:9:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
#define system(a) pgwin32_system(a)
data/postgresql-12-12.4/src/include/port.h:298:9:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
#define popen(a,b) pgwin32_popen(a,b)
data/postgresql-12-12.4/src/include/port.h:334:14:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
extern char *crypt(const char *key, const char *setting);
data/postgresql-12-12.4/src/include/regex/regguts.h:112:53:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define FDEBUG(arglist) { if (v->eflags&REG_FTRACE) printf arglist; }
data/postgresql-12-12.4/src/include/regex/regguts.h:114:53:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define MDEBUG(arglist) { if (v->eflags&REG_MTRACE) printf arglist; }
data/postgresql-12-12.4/src/interfaces/ecpg/compatlib/informix.c:425:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(cp, str);
data/postgresql-12-12.4/src/interfaces/ecpg/compatlib/informix.c:510:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(str, tmp);
data/postgresql-12-12.4/src/interfaces/ecpg/compatlib/informix.c:655:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(output, asctime);
data/postgresql-12-12.4/src/interfaces/ecpg/compatlib/informix.c:848:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(temp, tmp);
data/postgresql-12-12.4/src/interfaces/ecpg/compatlib/informix.c:937:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(temp, tmp);
data/postgresql-12-12.4/src/interfaces/ecpg/compatlib/informix.c:950:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(outbuf, tmp);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/descriptor.c:835:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(new->name, name);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:30:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc),
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:37:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc),
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:44:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc),
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:51:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc),
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:58:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc),
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:65:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc),
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:72:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc),
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:79:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc),
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:87:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
				snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc),
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:92:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
				snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc),
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:99:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc),
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:106:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc),
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:113:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc),
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:120:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc),
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:127:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc),
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:134:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc),
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:141:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc),
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:148:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc),
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:155:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc),
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:162:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc),
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:169:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc),
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:176:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc),
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:183:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc),
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:190:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc),
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:197:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc),
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:204:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc),
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:347:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(stderr, ecpg_gettext("SQL error: %s\n"), sqlca->sqlerrm.sqlerrmc);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:463:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(ptr, "%s%s", "NaN", delim);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:467:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(ptr, "%s%s", "-Infinity", delim);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:469:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(ptr, "%s%s", "Infinity", delim);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:472:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(ptr, "%.15g%s", value, delim);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:479:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(ptr, "%s%s", "NaN", delim);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:483:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(ptr, "%s%s", "-Infinity", delim);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:485:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(ptr, "%s%s", "Infinity", delim);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:488:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(ptr, "%.15g%s", value, delim);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:1145:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(newcopy, stmt->command);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:1146:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(newcopy + position - 1, tobeinserted);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:1152:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(newcopy,
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:1467:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(str, "\"%s\"", tobeinserted);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/misc.c:300:2:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vfprintf(debugstream, fmt, ap);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/prepare.c:142:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(newcopy + ptr, buffer);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/prepare.c:143:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(newcopy, (*text) +ptr + len);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/prepare.c:277:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(text, "deallocate \"%s\"", this->name);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/sqlda.c:233:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(fname, PQfname(res, i));
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/sqlda.c:438:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(sqlda->sqlvar[i].sqlname.data, fname);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/common.c:88:11:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
						i = snprintf(t, PGTYPES_FMT_NUM_MAX_DIGITS,
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/common.c:130:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(*output, t);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/datetime.c:213:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(outbuf, fmtstring);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:682:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(str, "%04d-%02d-%02d %s",
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:695:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(str + 5, "/%04d %s", -(tm->tm_year - 1), "BC");
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:704:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(str + 5, ".%04d %s", -(tm->tm_year - 1), "BC");
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:717:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(str + 5, "-%04d %s", -(tm->tm_year - 1), "BC");
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:901:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(str + 4, "%02d %3s", tm->tm_mday, months[tm->tm_mon - 1]);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:903:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(str + 4, "%3s %02d", months[tm->tm_mon - 1], tm->tm_mday);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:1018:4:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			StrNCpy(*tzn, tm->tm_zone, MAXTZLEN + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:1036:4:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			StrNCpy(*tzn, TZNAME_GLOBAL[tm->tm_isdst], MAXTZLEN + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:2663:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
				strcat(tmp, pfmt);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:2788:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
				strcat(tmp, pfmt);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:2796:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
				strcat(tmp, pfmt);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:2841:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
				strcat(tmp, pfmt);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:697:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(cp, " %d %s%s", value, units, (value == 1) ? "" : "s");
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:709:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(cp, "%s%s%d %s%s",
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:894:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(cp, "%s%s%02d:%02d:",
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:927:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(cp, " sec%s",
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/timestamp.c:198:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(str, EARLY);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/timestamp.c:200:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(str, LATE);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/descriptor.c:27:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(new->variable, var);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/descriptor.c:87:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(new->name, name);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/descriptor.c:91:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(new->connection, connection);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/ecpg.c:292:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(input_filename, argv[fnr]);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/ecpg.c:321:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(output_filename, input_filename);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:163:2:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vfprintf(stderr, error, ap);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:215:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(res_str, str1);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:218:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(res_str, str2);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:249:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(res_str, str1);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:250:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(res_str, str2);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:261:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(res_str, str1);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:262:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(res_str, str2);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:263:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(res_str, str3);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:461:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(var_text, "%d, %s", ecpg_internal_var++, var_ptr ? "&(" : "(");
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:548:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(var_text, "%d, %s", ecpg_internal_var++, var_ptr ? "&(" : "(");
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:33688:21:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define YYFPRINTF fprintf
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:47497:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(curname, ":%s", (yyvsp[0].str));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:56603:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(thisquery->name, "ECPGprepared_statement(%s, %s, __LINE__)", con, (yyvsp[0].str));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57519:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
							sprintf(length, "sizeof(%s)", (yyvsp[0].str)+2);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57825:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf((yyval.str), "1, %s, %s", con, (yyvsp[-1].str));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57841:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf((yyval.str), "0, %s, %s", con, (yyvsp[-1].str));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57851:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf((yyval.str), "0, %s, %s", con, (yyvsp[-1].str));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57862:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf((yyval.str), "1, %s, %s", con, (yyvsp[-1].str));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57872:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf((yyval.str), "0, %s, %s", con, (yyvsp[-1].str));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:59129:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy((yyval.str)+1, (yyvsp[0].str));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:59143:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy((yyval.str)+2, (yyvsp[0].str));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:59157:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy((yyval.str)+2, (yyvsp[0].str));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:448:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
					sprintf(variable, "(%s%s)", prefix ? prefix : "", name);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:450:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
					sprintf(variable, "&(%s%s)", prefix ? prefix : "", name);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:462:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
					sprintf(offset, "sizeof(%s_%d)", struct_name, counter);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:464:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
					sprintf(offset, "sizeof(%s)", struct_name);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:483:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
						sprintf(variable, "(%s%s)", prefix ? prefix : "", name);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:495:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
						sprintf(variable, "&(%s%s)", prefix ? prefix : "", name);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:497:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
					sprintf(offset, "(%s)*sizeof(%s)", strcmp(varcharsize, "0") == 0 ? "1" : varcharsize, sizeof_name);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:505:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(variable, "&(%s%s)", prefix ? prefix : "", name);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:513:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(variable, "&(%s%s)", prefix ? prefix : "", name);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:521:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(variable, "&(%s%s)", prefix ? prefix : "", name);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:529:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(variable, "&(%s%s)", prefix ? prefix : "", name);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:537:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(variable, "\"%s\"", name);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:538:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(offset, "strlen(\"%s\")", name);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:549:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
					sprintf(variable, "(%s%s)", prefix ? prefix : "", name);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:551:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
					sprintf(variable, "&(%s%s)", prefix ? prefix : "", name);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:553:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(offset, "sizeof(%s)", ecpg_type_name(type));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:593:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(pbuf, "%s%s.", prefix ? prefix : "", name);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:595:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(pbuf, "%s%s->", prefix ? prefix : "", name);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:604:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(ind_pbuf, "%s%s.", ind_prefix ? ind_prefix : "", ind_name);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:606:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(ind_pbuf, "%s%s->", ind_prefix ? ind_prefix : "", ind_name);
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/test_informix2.pgc:21:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(errorstring, "**SQL error %ld doing '%s' in function '%s'. [%s]",
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-test_informix2.c:111:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(errorstring, "**SQL error %ld doing '%s' in function '%s'. [%s]",
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/pgtypeslib-dt_test2.c:145:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(t, "%s %s", dates[i], times[j]);
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:669:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(curname4.arr, CURNAME);
data/postgresql-12-12.4/src/interfaces/ecpg/test/pg_regress_ecpg.c:66:5:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				StrNCpy(n, p + 1, plen);
data/postgresql-12-12.4/src/interfaces/ecpg/test/pgtypeslib/dt_test2.pgc:110:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(t, "%s %s", dates[i], times[j]);
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:197:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(curname4.arr, CURNAME);
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth.c:398:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(conn->sspitarget, "%s/%s", conn->krbsrvname, host);
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth.c:1156:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(algobuf, val);
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:6674:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(qbuf, query, encoding);
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:6884:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(stderr,
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:6893:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(stderr,
data/postgresql-12-12.4/src/interfaces/libpq/fe-exec.c:309:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dest->cmdStatus, src->cmdStatus);
data/postgresql-12-12.4/src/interfaces/libpq/fe-exec.c:652:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(space, str);
data/postgresql-12-12.4/src/interfaces/libpq/fe-exec.c:883:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(msgBuf, sizeof(msgBuf), libpq_gettext(fmt), args);
data/postgresql-12-12.4/src/interfaces/libpq/fe-exec.c:908:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(res->errMsg, "%s\n", msgBuf);
data/postgresql-12-12.4/src/interfaces/libpq/fe-exec.c:1006:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pfield->contents, value);
data/postgresql-12-12.4/src/interfaces/libpq/fe-exec.c:1053:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(ptr, name);
data/postgresql-12-12.4/src/interfaces/libpq/fe-exec.c:1056:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(ptr, value);
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:113:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(stderr, libpq_gettext("out of memory\n"));
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:118:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(stderr, libpq_gettext("out of memory\n"));
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:123:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(stderr, libpq_gettext("out of memory\n"));
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:190:12:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
				fout = popen(pagerenv, "w");
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:212:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
				fprintf(stderr, libpq_gettext("out of memory\n"));
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:221:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
					fprintf(fout, libpq_gettext("%-*s%s Value\n"),
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:224:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
					fprintf(fout, libpq_gettext("%s%sValue\n"), libpq_gettext("Field"), po->fieldSep);
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:264:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
					fprintf(fout, libpq_gettext("-- RECORD %d --\n"), i);
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:399:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
				fprintf(stderr, libpq_gettext("out of memory\n"));
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:402:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(fields[i * nFields + j], pval);
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:469:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(stderr, libpq_gettext("out of memory\n"));
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:515:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
				fprintf(fout,
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:519:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
				fprintf(fout, fieldNotNum[j] ? "%-*s" : "%*s", fieldMax[j], s);
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:552:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(fout,
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:611:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(stderr, libpq_gettext("out of memory\n"));
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:694:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(formatString, "%%s %%-%ds", colWidth);
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:696:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(formatString, "%%s %%s");
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:709:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
				fprintf(stderr, libpq_gettext("out of memory\n"));
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:722:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
				fprintf(fout, formatString,
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:742:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
				fprintf(fout, formatString,
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol2.c:153:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
								sprintf(setQuery, "SET %s = DEFAULT",
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol2.c:156:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
								sprintf(setQuery, "SET %s = '%.60s'",
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol2.c:1142:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(newNotify->relname, conn->workBuffer.data);
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol3.c:1450:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(newNotify->relname, svname);
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol3.c:1452:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(newNotify->extra, conn->workBuffer.data);
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol3.c:2172:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(packet + packet_len, optname); \
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol3.c:2175:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(packet + packet_len, optval); \
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-openssl.c:1351:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(errbuf, SSL_ERR_LEN, libpq_gettext("no SSL error reported"));
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-openssl.c:1360:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(errbuf, SSL_ERR_LEN, libpq_gettext("SSL error code %lu"), ecode);
data/postgresql-12-12.4/src/interfaces/libpq/pqexpbuffer.c:310:14:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		nprinted = vsnprintf(str->data + str->len, avail, fmt, args);
data/postgresql-12-12.4/src/interfaces/libpq/win32.c:226:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(dest, e->description);
data/postgresql-12-12.4/src/interfaces/libpq/win32.c:317:3:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		sprintf(strerrbuf, libpq_gettext("unrecognized socket error: 0x%08X/%d"), err, err);
data/postgresql-12-12.4/src/pl/plperl/plperl.c:2107:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(subname, "%s__%u", prodesc->proname, fn_oid);
data/postgresql-12-12.4/src/pl/plperl/plperl.h:32:8:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#undef vsnprintf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:33:8:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#undef snprintf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:34:8:  [4] (buffer) vsprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#undef vsprintf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:35:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#undef sprintf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:36:8:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef vfprintf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:37:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef fprintf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:38:8:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef vprintf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:39:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef printf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:114:8:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#ifdef vsnprintf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:115:8:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#undef vsnprintf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:117:8:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#ifdef snprintf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:118:8:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#undef snprintf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:120:8:  [4] (buffer) vsprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#ifdef vsprintf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:121:8:  [4] (buffer) vsprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#undef vsprintf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:123:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#ifdef sprintf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:124:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#undef sprintf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:126:8:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#ifdef vfprintf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:127:8:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef vfprintf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:129:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#ifdef fprintf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:130:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef fprintf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:132:8:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#ifdef vprintf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:133:8:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef vprintf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:135:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#ifdef printf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:136:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef printf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:139:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define vsnprintf		pg_vsnprintf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:140:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf		pg_snprintf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:141:9:  [4] (buffer) vsprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#define vsprintf		pg_vsprintf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:142:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#define sprintf			pg_sprintf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:143:9:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define vfprintf		pg_vfprintf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:144:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define fprintf			pg_fprintf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:145:9:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define vprintf			pg_vprintf
data/postgresql-12-12.4/src/pl/plperl/plperl.h:146:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define printf(...)		pg_printf(__VA_ARGS__)
data/postgresql-12-12.4/src/pl/plperl/ppport.h:6695:14:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    retval = vsnprintf(buffer, len, format, ap);
data/postgresql-12-12.4/src/pl/plperl/ppport.h:6697:14:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    retval = vsprintf(buffer, format, ap);
data/postgresql-12-12.4/src/pl/plperl/ppport.h:6726:5:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    vsprintf(buffer, pat, args);
data/postgresql-12-12.4/src/pl/plpgsql/src/pl_funcs.c:106:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(nse->name, name);
data/postgresql-12-12.4/src/pl/plpgsql/src/pl_gram.c:1450:21:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define YYFPRINTF fprintf
data/postgresql-12-12.4/src/pl/plpython/plpy_elog.c:508:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, sizeof(buf), dgettext(TEXTDOMAIN, fmt), ap);
data/postgresql-12-12.4/src/pl/plpython/plpy_elog.c:524:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, sizeof(buf),
data/postgresql-12-12.4/src/pl/plpython/plpython.h:37:8:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#undef vsnprintf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:38:8:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#undef snprintf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:39:8:  [4] (buffer) vsprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#undef vsprintf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:40:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#undef sprintf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:41:8:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef vfprintf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:42:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef fprintf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:43:8:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef vprintf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:44:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef printf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:131:8:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#ifdef vsnprintf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:132:8:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#undef vsnprintf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:134:8:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#ifdef snprintf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:135:8:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#undef snprintf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:137:8:  [4] (buffer) vsprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#ifdef vsprintf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:138:8:  [4] (buffer) vsprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#undef vsprintf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:140:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#ifdef sprintf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:141:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#undef sprintf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:143:8:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#ifdef vfprintf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:144:8:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef vfprintf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:146:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#ifdef fprintf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:147:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef fprintf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:149:8:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#ifdef vprintf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:150:8:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef vprintf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:152:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#ifdef printf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:153:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef printf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:156:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define vsnprintf		pg_vsnprintf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:157:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf		pg_snprintf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:158:9:  [4] (buffer) vsprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#define vsprintf		pg_vsprintf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:159:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#define sprintf			pg_sprintf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:160:9:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define vfprintf		pg_vfprintf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:161:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define fprintf			pg_fprintf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:162:9:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define vprintf			pg_vprintf
data/postgresql-12-12.4/src/pl/plpython/plpython.h:163:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define printf(...)		pg_printf(__VA_ARGS__)
data/postgresql-12-12.4/src/pl/tcl/pltcl.c:1606:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
				strcat(proc_internal_args, buf);
data/postgresql-12-12.4/src/port/chklocale.c:276:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
					sprintf(r, "CP%s", codepage);
data/postgresql-12-12.4/src/port/chklocale.c:278:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(r, codepage);
data/postgresql-12-12.4/src/port/crypt.c:488:1:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
crypt(const char *key, const char *setting)
data/postgresql-12-12.4/src/port/dirent.c:64:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(d->dirname, dirname);
data/postgresql-12-12.4/src/port/dirent.c:106:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(d->ret.d_name, fd.cFileName);	/* Both strings are MAX_PATH long */
data/postgresql-12-12.4/src/port/inet_net_ntop.c:51:27:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#define SPRINTF(x) strlen(sprintf/**/x)
data/postgresql-12-12.4/src/port/inet_net_ntop.c:53:29:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#define SPRINTF(x) ((size_t)sprintf x)
data/postgresql-12-12.4/src/port/inet_net_ntop.c:295:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dst, tmp);
data/postgresql-12-12.4/src/port/path.c:674:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(new, "%s/%s", buf, path);
data/postgresql-12-12.4/src/port/snprintf.c:103:8:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#undef	vsnprintf
data/postgresql-12-12.4/src/port/snprintf.c:104:8:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#undef	snprintf
data/postgresql-12-12.4/src/port/snprintf.c:105:8:  [4] (buffer) vsprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#undef	vsprintf
data/postgresql-12-12.4/src/port/snprintf.c:106:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#undef	sprintf
data/postgresql-12-12.4/src/port/snprintf.c:107:8:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef	vfprintf
data/postgresql-12-12.4/src/port/snprintf.c:108:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef	fprintf
data/postgresql-12-12.4/src/port/snprintf.c:109:8:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef	vprintf
data/postgresql-12-12.4/src/port/snprintf.c:110:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef	printf
data/postgresql-12-12.4/src/port/snprintf.c:1186:13:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
			vallen = sprintf(convert, fmt, prec, value);
data/postgresql-12-12.4/src/port/snprintf.c:1193:13:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
			vallen = sprintf(convert, fmt, value);
data/postgresql-12-12.4/src/port/snprintf.c:1324:13:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
			vallen = sprintf(convert, fmt, precision, value);
data/postgresql-12-12.4/src/port/system.c:49:8:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
#undef system
data/postgresql-12-12.4/src/port/system.c:50:8:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
#undef popen
data/postgresql-12-12.4/src/port/system.c:75:8:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	res = system(buf);
data/postgresql-12-12.4/src/port/unsetenv.c:46:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(envstr, "%s=", name);
data/postgresql-12-12.4/src/port/win32env.c:122:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(envbuf, "%s=", name);
data/postgresql-12-12.4/src/port/win32security.c:36:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(stderr, fmt, ap);
data/postgresql-12-12.4/src/test/isolation/specparse.c:625:21:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define YYFPRINTF fprintf
data/postgresql-12-12.4/src/test/modules/test_bloomfilter/test_bloomfilter.c:40:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(element, sizeof(element), "i" INT64_FORMAT, i);
data/postgresql-12-12.4/src/test/modules/test_bloomfilter/test_bloomfilter.c:61:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(element, sizeof(element), "M" INT64_FORMAT, i);
data/postgresql-12-12.4/src/test/regress/pg_regress.c:216:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(tmp, sizeof(tmp), fmt, ap);
data/postgresql-12-12.4/src/test/regress/pg_regress.c:232:2:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vfprintf(stdout, fmt, ap);
data/postgresql-12-12.4/src/test/regress/pg_regress.c:239:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		vfprintf(logfile, fmt, ap);
data/postgresql-12-12.4/src/test/regress/pg_regress.c:277:7:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		r = system(buf);
data/postgresql-12-12.4/src/test/regress/pg_regress.c:452:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(string, replacement);
data/postgresql-12-12.4/src/test/regress/pg_regress.c:453:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(string, dup + (ptr - string) + strlen(replace));
data/postgresql-12-12.4/src/test/regress/pg_regress.c:1106:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(query_formatted, sizeof(query_formatted), query, args);
data/postgresql-12-12.4/src/test/regress/pg_regress.c:1127:6:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	if (system(psql_cmd) != 0)
data/postgresql-12-12.4/src/test/regress/pg_regress.c:1174:3:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		execl(shellprog, shellprog, "-c", cmdline2, (char *) NULL);
data/postgresql-12-12.4/src/test/regress/pg_regress.c:1299:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tmp, expectfile);
data/postgresql-12-12.4/src/test/regress/pg_regress.c:1321:6:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	r = system(cmd);
data/postgresql-12-12.4/src/test/regress/pg_regress.c:1378:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(++p, platform_expectfile);
data/postgresql-12-12.4/src/test/regress/pg_regress.c:1398:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(best_expect_file, expectfile);
data/postgresql-12-12.4/src/test/regress/pg_regress.c:2312:7:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		if (system(buf))
data/postgresql-12-12.4/src/test/regress/pg_regress.c:2383:8:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
			if (system(buf2) == 0)
data/postgresql-12-12.4/src/test/regress/pg_regress.c:2446:8:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
			if (system(buf2) == 0)
data/postgresql-12-12.4/src/test/regress/regress.c:415:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(query, "INSERT INTO %s VALUES (", relname);
data/postgresql-12-12.4/src/test/regress/regress.c:418:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(query + strlen(query), "$%d%s",
data/postgresql-12-12.4/src/timezone/localtime.c:458:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(sp->chars + j, tsabbr);
data/postgresql-12-12.4/src/timezone/pgtz.c:103:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(fullname + fullnamelen + 1, name);
data/postgresql-12-12.4/src/timezone/pgtz.c:283:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(canonname, uppername);
data/postgresql-12-12.4/src/timezone/pgtz.c:293:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(canonname, uppername);
data/postgresql-12-12.4/src/timezone/pgtz.c:303:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tzp->tz.TZname, canonname);
data/postgresql-12-12.4/src/timezone/strftime.c:510:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(buf, format, n);
data/postgresql-12-12.4/src/timezone/zic.c:496:2:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vfprintf(stderr, string, args);
data/postgresql-12-12.4/src/timezone/zic.c:975:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(result, directory);
data/postgresql-12-12.4/src/timezone/zic.c:977:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(result + len + needslash, from);
data/postgresql-12-12.4/src/timezone/zic.c:1123:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(&nameslashdot[n], &"/."[!(n && name[n - 1] != '/')]);
data/postgresql-12-12.4/src/timezone/zic.c:2435:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(&thischars[thischarcnt], thisabbr);
data/postgresql-12-12.4/src/timezone/zic.c:2656:3:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		sprintf(abbr, format, letters);
data/postgresql-12-12.4/src/timezone/zic.c:2660:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(abbr, slashp + 1);
data/postgresql-12-12.4/src/timezone/zic.c:3290:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(startbuf, zp->z_format);
data/postgresql-12-12.4/src/timezone/zic.c:3504:7:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	b += sprintf(b, INT64_FORMAT, year);
data/postgresql-12-12.4/src/timezone/zic.c:3508:11:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	result = system(buf);
data/postgresql-12-12.4/src/timezone/zic.c:3998:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(&chars[charcnt], string);
data/postgresql-12-12.4/contrib/amcheck/verify_nbtree.c:430:10:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		seed = random();
data/postgresql-12-12.4/contrib/auto_explain/auto_explain.c:266:29:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
			current_query_sampled = (random() < auto_explain_sample_rate *
data/postgresql-12-12.4/contrib/oid2name/oid2name.c:118:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt_long(argc, argv, "d:f:h:H:io:p:qsSt:U:x", long_options, &optindex)) != -1)
data/postgresql-12-12.4/contrib/pg_standby/pg_standby.c:680:14:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt(argc, argv, "cdk:lr:s:t:w:")) != -1)
data/postgresql-12-12.4/contrib/tablefunc/tablefunc.c:288:17:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		u1 = (float8) random() / (float8) MAX_RANDOM_VALUE;
data/postgresql-12-12.4/contrib/tablefunc/tablefunc.c:289:17:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		u2 = (float8) random() / (float8) MAX_RANDOM_VALUE;
data/postgresql-12-12.4/contrib/vacuumlo/vacuumlo.c:501:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt_long(argc, argv, "h:l:np:U:vwW", long_options, &optindex)) != -1)
data/postgresql-12-12.4/src/backend/access/gin/ginget.c:774:31:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#define gin_rand() (((double) random()) / ((double) MAX_RANDOM_VALUE))
data/postgresql-12-12.4/src/backend/access/gist/gistutil.c:511:26:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
				keep_current_best = (random() <= (MAX_RANDOM_VALUE / 2)) ? 1 : 0;
data/postgresql-12-12.4/src/backend/access/gist/gistutil.c:533:26:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
				keep_current_best = (random() <= (MAX_RANDOM_VALUE / 2)) ? 1 : 0;
data/postgresql-12-12.4/src/backend/access/nbtree/nbtinsert.c:825:5:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
				random() <= (MAX_RANDOM_VALUE / 100))
data/postgresql-12-12.4/src/backend/access/spgist/spgdoinsert.c:2148:35:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
					out.result.matchNode.nodeN = random() % innerTuple->nNodes;
data/postgresql-12-12.4/src/backend/access/transam/xact.c:1913:4:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		 random() <= log_xact_sample_rate * MAX_RANDOM_VALUE);
data/postgresql-12-12.4/src/backend/bootstrap/bootstrap.c:229:17:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((flag = getopt(argc, argv, "B:c:d:D:Fkr:x:X:-:")) != -1)
data/postgresql-12-12.4/src/backend/commands/analyze.c:1034:48:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	BlockSampler_Init(&bs, totalblocks, targrows, random());
data/postgresql-12-12.4/src/backend/executor/nodeSamplescan.c:157:21:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		scanstate->seed = random();
data/postgresql-12-12.4/src/backend/libpq/auth.c:1081:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		if (getenv("KRB5_KTNAME") == NULL)
data/postgresql-12-12.4/src/backend/libpq/auth.c:1510:12:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
	secur32 = LoadLibrary("SECUR32.DLL");
data/postgresql-12-12.4/src/backend/libpq/auth.c:2492:17:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
			ldaphandle = LoadLibrary("WLDAP32.DLL");
data/postgresql-12-12.4/src/backend/main/main.c:123:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		if ((env_locale = getenv("LC_COLLATE")) != NULL)
data/postgresql-12-12.4/src/backend/main/main.c:128:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		if ((env_locale = getenv("LC_CTYPE")) != NULL)
data/postgresql-12-12.4/src/backend/port/sysv_shmem.c:141:28:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		char	   *pg_shmem_addr = getenv("PG_SHMEM_ADDR");
data/postgresql-12-12.4/src/backend/port/win32/crashdump.c:118:10:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
		hDll = LoadLibrary("dbghelp.dll");
data/postgresql-12-12.4/src/backend/port/win32/mingwcompat.c:42:13:  [3] (misc) LoadLibraryEx:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
	kernel32 = LoadLibraryEx("kernel32.dll", NULL, 0);
data/postgresql-12-12.4/src/backend/port/win32/signal.c:74:2:  [3] (misc) InitializeCriticalSection:
  Exceptions can be thrown in low-memory situations. Use
  InitializeCriticalSectionAndSpinCount instead.
	InitializeCriticalSection(&pg_signal_crit_sec);
data/postgresql-12-12.4/src/backend/port/win32/signal.c:113:2:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
	EnterCriticalSection(&pg_signal_crit_sec);
data/postgresql-12-12.4/src/backend/port/win32/signal.c:133:6:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
					EnterCriticalSection(&pg_signal_crit_sec);
data/postgresql-12-12.4/src/backend/port/win32/signal.c:221:2:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
	EnterCriticalSection(&pg_signal_crit_sec);
data/postgresql-12-12.4/src/backend/port/win32/timer.c:52:4:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
			EnterCriticalSection(&timerCommArea.crit_sec);
data/postgresql-12-12.4/src/backend/port/win32/timer.c:103:3:  [3] (misc) InitializeCriticalSection:
  Exceptions can be thrown in low-memory situations. Use
  InitializeCriticalSectionAndSpinCount instead.
		InitializeCriticalSection(&timerCommArea.crit_sec);
data/postgresql-12-12.4/src/backend/port/win32/timer.c:113:2:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
	EnterCriticalSection(&timerCommArea.crit_sec);
data/postgresql-12-12.4/src/backend/postmaster/fork_process.c:85:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		oomfilename = getenv("PG_OOM_ADJUST_FILE");
data/postgresql-12-12.4/src/backend/postmaster/fork_process.c:98:28:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
				const char *oomvalue = getenv("PG_OOM_ADJUST_VALUE");
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:672:16:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((opt = getopt(argc, argv, "B:bc:C:D:d:EeFf:h:ijk:lN:nOo:Pp:r:S:sTt:W:-:")) != -1)
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:2611:2:  [3] (random) srandom:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srandom(rseed);
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:4683:7:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
	if (!CreateProcess(NULL, cmdLine, NULL, NULL, TRUE, CREATE_SUSPENDED,
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:4683:7:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
	if (!CreateProcess(NULL, cmdLine, NULL, NULL, TRUE, CREATE_SUSPENDED,
data/postgresql-12-12.4/src/backend/postmaster/syslogger.c:267:2:  [3] (misc) InitializeCriticalSection:
  Exceptions can be thrown in low-memory situations. Use
  InitializeCriticalSectionAndSpinCount instead.
	InitializeCriticalSection(&sysloggerSection);
data/postgresql-12-12.4/src/backend/postmaster/syslogger.c:268:2:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
	EnterCriticalSection(&sysloggerSection);
data/postgresql-12-12.4/src/backend/postmaster/syslogger.c:518:3:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
		EnterCriticalSection(&sysloggerSection);
data/postgresql-12-12.4/src/backend/postmaster/syslogger.c:1143:3:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
		EnterCriticalSection(&sysloggerSection);
data/postgresql-12-12.4/src/backend/storage/file/fd.c:2695:24:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		nextTempTableSpace = random() % numSpaces;
data/postgresql-12-12.4/src/backend/storage/ipc/dsm.c:179:24:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		dsm_control_handle = random();
data/postgresql-12-12.4/src/backend/storage/ipc/dsm.c:456:17:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		seg->handle = random();
data/postgresql-12-12.4/src/backend/storage/lmgr/s_lock.c:148:20:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
									((double) random() / (double) MAX_RANDOM_VALUE) + 0.5);
data/postgresql-12-12.4/src/backend/storage/lmgr/s_lock.c:307:2:  [3] (random) srandom:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srandom((unsigned int) time(NULL));
data/postgresql-12-12.4/src/backend/tcop/postgres.c:3487:17:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((flag = getopt(argc, argv, "B:bc:C:D:d:EeFf:h:ijk:lN:nOo:Pp:r:S:sTt:v:W:-:")) != -1)
data/postgresql-12-12.4/src/backend/utils/init/miscinit.c:918:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	envvar = getenv("PG_GRANDPARENT_PID");
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:5168:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	env = getenv("PGPORT");
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:5172:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	env = getenv("PGDATESTYLE");
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:5176:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	env = getenv("PGCLIENTENCODING");
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:5339:34:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		configdir = make_absolute_path(getenv("PGDATA"));
data/postgresql-12-12.4/src/backend/utils/misc/sampling.c:135:28:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	sampler_random_init_state(random(), rs->randstate);
data/postgresql-12-12.4/src/backend/utils/misc/sampling.c:266:29:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		sampler_random_init_state(random(), oldrs.randstate);
data/postgresql-12-12.4/src/backend/utils/misc/sampling.c:277:29:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		sampler_random_init_state(random(), oldrs.randstate);
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:1711:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	tzname = getenv("TZ");
data/postgresql-12-12.4/src/bin/initdb/initdb.c:913:2:  [3] (random) srandom:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srandom((unsigned int) (getpid() ^ time(NULL)));
data/postgresql-12-12.4/src/bin/initdb/initdb.c:921:12:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		handle = random();
data/postgresql-12-12.4/src/bin/initdb/initdb.c:2452:20:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		pgdata_get_env = getenv("PGDATA");
data/postgresql-12-12.4/src/bin/initdb/initdb.c:3097:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt_long(argc, argv, "dD:E:kL:nNU:WA:sST:X:g", long_options, &option_index)) != -1)
data/postgresql-12-12.4/src/bin/initdb/initdb.c:3366:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		   getenv("CLUSTER_START_COMMAND") ? getenv("CLUSTER_START_COMMAND") : start_db_cmd->data);
data/postgresql-12-12.4/src/bin/initdb/initdb.c:3366:40:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		   getenv("CLUSTER_START_COMMAND") ? getenv("CLUSTER_START_COMMAND") : start_db_cmd->data);
data/postgresql-12-12.4/src/bin/pg_archivecleanup/pg_archivecleanup.c:301:14:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt(argc, argv, "x:dn")) != -1)
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:2242:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt_long(argc, argv, "CD:F:r:RS:T:X:l:nNzZ:d:c:h:p:U:s:wWkvP",
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_receivewal.c:521:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt_long(argc, argv, "D:d:E:h:p:U:s:S:nwWvZ:",
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_recvlogical.c:731:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt_long(argc, argv, "E:f:F:nvd:h:p:U:wWI:o:P:s:S:",
data/postgresql-12-12.4/src/bin/pg_checksums/pg_checksums.c:477:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt_long(argc, argv, "cD:deNPf:v", long_options, &option_index)) != -1)
data/postgresql-12-12.4/src/bin/pg_checksums/pg_checksums.c:521:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			DataDir = getenv("PGDATA");
data/postgresql-12-12.4/src/bin/pg_controldata/pg_controldata.c:129:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt_long(argc, argv, "D:", long_options, NULL)) != -1)
data/postgresql-12-12.4/src/bin/pg_controldata/pg_controldata.c:148:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			DataDir = getenv("PGDATA");
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:1810:19:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
	Advapi32Handle = LoadLibrary("ADVAPI32.DLL");
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:1825:10:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
		return CreateProcess(NULL, cmd, NULL, NULL, FALSE, 0, NULL, NULL, &si, processInfo);
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:1825:10:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
		return CreateProcess(NULL, cmd, NULL, NULL, FALSE, 0, NULL, NULL, &si, processInfo);
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:1882:6:  [3] (shell) CreateProcessAsUser:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Especially watch out for embedded spaces.
	r = CreateProcessAsUser(restrictedToken, NULL, cmd, NULL, NULL, TRUE, CREATE_SUSPENDED, NULL, NULL, &si, processInfo);
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:1884:19:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
	Kernel32Handle = LoadLibrary("KERNEL32.DLL");
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:2352:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	env_wait = getenv("PGCTLTIMEOUT");
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:2367:15:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
		while ((c = getopt_long(argc, argv, "cD:e:l:m:N:o:p:P:sS:t:U:wW",
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:2524:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	pg_config = getenv("PGDATA");
data/postgresql-12-12.4/src/bin/pg_dump/parallel.c:446:2:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
	EnterCriticalSection(&signal_info_lock);
data/postgresql-12-12.4/src/bin/pg_dump/parallel.c:663:3:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
		EnterCriticalSection(&signal_info_lock);
data/postgresql-12-12.4/src/bin/pg_dump/parallel.c:734:3:  [3] (misc) InitializeCriticalSection:
  Exceptions can be thrown in low-memory situations. Use
  InitializeCriticalSectionAndSpinCount instead.
		InitializeCriticalSection(&signal_info_lock);
data/postgresql-12-12.4/src/bin/pg_dump/parallel.c:768:2:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
	EnterCriticalSection(&signal_info_lock);
data/postgresql-12-12.4/src/bin/pg_dump/parallel.c:812:2:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
	EnterCriticalSection(&signal_info_lock);
data/postgresql-12-12.4/src/bin/pg_dump/parallel.c:832:2:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
	EnterCriticalSection(&signal_info_lock);
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:430:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt_long(argc, argv, "abBcCd:E:f:F:h:j:n:N:Op:RsS:t:T:U:vwWxZ:",
data/postgresql-12-12.4/src/bin/pg_dump/pg_dumpall.c:214:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt_long(argc, argv, "acd:E:f:gh:l:Op:rsS:tU:vwWx", long_options, &optindex)) != -1)
data/postgresql-12-12.4/src/bin/pg_dump/pg_restore.c:155:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt_long(argc, argv, "acCd:ef:F:h:I:j:lL:n:N:Op:P:RsS:t:T:U:vwWx1",
data/postgresql-12-12.4/src/bin/pg_resetwal/pg_resetwal.c:138:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt_long(argc, argv, "c:D:e:fl:m:no:O:x:", long_options, NULL)) != -1)
data/postgresql-12-12.4/src/bin/pg_rewind/pg_rewind.c:137:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt_long(argc, argv, "D:nNP", long_options, &option_index)) != -1)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:167:19:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((option = getopt_long(argc, argv, "f:s:",
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:215:19:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		full_buf[ops] = random();
data/postgresql-12-12.4/src/bin/pg_test_timing/pg_test_timing.c:65:19:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((option = getopt_long(argc, argv, "d:",
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:81:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (getenv("LC_COLLATE"))
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:82:26:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		lc_collate = pg_strdup(getenv("LC_COLLATE"));
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:83:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (getenv("LC_CTYPE"))
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:84:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		lc_ctype = pg_strdup(getenv("LC_CTYPE"));
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:85:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (getenv("LC_MONETARY"))
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:86:27:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		lc_monetary = pg_strdup(getenv("LC_MONETARY"));
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:87:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (getenv("LC_NUMERIC"))
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:88:26:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		lc_numeric = pg_strdup(getenv("LC_NUMERIC"));
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:89:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (getenv("LC_TIME"))
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:90:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		lc_time = pg_strdup(getenv("LC_TIME"));
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:91:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (getenv("LANG"))
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:92:20:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		lang = pg_strdup(getenv("LANG"));
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:93:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (getenv("LANGUAGE"))
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:94:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		language = pg_strdup(getenv("LANGUAGE"));
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:95:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (getenv("LC_ALL"))
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:96:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		lc_all = pg_strdup(getenv("LC_ALL"));
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:97:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (getenv("LC_MESSAGES"))
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:98:27:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		lc_messages = pg_strdup(getenv("LC_MESSAGES"));
data/postgresql-12-12.4/src/bin/pg_upgrade/option.c:74:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	old_cluster.port = getenv("PGPORTOLD") ? atoi(getenv("PGPORTOLD")) : DEF_PGUPORT;
data/postgresql-12-12.4/src/bin/pg_upgrade/option.c:74:48:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	old_cluster.port = getenv("PGPORTOLD") ? atoi(getenv("PGPORTOLD")) : DEF_PGUPORT;
data/postgresql-12-12.4/src/bin/pg_upgrade/option.c:75:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	new_cluster.port = getenv("PGPORTNEW") ? atoi(getenv("PGPORTNEW")) : DEF_PGUPORT;
data/postgresql-12-12.4/src/bin/pg_upgrade/option.c:75:48:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	new_cluster.port = getenv("PGPORTNEW") ? atoi(getenv("PGPORTNEW")) : DEF_PGUPORT;
data/postgresql-12-12.4/src/bin/pg_upgrade/option.c:79:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (getenv("PGUSER"))
data/postgresql-12-12.4/src/bin/pg_upgrade/option.c:83:28:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		os_info.user = pg_strdup(getenv("PGUSER"));
data/postgresql-12-12.4/src/bin/pg_upgrade/option.c:104:19:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((option = getopt_long(argc, argv, "d:D:b:B:cj:ko:O:p:P:rs:U:v",
data/postgresql-12-12.4/src/bin/pg_upgrade/option.c:241:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (getenv("PGOPTIONS"))
data/postgresql-12-12.4/src/bin/pg_upgrade/option.c:244:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
										 getenv("PGOPTIONS"));
data/postgresql-12-12.4/src/bin/pg_upgrade/option.c:366:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		if ((envVar = getenv(envVarName)) && strlen(envVar))
data/postgresql-12-12.4/src/bin/pg_upgrade/server.c:375:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			const char *value = getenv(option->envvar);
data/postgresql-12-12.4/src/bin/pg_waldump/pg_waldump.c:279:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		datadir = getenv("PGDATA");
data/postgresql-12-12.4/src/bin/pg_waldump/pg_waldump.c:888:19:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((option = getopt_long(argc, argv, "be:fn:p:r:s:t:x:z",
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:5147:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if ((env = getenv("PGHOST")) != NULL && *env != '\0')
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:5149:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if ((env = getenv("PGPORT")) != NULL && *env != '\0')
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:5151:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	else if ((env = getenv("PGUSER")) != NULL && *env != '\0')
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:5157:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (!set_random_seed(getenv("PGBENCH_RANDOM_SEED")))
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:5163:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt_long(argc, argv, "iI:h:nvp:dqb:SNc:j:Crs:t:T:U:lf:D:F:M:P:R:L:", long_options, &optindex)) != -1)
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:5500:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		if ((env = getenv("PGDATABASE")) != NULL && *env != '\0')
data/postgresql-12-12.4/src/bin/psql/command.c:3074:37:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		values[paramnum] = (pset.notty || getenv("PGCLIENTENCODING")) ? NULL : "auto";
data/postgresql-12-12.4/src/bin/psql/command.c:3392:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	editorName = getenv("PSQL_EDITOR");
data/postgresql-12-12.4/src/bin/psql/command.c:3394:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		editorName = getenv("EDITOR");
data/postgresql-12-12.4/src/bin/psql/command.c:3396:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		editorName = getenv("VISUAL");
data/postgresql-12-12.4/src/bin/psql/command.c:3403:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		editor_lineno_arg = getenv("PSQL_EDITOR_LINENUMBER_ARG");
data/postgresql-12-12.4/src/bin/psql/command.c:3468:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		const char *tmpdir = getenv("TMPDIR");
data/postgresql-12-12.4/src/bin/psql/command.c:4388:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		shellName = getenv("SHELL");
data/postgresql-12-12.4/src/bin/psql/command.c:4391:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			shellName = getenv("COMSPEC");
data/postgresql-12-12.4/src/bin/psql/common.c:333:3:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
		EnterCriticalSection(&cancelConnLock);
data/postgresql-12-12.4/src/bin/psql/common.c:356:2:  [3] (misc) InitializeCriticalSection:
  Exceptions can be thrown in low-memory situations. Use
  InitializeCriticalSectionAndSpinCount instead.
	InitializeCriticalSection(&cancelConnLock);
data/postgresql-12-12.4/src/bin/psql/common.c:444:2:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
	EnterCriticalSection(&cancelConnLock);
data/postgresql-12-12.4/src/bin/psql/common.c:474:2:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
	EnterCriticalSection(&cancelConnLock);
data/postgresql-12-12.4/src/bin/psql/help.c:57:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	user = getenv("PGUSER");
data/postgresql-12-12.4/src/bin/psql/help.c:80:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	env = getenv("PGDATABASE");
data/postgresql-12-12.4/src/bin/psql/help.c:130:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	env = getenv("PGHOST");
data/postgresql-12-12.4/src/bin/psql/help.c:134:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	env = getenv("PGPORT");
data/postgresql-12-12.4/src/bin/psql/help.c:138:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	env = getenv("PGUSER");
data/postgresql-12-12.4/src/bin/psql/input.c:371:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			envhist = getenv("PSQL_HISTORY");
data/postgresql-12-12.4/src/bin/psql/prompt.c:120:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
							((var = getenv("PGDATABASE")) && strcmp(var, PQdb(pset.db)) == 0))
data/postgresql-12-12.4/src/bin/psql/startup.c:180:31:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	pset.popt.topt.env_columns = getenv("COLUMNS") ? atoi(getenv("COLUMNS")) : 0;
data/postgresql-12-12.4/src/bin/psql/startup.c:180:56:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	pset.popt.topt.env_columns = getenv("COLUMNS") ? atoi(getenv("COLUMNS")) : 0;
data/postgresql-12-12.4/src/bin/psql/startup.c:265:30:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		values[6] = (pset.notty || getenv("PGCLIENTENCODING")) ? NULL : "auto";
data/postgresql-12-12.4/src/bin/psql/startup.c:511:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt_long(argc, argv, "aAbc:d:eEf:F:h:HlL:no:p:P:qR:sStT:U:v:VwWxXz?01",
data/postgresql-12-12.4/src/bin/psql/startup.c:763:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	char	   *envrc = getenv("PSQLRC");
data/postgresql-12-12.4/src/bin/scripts/clusterdb.c:72:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt_long(argc, argv, "h:p:U:wWeqd:at:v", long_options, &optindex)) != -1)
data/postgresql-12-12.4/src/bin/scripts/clusterdb.c:159:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			if (getenv("PGDATABASE"))
data/postgresql-12-12.4/src/bin/scripts/clusterdb.c:160:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
				dbname = getenv("PGDATABASE");
data/postgresql-12-12.4/src/bin/scripts/clusterdb.c:161:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			else if (getenv("PGUSER"))
data/postgresql-12-12.4/src/bin/scripts/clusterdb.c:162:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
				dbname = getenv("PGUSER");
data/postgresql-12-12.4/src/bin/scripts/common.c:406:2:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
	EnterCriticalSection(&cancelConnLock);
data/postgresql-12-12.4/src/bin/scripts/common.c:436:2:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
	EnterCriticalSection(&cancelConnLock);
data/postgresql-12-12.4/src/bin/scripts/common.c:501:3:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
		EnterCriticalSection(&cancelConnLock);
data/postgresql-12-12.4/src/bin/scripts/common.c:527:2:  [3] (misc) InitializeCriticalSection:
  Exceptions can be thrown in low-memory situations. Use
  InitializeCriticalSectionAndSpinCount instead.
	InitializeCriticalSection(&cancelConnLock);
data/postgresql-12-12.4/src/bin/scripts/createdb.c:74:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt_long(argc, argv, "h:p:U:wWeO:D:T:E:l:", long_options, &optindex)) != -1)
data/postgresql-12-12.4/src/bin/scripts/createdb.c:171:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		if (getenv("PGDATABASE"))
data/postgresql-12-12.4/src/bin/scripts/createdb.c:172:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			dbname = getenv("PGDATABASE");
data/postgresql-12-12.4/src/bin/scripts/createdb.c:173:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		else if (getenv("PGUSER"))
data/postgresql-12-12.4/src/bin/scripts/createdb.c:174:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			dbname = getenv("PGUSER");
data/postgresql-12-12.4/src/bin/scripts/createuser.c:91:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt_long(argc, argv, "h:p:U:g:wWedDsSaArRiIlLc:PE",
data/postgresql-12-12.4/src/bin/scripts/createuser.c:205:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			if (getenv("PGUSER"))
data/postgresql-12-12.4/src/bin/scripts/createuser.c:206:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
				newuser = getenv("PGUSER");
data/postgresql-12-12.4/src/bin/scripts/dropdb.c:64:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt_long(argc, argv, "h:p:U:wWei", long_options, &optindex)) != -1)
data/postgresql-12-12.4/src/bin/scripts/dropuser.c:63:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt_long(argc, argv, "h:p:U:wWei", long_options, &optindex)) != -1)
data/postgresql-12-12.4/src/bin/scripts/pg_isready.c:72:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt_long(argc, argv, "d:h:p:qt:U:", long_options, NULL)) != -1)
data/postgresql-12-12.4/src/bin/scripts/reindexdb.c:86:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt_long(argc, argv, "h:p:U:wWeqS:d:ast:i:v", long_options, &optindex)) != -1)
data/postgresql-12-12.4/src/bin/scripts/reindexdb.c:215:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			if (getenv("PGDATABASE"))
data/postgresql-12-12.4/src/bin/scripts/reindexdb.c:216:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
				dbname = getenv("PGDATABASE");
data/postgresql-12-12.4/src/bin/scripts/reindexdb.c:217:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			else if (getenv("PGUSER"))
data/postgresql-12-12.4/src/bin/scripts/reindexdb.c:218:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
				dbname = getenv("PGUSER");
data/postgresql-12-12.4/src/bin/scripts/reindexdb.c:230:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			if (getenv("PGDATABASE"))
data/postgresql-12-12.4/src/bin/scripts/reindexdb.c:231:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
				dbname = getenv("PGDATABASE");
data/postgresql-12-12.4/src/bin/scripts/reindexdb.c:232:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			else if (getenv("PGUSER"))
data/postgresql-12-12.4/src/bin/scripts/reindexdb.c:233:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
				dbname = getenv("PGUSER");
data/postgresql-12-12.4/src/bin/scripts/vacuumdb.c:155:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt_long(argc, argv, "h:p:U:wWeqd:zZFat:fvj:", long_options, &optindex)) != -1)
data/postgresql-12-12.4/src/bin/scripts/vacuumdb.c:320:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			if (getenv("PGDATABASE"))
data/postgresql-12-12.4/src/bin/scripts/vacuumdb.c:321:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
				dbname = getenv("PGDATABASE");
data/postgresql-12-12.4/src/bin/scripts/vacuumdb.c:322:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			else if (getenv("PGUSER"))
data/postgresql-12-12.4/src/bin/scripts/vacuumdb.c:323:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
				dbname = getenv("PGUSER");
data/postgresql-12-12.4/src/common/exec.c:172:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if ((path = getenv("PATH")) && *path)
data/postgresql-12-12.4/src/common/exec.c:436:6:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
	if (CreateProcess(NULL,
data/postgresql-12-12.4/src/common/exec.c:436:6:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
	if (CreateProcess(NULL,
data/postgresql-12-12.4/src/common/exec.c:597:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (getenv("PGLOCALEDIR") == NULL)
data/postgresql-12-12.4/src/common/exec.c:608:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (getenv("PGSYSCONFDIR") == NULL)
data/postgresql-12-12.4/src/common/logging.c:78:29:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	const char *pg_color_env = getenv("PG_COLOR");
data/postgresql-12-12.4/src/common/logging.c:107:31:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		const char *pg_colors_env = getenv("PG_COLORS");
data/postgresql-12-12.4/src/common/restricted_token.c:61:19:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
	Advapi32Handle = LoadLibrary("ADVAPI32.DLL");
data/postgresql-12-12.4/src/common/restricted_token.c:118:7:  [3] (shell) CreateProcessAsUser:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Especially watch out for embedded spaces.
	if (!CreateProcessAsUser(restrictedToken,
data/postgresql-12-12.4/src/common/restricted_token.c:155:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if ((restrict_env = getenv("PG_RESTRICT_EXEC")) == NULL
data/postgresql-12-12.4/src/fe_utils/print.c:3016:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			pagerprog = getenv("PSQL_PAGER");
data/postgresql-12-12.4/src/fe_utils/print.c:3018:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
				pagerprog = getenv("PAGER");
data/postgresql-12-12.4/src/include/getopt_long.h:31:12:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
extern int	getopt_long(int argc, char *const argv[],
data/postgresql-12-12.4/src/include/pg_getopt.h:53:12:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
extern int	getopt(int nargc, char *const *nargv, const char *ostr);
data/postgresql-12-12.4/src/include/port.h:437:13:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
extern long random(void);
data/postgresql-12-12.4/src/include/port.h:445:13:  [3] (random) srandom:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
extern void srandom(unsigned int seed);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/connect.c:312:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		envname = getenv("PG_DBPATH");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/misc.c:513:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		ldir = getenv("PGLOCALEDIR");
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/ecpg.c:158:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt_long(argc, argv, "vcio:I:tD:dC:r:h", ecpg_options, NULL)) != -1)
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:4953:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		service = getenv("PGSERVICE");
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:4963:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if ((env = getenv("PGSERVICEFILE")) != NULL)
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:4987:5:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			 getenv("PGSYSCONFDIR") ? getenv("PGSYSCONFDIR") : SYSCONFDIR);
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:4987:30:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			 getenv("PGSYSCONFDIR") ? getenv("PGSYSCONFDIR") : SYSCONFDIR);
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:5671:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			if ((tmp = getenv(option->envvar)) != NULL)
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:5693:32:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			const char *requiresslenv = getenv("PGREQUIRESSL");
data/postgresql-12-12.4/src/interfaces/libpq/fe-misc.c:1260:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	str = getenv("PGCLIENTENCODING");
data/postgresql-12-12.4/src/interfaces/libpq/fe-misc.c:1290:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		ldir = getenv("PGLOCALEDIR");
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:175:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			pagerenv = getenv("PAGER");
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol2.c:150:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
						if ((val = getenv(conn->next_eo->envName)))
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol2.c:366:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
							val = getenv("PGCLIENTENCODING");
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol3.c:2201:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		if ((val = getenv(next_eo->envName)) != NULL)
data/postgresql-12-12.4/src/interfaces/libpq/pthread-win32.c:40:2:  [3] (misc) InitializeCriticalSection:
  Exceptions can be thrown in low-memory situations. Use
  InitializeCriticalSectionAndSpinCount instead.
	InitializeCriticalSection(*mp);
data/postgresql-12-12.4/src/interfaces/libpq/pthread-win32.c:49:2:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
	EnterCriticalSection(*mp);
data/postgresql-12-12.4/src/interfaces/libpq/win32.c:294:30:  [3] (misc) LoadLibraryEx:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
			dlls[i].handle = (void *) LoadLibraryEx(
data/postgresql-12-12.4/src/port/dlopen.c:133:6:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
	h = LoadLibrary(file);
data/postgresql-12-12.4/src/port/getopt.c:71:1:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
getopt(int nargc, char *const *nargv, const char *ostr)
data/postgresql-12-12.4/src/port/getopt_long.c:57:1:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
getopt_long(int argc, char *const argv[],
data/postgresql-12-12.4/src/port/path.c:829:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	tmppath = getenv("APPDATA");
data/postgresql-12-12.4/src/port/pg_strong_random.c:176:21:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#error no source of random numbers configured
data/postgresql-12-12.4/src/port/random.c:22:1:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
random()
data/postgresql-12-12.4/src/port/sprompt.c:91:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		|| (getenv("OSTYPE") && strcmp(getenv("OSTYPE"), "msys") == 0)
data/postgresql-12-12.4/src/port/sprompt.c:91:34:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		|| (getenv("OSTYPE") && strcmp(getenv("OSTYPE"), "msys") == 0)
data/postgresql-12-12.4/src/port/srandom.c:22:1:  [3] (random) srandom:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
srandom(unsigned int seed)
data/postgresql-12-12.4/src/port/strerror.c:293:15:  [3] (misc) LoadLibraryEx:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
		handleDLL = LoadLibraryEx("netmsg.dll", NULL,
data/postgresql-12-12.4/src/port/unsetenv.c:24:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (getenv(name) == NULL)
data/postgresql-12-12.4/src/test/isolation/isolationtester.c:84:16:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((opt = getopt(argc, argv, "nV")) != -1)
data/postgresql-12-12.4/src/test/isolation/isolationtester.c:122:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	env_wait = getenv("PGISOLATIONTIMEOUT");
data/postgresql-12-12.4/src/test/modules/test_bloomfilter/test_bloomfilter.c:88:26:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	seed = callerseed < 0 ? random() % PG_INT32_MAX : callerseed;
data/postgresql-12-12.4/src/test/modules/test_rbtree/test_rbtree.c:111:13:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		int			j = random() % (i + 1);
data/postgresql-12-12.4/src/test/modules/test_rbtree/test_rbtree.c:323:13:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		int			k = random() % size;
data/postgresql-12-12.4/src/test/regress/pg_regress.c:787:31:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		const char *old_pgoptions = getenv("PGOPTIONS");
data/postgresql-12-12.4/src/test/regress/pg_regress.c:818:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			sockdir = getenv("PG_REGRESS_SOCK_DIR");
data/postgresql-12-12.4/src/test/regress/pg_regress.c:863:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		pghost = getenv("PGHOST");
data/postgresql-12-12.4/src/test/regress/pg_regress.c:864:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		pgport = getenv("PGPORT");
data/postgresql-12-12.4/src/test/regress/pg_regress.c:2130:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (getenv("PG_REGRESS_DIFF_OPTS"))
data/postgresql-12-12.4/src/test/regress/pg_regress.c:2131:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		pretty_diff_opts = getenv("PG_REGRESS_DIFF_OPTS");
data/postgresql-12-12.4/src/test/regress/pg_regress.c:2133:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt_long(argc, argv, "hV", long_options, &option_index)) != -1)
data/postgresql-12-12.4/src/test/regress/pg_regress.c:2433:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		env_wait = getenv("PGCTLTIMEOUT");
data/postgresql-12-12.4/src/timezone/zic.c:684:14:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt(argc, argv, "b:d:l:L:p:Pr:st:vy:")) != EOF && c != -1)
data/postgresql-12-12.4/src/tools/testint128.c:73:16:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	x = (uint64) (random() & 0xFFFF) << 48;
data/postgresql-12-12.4/src/tools/testint128.c:74:17:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	x |= (uint64) (random() & 0xFFFF) << 32;
data/postgresql-12-12.4/src/tools/testint128.c:75:17:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	x |= (uint64) (random() & 0xFFFF) << 16;
data/postgresql-12-12.4/src/tools/testint128.c:76:17:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	x |= (uint64) (random() & 0xFFFF);
data/postgresql-12-12.4/contrib/adminpack/adminpack.c:527:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char	   *values[2];
data/postgresql-12-12.4/contrib/adminpack/adminpack.c:529:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		timestampbuf[32];
data/postgresql-12-12.4/contrib/adminpack/adminpack.c:530:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char	   *field[MAXDATEFIELDS];
data/postgresql-12-12.4/contrib/adminpack/adminpack.c:531:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		lowstr[MAXDATELEN + 1];
data/postgresql-12-12.4/contrib/amcheck/verify_nbtree.c:2359:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(page, BufferGetPage(buffer), BLCKSZ);
data/postgresql-12-12.4/contrib/bloom/blinsert.c:56:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(page, buildstate->data.data, BLCKSZ);
data/postgresql-12-12.4/contrib/bloom/blutils.c:56:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[16];
data/postgresql-12-12.4/contrib/bloom/blutils.c:328:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((Pointer) itup, (Pointer) tuple, state->sizeOfBloomTuple);
data/postgresql-12-12.4/contrib/bloom/blvacuum.c:153:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(metaData->notFullPage, notFullPage, sizeof(BlockNumber) * countPage);
data/postgresql-12-12.4/contrib/btree_gist/btree_bit.c:85:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		((char *) out)[sz++] = 0;
data/postgresql-12-12.4/contrib/btree_gist/btree_bit.c:87:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((void *) VARDATA(out), (void *) VARBITS(leaf), VARBITBYTES(leaf));
data/postgresql-12-12.4/contrib/btree_gist/btree_interval.c:160:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy((void *) r, (void *) key, INTERVALSIZE);
data/postgresql-12-12.4/contrib/btree_gist/btree_interval.c:161:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy((void *) (r + INTERVALSIZE), (void *) key, INTERVALSIZE);
data/postgresql-12-12.4/contrib/btree_gist/btree_interval.c:167:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(r, &key->lower, INTERVALSIZE);
data/postgresql-12-12.4/contrib/btree_gist/btree_interval.c:168:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(r + INTERVALSIZE, &key->upper, INTERVALSIZE);
data/postgresql-12-12.4/contrib/btree_gist/btree_interval.c:199:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&r->lower, key, INTERVALSIZE);
data/postgresql-12-12.4/contrib/btree_gist/btree_interval.c:200:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&r->upper, key + INTERVALSIZE, INTERVALSIZE);
data/postgresql-12-12.4/contrib/btree_gist/btree_macaddr.c:15:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pad[4];			/* make struct size = sizeof(gbtreekey16) */
data/postgresql-12-12.4/contrib/btree_gist/btree_utils_num.c:85:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((void *) &r[0], leaf, tinfo->size);
data/postgresql-12-12.4/contrib/btree_gist/btree_utils_num.c:86:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((void *) &r[tinfo->size], leaf, tinfo->size);
data/postgresql-12-12.4/contrib/btree_gist/btree_utils_num.c:179:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((void *) out, (void *) cur, 2 * tinfo->size);
data/postgresql-12-12.4/contrib/btree_gist/btree_utils_num.c:188:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(unconstify(GBT_NUMKEY *, o.lower), c.lower, tinfo->size);
data/postgresql-12-12.4/contrib/btree_gist/btree_utils_num.c:191:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(unconstify(GBT_NUMKEY *, o.upper), c.upper, tinfo->size);
data/postgresql-12-12.4/contrib/btree_gist/btree_utils_num.c:230:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&(((GBT_NUMKEY *) DatumGetPointer(*u))[0]), rd.lower, tinfo->size);
data/postgresql-12-12.4/contrib/btree_gist/btree_utils_num.c:231:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&(((GBT_NUMKEY *) DatumGetPointer(*u))[tinfo->size]), rd.upper, tinfo->size);
data/postgresql-12-12.4/contrib/btree_gist/btree_utils_num.c:240:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(unconstify(GBT_NUMKEY *, ur.lower), rd.lower, tinfo->size);
data/postgresql-12-12.4/contrib/btree_gist/btree_utils_num.c:242:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(unconstify(GBT_NUMKEY *, ur.upper), rd.upper, tinfo->size);
data/postgresql-12-12.4/contrib/btree_gist/btree_utils_var.c:62:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	r.lower = (bytea *) &(((char *) k)[VARHDRSZ]);
data/postgresql-12-12.4/contrib/btree_gist/btree_utils_var.c:64:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		r.upper = (bytea *) &(((char *) k)[VARHDRSZ + INTALIGN(VARSIZE(r.lower))]);
data/postgresql-12-12.4/contrib/btree_gist/btree_utils_var.c:81:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(VARDATA(r), u, lowersize);
data/postgresql-12-12.4/contrib/btree_gist/btree_utils_var.c:98:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(VARDATA(r), u->lower, lowersize);
data/postgresql-12-12.4/contrib/btree_gist/btree_utils_var.c:99:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(VARDATA(r) + INTALIGN(lowersize), u->upper, uppersize);
data/postgresql-12-12.4/contrib/btree_gist/btree_utils_var.c:222:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(VARDATA(out), r.lower, len1 + VARHDRSZ);
data/postgresql-12-12.4/contrib/btree_gist/btree_utils_var.c:226:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(out2, r.upper, len2 + VARHDRSZ);
data/postgresql-12-12.4/contrib/btree_gist/btree_utils_var.c:425:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			unsigned char tmp[4];
data/postgresql-12-12.4/contrib/btree_gist/btree_uuid.c:113:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((void *) r, (void *) key, UUID_LEN);
data/postgresql-12-12.4/contrib/btree_gist/btree_uuid.c:114:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((void *) (r + UUID_LEN), (void *) key, UUID_LEN);
data/postgresql-12-12.4/contrib/btree_gist/btree_uuid.c:177:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(uu, u->data, UUID_LEN);
data/postgresql-12-12.4/contrib/cube/cubeparse.c:847:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/postgresql-12-12.4/contrib/cube/cubeparse.c:1037:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char yymsgbuf[128];
data/postgresql-12-12.4/contrib/cube/cubescan.c:2098:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(scanbuf, str, slen);
data/postgresql-12-12.4/contrib/dblink/dblink.c:141:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		name[NAMEDATALEN];
data/postgresql-12-12.4/contrib/dblink/dblink.c:1032:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char	   *values[1];
data/postgresql-12-12.4/contrib/dblink/dblink.c:1342:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		errbuf[256];
data/postgresql-12-12.4/contrib/dblink/dblink.c:2709:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		dblink_context_msg[512];
data/postgresql-12-12.4/contrib/dict_int/dict_int.c:47:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			d->maxlen = atoi(defGetString(defel));
data/postgresql-12-12.4/contrib/fuzzystrmatch/dmetaphone.c:134:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *aptr,
data/postgresql-12-12.4/contrib/fuzzystrmatch/dmetaphone.c:163:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *aptr,
data/postgresql-12-12.4/contrib/fuzzystrmatch/dmetaphone.c:252:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(s->str, init_str, s->length + 1);
data/postgresql-12-12.4/contrib/fuzzystrmatch/dmetaphone.c:1435:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *codes[2];
data/postgresql-12-12.4/contrib/fuzzystrmatch/fuzzystrmatch.c:114:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char _codes[26] = {
data/postgresql-12-12.4/contrib/fuzzystrmatch/fuzzystrmatch.c:714:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		outstr[SOUNDEX_LEN + 1];
data/postgresql-12-12.4/contrib/fuzzystrmatch/fuzzystrmatch.c:778:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sndx1[SOUNDEX_LEN + 1],
data/postgresql-12-12.4/contrib/hstore/hstore.h:101:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((dptr_), (sptr_), (klen_)+(vlen_));						\
data/postgresql-12-12.4/contrib/hstore/hstore.h:114:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((dptr_), (pair_).key, (pair_).keylen);					\
data/postgresql-12-12.4/contrib/hstore/hstore.h:122:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy((dptr_), (pair_).val, (pair_).vallen);				\
data/postgresql-12-12.4/contrib/hstore/hstore_gin.c:38:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(VARDATA(item) + 1, str, len);
data/postgresql-12-12.4/contrib/hstore/hstore_gist.c:19:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef char BITVEC[SIGLEN];
data/postgresql-12-12.4/contrib/hstore/hstore_gist.c:41:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		data[FLEXIBLE_ARRAY_MEMBER];
data/postgresql-12-12.4/contrib/hstore/hstore_gist.c:298:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((void *) GETSIGN(result), (void *) base, sizeof(BITVEC));
data/postgresql-12-12.4/contrib/hstore/hstore_gist.c:401:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((void *) GETSIGN(datum_l), (void *) GETSIGN(GETENTRY(entryvec, seed_1)), sizeof(BITVEC))
data/postgresql-12-12.4/contrib/hstore/hstore_gist.c:415:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((void *) GETSIGN(datum_r), (void *) GETSIGN(GETENTRY(entryvec, seed_2)), sizeof(BITVEC));
data/postgresql-12-12.4/contrib/hstore/hstore_io.c:344:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(res, ptr, sizeof(Pairs));
data/postgresql-12-12.4/contrib/hstore/hstore_io.c:1110:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(value, HSTORE_VAL(entries, ptr, idx), vallen);
data/postgresql-12-12.4/contrib/hstore/hstore_op.c:323:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(out, hs, VARSIZE(hs));
data/postgresql-12-12.4/contrib/hstore/hstore_op.c:405:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(out, hs, VARSIZE(hs));
data/postgresql-12-12.4/contrib/hstore/hstore_op.c:498:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(out, s2, VARSIZE(s2));
data/postgresql-12-12.4/contrib/hstore/hstore_op.c:507:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(out, s1, VARSIZE(s1));
data/postgresql-12-12.4/contrib/hstore/hstore_op.c:865:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(st, hs, VARSIZE(hs));
data/postgresql-12-12.4/contrib/intarray/_int.h:54:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef char BITVEC[SIGLEN];
data/postgresql-12-12.4/contrib/intarray/_int.h:76:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		data[FLEXIBLE_ARRAY_MEMBER];
data/postgresql-12-12.4/contrib/intarray/_int_bool.c:51:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		nnn[16];
data/postgresql-12-12.4/contrib/intarray/_int_bool.c:573:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(in->cur, "%d", in->curpol->val);
data/postgresql-12-12.4/contrib/intarray/_int_bool.c:590:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(in->cur, "( ");
data/postgresql-12-12.4/contrib/intarray/_int_bool.c:597:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(in->cur, " )");
data/postgresql-12-12.4/contrib/intarray/_int_bool.c:610:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(in->cur, "( ");
data/postgresql-12-12.4/contrib/intarray/_int_bool.c:634:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(in->cur, " )");
data/postgresql-12-12.4/contrib/intarray/_int_gist.c:141:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr, ARRPTR(ent), nel * sizeof(int32));
data/postgresql-12-12.4/contrib/intarray/_int_op.c:322:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ARRPTR(result), ARRPTR(a) + start, (end - start) * sizeof(int32));
data/postgresql-12-12.4/contrib/intarray/_int_tool.c:287:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ARRPTR(r), ARRPTR(a), n * sizeof(int32));
data/postgresql-12-12.4/contrib/intarray/_int_tool.c:373:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(r, ARRPTR(a), c * sizeof(int32));
data/postgresql-12-12.4/contrib/intarray/_int_tool.c:389:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ARRPTR(result), ARRPTR(a), ac * sizeof(int32));
data/postgresql-12-12.4/contrib/intarray/_int_tool.c:391:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ARRPTR(result) + ac, ARRPTR(b), bc * sizeof(int32));
data/postgresql-12-12.4/contrib/intarray/_intbig_gist.c:270:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((void *) GETSIGN(result), (void *) base, sizeof(BITVEC));
data/postgresql-12-12.4/contrib/intarray/_intbig_gist.c:373:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((void *) GETSIGN(datum_l), (void *) GETSIGN(GETENTRY(entryvec, seed_1)), sizeof(BITVEC));
data/postgresql-12-12.4/contrib/intarray/_intbig_gist.c:386:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((void *) GETSIGN(datum_r), (void *) GETSIGN(GETENTRY(entryvec, seed_2)), sizeof(BITVEC));
data/postgresql-12-12.4/contrib/isn/isn.c:66:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
check_table(const char *(*TABLE)[2], const unsigned TABLE_index[10][2])
data/postgresql-12-12.4/contrib/isn/isn.c:169:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
hyphenate(char *bufO, char *bufI, const char *(*TABLE)[2], const unsigned TABLE_index[10][2])
data/postgresql-12-12.4/contrib/isn/isn.c:169:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
hyphenate(char *bufO, char *bufI, const char *(*TABLE)[2], const unsigned TABLE_index[10][2])
data/postgresql-12-12.4/contrib/isn/isn.c:169:41:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
hyphenate(char *bufO, char *bufI, const char *(*TABLE)[2], const unsigned TABLE_index[10][2])
data/postgresql-12-12.4/contrib/isn/isn.c:346:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[MAXEAN13LEN + 1];
data/postgresql-12-12.4/contrib/isn/isn.c:424:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		eanbuf[64];
data/postgresql-12-12.4/contrib/isn/isn.c:536:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *(*TABLE)[2];
data/postgresql-12-12.4/contrib/isn/isn.c:661:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		eanbuf[64];
data/postgresql-12-12.4/contrib/isn/isn.c:691:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[17] = "                ";
data/postgresql-12-12.4/contrib/isn/isn.c:838:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(buf, "9790", 4); /* this isn't for sure yet, for now ISMN
data/postgresql-12-12.4/contrib/isn/isn.c:843:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(buf, "978", 3);
data/postgresql-12-12.4/contrib/isn/isn.c:847:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(buf + 10, "00", 2);	/* append 00 as the normal issue
data/postgresql-12-12.4/contrib/isn/isn.c:849:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(buf, "977", 3);
data/postgresql-12-12.4/contrib/isn/isn.c:956:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[MAXEAN13LEN + 1];
data/postgresql-12-12.4/contrib/isn/isn.c:972:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[MAXEAN13LEN + 1];
data/postgresql-12-12.4/contrib/jsonb_plperl/jsonb_plperl.c:271:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		: memcpy(palloc(sizeof(JsonbValue)), &out, sizeof(JsonbValue));
data/postgresql-12-12.4/contrib/ltree/_ltree_gist.c:185:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((void *) LTG_SIGN(result), (void *) base, sizeof(ABITVEC));
data/postgresql-12-12.4/contrib/ltree/_ltree_gist.c:323:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((void *) LTG_SIGN(datum_l), (void *) LTG_SIGN(GETENTRY(entryvec, seed_1)), sizeof(ABITVEC));
data/postgresql-12-12.4/contrib/ltree/_ltree_gist.c:336:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((void *) LTG_SIGN(datum_r), (void *) LTG_SIGN(GETENTRY(entryvec, seed_2)), sizeof(ABITVEC));
data/postgresql-12-12.4/contrib/ltree/_ltree_op.c:215:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(item, found, VARSIZE(found));
data/postgresql-12-12.4/contrib/ltree/_ltree_op.c:238:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(item, found, VARSIZE(found));
data/postgresql-12-12.4/contrib/ltree/_ltree_op.c:261:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(item, found, VARSIZE(found));
data/postgresql-12-12.4/contrib/ltree/_ltree_op.c:284:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(item, found, VARSIZE(found));
data/postgresql-12-12.4/contrib/ltree/lquery_op.c:241:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
							memcpy(&tmpptr, ptr, sizeof(FieldNot));
data/postgresql-12-12.4/contrib/ltree/ltree.h:13:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		name[FLEXIBLE_ARRAY_MEMBER];
data/postgresql-12-12.4/contrib/ltree/ltree.h:23:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		data[FLEXIBLE_ARRAY_MEMBER];
data/postgresql-12-12.4/contrib/ltree/ltree.h:38:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		name[FLEXIBLE_ARRAY_MEMBER];
data/postgresql-12-12.4/contrib/ltree/ltree.h:55:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		variants[FLEXIBLE_ARRAY_MEMBER];
data/postgresql-12-12.4/contrib/ltree/ltree.h:76:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		data[FLEXIBLE_ARRAY_MEMBER];
data/postgresql-12-12.4/contrib/ltree/ltree.h:112:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		data[FLEXIBLE_ARRAY_MEMBER];
data/postgresql-12-12.4/contrib/ltree/ltree.h:192:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef unsigned char BITVEC[SIGLEN];
data/postgresql-12-12.4/contrib/ltree/ltree.h:222:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		data[FLEXIBLE_ARRAY_MEMBER];
data/postgresql-12-12.4/contrib/ltree/ltree.h:248:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef unsigned char ABITVEC[ASIGLEN];
data/postgresql-12-12.4/contrib/ltree/ltree_gist.c:62:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((void *) LTG_NODE(key), (void *) val, VARSIZE(val));
data/postgresql-12-12.4/contrib/ltree/ltree_gist.c:188:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					((unsigned char *) base)[i] |= sc[i];
data/postgresql-12-12.4/contrib/ltree/ltree_gist.c:205:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			if (((unsigned char *) base)[i] != 0xff)
data/postgresql-12-12.4/contrib/ltree/ltree_gist.c:223:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((void *) LTG_SIGN(result), base, SIGLEN);
data/postgresql-12-12.4/contrib/ltree/ltree_gist.c:225:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((void *) LTG_LNODE(result), (void *) left, VARSIZE(left));
data/postgresql-12-12.4/contrib/ltree/ltree_gist.c:229:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((void *) LTG_RNODE(result), (void *) right, VARSIZE(right));
data/postgresql-12-12.4/contrib/ltree/ltree_gist.c:333:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
						((unsigned char *) ls)[i] |= sc[i];
data/postgresql-12-12.4/contrib/ltree/ltree_gist.c:354:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
						((unsigned char *) rs)[i] |= sc[i];
data/postgresql-12-12.4/contrib/ltree/ltree_gist.c:365:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			if (((unsigned char *) ls)[i] != 0xff)
data/postgresql-12-12.4/contrib/ltree/ltree_gist.c:378:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			if (((unsigned char *) rs)[i] != 0xff)
data/postgresql-12-12.4/contrib/ltree/ltree_gist.c:395:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((void *) LTG_SIGN(lu), ls, SIGLEN);
data/postgresql-12-12.4/contrib/ltree/ltree_gist.c:396:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((void *) LTG_LNODE(lu), (void *) lu_l, VARSIZE(lu_l));
data/postgresql-12-12.4/contrib/ltree/ltree_gist.c:400:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((void *) LTG_RNODE(lu), (void *) lu_r, VARSIZE(lu_r));
data/postgresql-12-12.4/contrib/ltree/ltree_gist.c:412:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((void *) LTG_SIGN(ru), rs, SIGLEN);
data/postgresql-12-12.4/contrib/ltree/ltree_gist.c:413:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((void *) LTG_LNODE(ru), (void *) ru_l, VARSIZE(ru_l));
data/postgresql-12-12.4/contrib/ltree/ltree_gist.c:417:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((void *) LTG_RNODE(ru), (void *) ru_r, VARSIZE(ru_r));
data/postgresql-12-12.4/contrib/ltree/ltree_gist.c:450:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dst, src, VARSIZE(src));
data/postgresql-12-12.4/contrib/ltree/ltree_io.c:140:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(curlevel->name, lptr->start, lptr->len);
data/postgresql-12-12.4/contrib/ltree/ltree_io.c:167:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr, curlevel->name, curlevel->len);
data/postgresql-12-12.4/contrib/ltree/ltree_io.c:360:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				int			low = atoi(ptr);
data/postgresql-12-12.4/contrib/ltree/ltree_io.c:379:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				int			high = atoi(ptr);
data/postgresql-12-12.4/contrib/ltree/ltree_io.c:507:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(cur, curqlevel, LQL_HDRSIZE);
data/postgresql-12-12.4/contrib/ltree/ltree_io.c:519:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(lrptr->name, lptr->start, lptr->len);
data/postgresql-12-12.4/contrib/ltree/ltree_io.c:586:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(ptr, curtlevel->name, curtlevel->len);
data/postgresql-12-12.4/contrib/ltree/ltree_io.c:610:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(ptr, "*{%d}", curqlevel->low);
data/postgresql-12-12.4/contrib/ltree/ltree_io.c:620:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(ptr, "*{,%d}", curqlevel->high);
data/postgresql-12-12.4/contrib/ltree/ltree_io.c:624:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(ptr, "*{%d,}", curqlevel->low);
data/postgresql-12-12.4/contrib/ltree/ltree_io.c:627:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(ptr, "*{%d,%d}", curqlevel->low, curqlevel->high);
data/postgresql-12-12.4/contrib/ltree/ltree_op.c:225:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(LTREE_FIRST(res), start, end - start);
data/postgresql-12-12.4/contrib/ltree/ltree_op.c:289:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(LTREE_FIRST(r), LTREE_FIRST(a), VARSIZE(a) - LTREE_HDRSIZE);
data/postgresql-12-12.4/contrib/ltree/ltree_op.c:290:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(((char *) LTREE_FIRST(r)) + VARSIZE(a) - LTREE_HDRSIZE,
data/postgresql-12-12.4/contrib/ltree/ltree_op.c:492:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(l2, l1, MAXALIGN(l1->len + LEVEL_HDRSIZE));
data/postgresql-12-12.4/contrib/ltree/ltree_op.c:557:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr, curlevel->name, curlevel->len);
data/postgresql-12-12.4/contrib/ltree/ltxtquery_io.c:190:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((void *) state->curop, (void *) strval, lenval);
data/postgresql-12-12.4/contrib/ltree/ltxtquery_io.c:322:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pbuf[16384],
data/postgresql-12-12.4/contrib/ltree/ltxtquery_io.c:372:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((void *) GETOPERAND(query), (void *) state.op, state.sumlen);
data/postgresql-12-12.4/contrib/ltree/ltxtquery_io.c:464:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(in->cur, "( ");
data/postgresql-12-12.4/contrib/ltree/ltxtquery_io.c:471:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(in->cur, " )");
data/postgresql-12-12.4/contrib/ltree/ltxtquery_io.c:484:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(in->cur, "( ");
data/postgresql-12-12.4/contrib/ltree/ltxtquery_io.c:509:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(in->cur, " )");
data/postgresql-12-12.4/contrib/oid2name/oid2name.c:288:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		password[100];
data/postgresql-12-12.4/contrib/oid2name/oid2name.c:300:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		const char *keywords[PARAMS_ARRAY_SIZE];
data/postgresql-12-12.4/contrib/oid2name/oid2name.c:301:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		const char *values[PARAMS_ARRAY_SIZE];
data/postgresql-12-12.4/contrib/oid2name/oid2name.c:449:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		todo[1024];
data/postgresql-12-12.4/contrib/oid2name/oid2name.c:466:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		todo[1024];
data/postgresql-12-12.4/contrib/oid2name/oid2name.c:525:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			ptr += sprintf(ptr, " OR ");
data/postgresql-12-12.4/contrib/oid2name/oid2name.c:532:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			ptr += sprintf(ptr, " OR ");
data/postgresql-12-12.4/contrib/oid2name/oid2name.c:568:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		todo[1024];
data/postgresql-12-12.4/contrib/pageinspect/btreefuncs.c:173:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *values[11];
data/postgresql-12-12.4/contrib/pageinspect/btreefuncs.c:259:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *values[6];
data/postgresql-12-12.4/contrib/pageinspect/btreefuncs.c:293:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(dump, "%02x", *(ptr + off) & 0xff);
data/postgresql-12-12.4/contrib/pageinspect/btreefuncs.c:370:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(uargs->page, BufferGetPage(buffer), BLCKSZ);
data/postgresql-12-12.4/contrib/pageinspect/btreefuncs.c:515:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *values[8];
data/postgresql-12-12.4/contrib/pageinspect/heapfuncs.c:233:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(VARDATA(tuple_data_bytea), (char *) tuphdr + tuphdr->t_hoff,
data/postgresql-12-12.4/contrib/pageinspect/heapfuncs.c:390:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(VARDATA(attr_data), tupdata + off, len);
data/postgresql-12-12.4/contrib/pageinspect/rawpage.c:164:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(raw_page_data, BufferGetPage(buf), BLCKSZ);
data/postgresql-12-12.4/contrib/pageinspect/rawpage.c:204:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(page, VARDATA_ANY(raw_page), raw_page_size);
data/postgresql-12-12.4/contrib/pageinspect/rawpage.c:263:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		lsnchar[64];
data/postgresql-12-12.4/contrib/pg_prewarm/autoprewarm.c:567:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		transient_dump_file_path[MAXPGPATH];
data/postgresql-12-12.4/contrib/pg_prewarm/autoprewarm.c:802:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(worker.bgw_library_name, "pg_prewarm");
data/postgresql-12-12.4/contrib/pg_prewarm/autoprewarm.c:803:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(worker.bgw_function_name, "autoprewarm_main");
data/postgresql-12-12.4/contrib/pg_prewarm/autoprewarm.c:804:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(worker.bgw_name, "autoprewarm master");
data/postgresql-12-12.4/contrib/pg_prewarm/autoprewarm.c:805:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(worker.bgw_type, "autoprewarm master");
data/postgresql-12-12.4/contrib/pg_prewarm/autoprewarm.c:844:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(worker.bgw_library_name, "pg_prewarm");
data/postgresql-12-12.4/contrib/pg_prewarm/autoprewarm.c:845:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(worker.bgw_function_name, "autoprewarm_database_main");
data/postgresql-12-12.4/contrib/pg_prewarm/autoprewarm.c:846:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(worker.bgw_name, "autoprewarm worker");
data/postgresql-12-12.4/contrib/pg_prewarm/autoprewarm.c:847:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(worker.bgw_type, "autoprewarm worker");
data/postgresql-12-12.4/contrib/pg_standby/pg_standby.c:62:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char		WALFilePath[MAXPGPATH * 2]; /* the file path including archive */
data/postgresql-12-12.4/contrib/pg_standby/pg_standby.c:63:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char		restoreCommand[MAXPGPATH];	/* run this to restore */
data/postgresql-12-12.4/contrib/pg_standby/pg_standby.c:64:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char		exclusiveCleanupFileName[MAXFNAMELEN];	/* the file we need to get
data/postgresql-12-12.4/contrib/pg_standby/pg_standby.c:408:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = open(WALFilePath, O_RDWR, 0)) < 0)
data/postgresql-12-12.4/contrib/pg_standby/pg_standby.c:468:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[32];
data/postgresql-12-12.4/contrib/pg_standby/pg_standby.c:497:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = open(triggerPath, O_RDWR, 0)) < 0)
data/postgresql-12-12.4/contrib/pg_standby/pg_standby.c:691:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				keepfiles = atoi(optarg);
data/postgresql-12-12.4/contrib/pg_standby/pg_standby.c:710:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				maxretries = atoi(optarg);
data/postgresql-12-12.4/contrib/pg_standby/pg_standby.c:718:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				sleeptime = atoi(optarg);
data/postgresql-12-12.4/contrib/pg_standby/pg_standby.c:729:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				maxwaittime = atoi(optarg);
data/postgresql-12-12.4/contrib/pg_stat_statements/pg_stat_statements.c:2381:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(jumble, &start_hash, sizeof(start_hash));
data/postgresql-12-12.4/contrib/pg_stat_statements/pg_stat_statements.c:2385:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(jumble + jumble_len, item, part_size);
data/postgresql-12-12.4/contrib/pg_stat_statements/pg_stat_statements.c:3077:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(norm_query + n_quer_loc, query + quer_loc, len_to_wrt);
data/postgresql-12-12.4/contrib/pg_stat_statements/pg_stat_statements.c:3081:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		n_quer_loc += sprintf(norm_query + n_quer_loc, "$%d",
data/postgresql-12-12.4/contrib/pg_stat_statements/pg_stat_statements.c:3096:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(norm_query + n_quer_loc, query + quer_loc, len_to_wrt);
data/postgresql-12-12.4/contrib/pg_trgm/trgm.h:41:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef char trgm[3];
data/postgresql-12-12.4/contrib/pg_trgm/trgm.h:70:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		data[FLEXIBLE_ARRAY_MEMBER];
data/postgresql-12-12.4/contrib/pg_trgm/trgm.h:82:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef char BITVEC[SIGLEN];
data/postgresql-12-12.4/contrib/pg_trgm/trgm_gist.c:250:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((char *) newcache->query, (char *) query, querysize);
data/postgresql-12-12.4/contrib/pg_trgm/trgm_gist.c:255:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy((char *) newcache->trigrams, (char *) qtrg, qtrgsize);
data/postgresql-12-12.4/contrib/pg_trgm/trgm_gist.c:443:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(newcache, query, querysize);
data/postgresql-12-12.4/contrib/pg_trgm/trgm_gist.c:444:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(newcache + MAXALIGN(querysize), qtrg, VARSIZE(qtrg));
data/postgresql-12-12.4/contrib/pg_trgm/trgm_gist.c:551:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((void *) GETSIGN(result), (void *) base, sizeof(BITVEC));
data/postgresql-12-12.4/contrib/pg_trgm/trgm_gist.c:688:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(cachedVal, newval, newvalsize);
data/postgresql-12-12.4/contrib/pg_trgm/trgm_gist.c:723:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((void *) item->sign, (void *) GETSIGN(key), sizeof(BITVEC));
data/postgresql-12-12.4/contrib/pg_trgm/trgm_gist.c:831:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((void *) GETSIGN(datum_l), (void *) cache[seed_1].sign, sizeof(BITVEC));
data/postgresql-12-12.4/contrib/pg_trgm/trgm_gist.c:844:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((void *) GETSIGN(datum_r), (void *) cache[seed_2].sign, sizeof(BITVEC));
data/postgresql-12-12.4/contrib/pg_trgm/trgm_op.c:329:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buf + LPADDING, bword, bytelen);
data/postgresql-12-12.4/contrib/pg_trgm/trgm_op.c:427:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&result[i].trg, &trg1[i], sizeof(trgm));
data/postgresql-12-12.4/contrib/pg_trgm/trgm_op.c:433:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&result[i + len1].trg, &trg2[i], sizeof(trgm));
data/postgresql-12-12.4/contrib/pg_trgm/trgm_op.c:818:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(s, endword, clen);
data/postgresql-12-12.4/contrib/pg_trgm/trgm_op.c:846:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(s, endword, clen);
data/postgresql-12-12.4/contrib/pg_trgm/trgm_regexp.c:244:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		bytes[MAX_MULTIBYTE_CHAR_LEN];
data/postgresql-12-12.4/contrib/pg_trgm/trgm_regexp.c:741:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		errMsg[100];
data/postgresql-12-12.4/contrib/pg_trgm/trgm_regexp.c:844:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		s[MAX_MULTIBYTE_CHAR_LEN + 1];
data/postgresql-12-12.4/contrib/pg_trgm/trgm_regexp.c:885:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(result->bytes, s, MAX_MULTIBYTE_CHAR_LEN);
data/postgresql-12-12.4/contrib/pg_trgm/trgm_regexp.c:1187:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(keyCopy, key, sizeof(TrgmStateKey));
data/postgresql-12-12.4/contrib/pg_trgm/trgm_regexp.c:1846:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		str[3 * MAX_MULTIBYTE_CHAR_LEN],
data/postgresql-12-12.4/contrib/pg_trgm/trgm_regexp.c:2173:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char		s[MAX_MULTIBYTE_CHAR_LEN + 1];
data/postgresql-12-12.4/contrib/pg_trgm/trgm_regexp.c:2175:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(s, color->wordChars[j].bytes, MAX_MULTIBYTE_CHAR_LEN);
data/postgresql-12-12.4/contrib/pg_trgm/trgm_regexp.c:2191:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		FILE	   *fp = fopen("/tmp/source.gv", "w");
data/postgresql-12-12.4/contrib/pg_trgm/trgm_regexp.c:2253:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		FILE	   *fp = fopen("/tmp/transformed.gv", "w");
data/postgresql-12-12.4/contrib/pg_trgm/trgm_regexp.c:2344:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		FILE	   *fp = fopen("/tmp/packed.gv", "w");
data/postgresql-12-12.4/contrib/pgcrypto/crypt-blowfish.c:350:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char BF_itoa64[64 + 1] =
data/postgresql-12-12.4/contrib/pgcrypto/crypt-blowfish.c:353:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char BF_atoi64[0x60] = {
data/postgresql-12-12.4/contrib/pgcrypto/crypt-blowfish.c:740:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(output, setting, 7 + 22 - 1);
data/postgresql-12-12.4/contrib/pgcrypto/crypt-des.c:645:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(out, buffer, sizeof(buffer));
data/postgresql-12-12.4/contrib/pgcrypto/crypt-des.c:662:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char output[21];
data/postgresql-12-12.4/contrib/pgcrypto/crypt-gensalt.c:21:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char _crypt_itoa64[64 + 1] =
data/postgresql-12-12.4/contrib/pgcrypto/crypt-gensalt.c:120:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char BF_itoa64[64 + 1] =
data/postgresql-12-12.4/contrib/pgcrypto/crypt-md5.c:42:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char final[MD5_SIZE];
data/postgresql-12-12.4/contrib/pgcrypto/imath.c:147:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(q__, p__, i__);
data/postgresql-12-12.4/contrib/pgcrypto/imath.c:2236:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(new, old, osize * sizeof(mp_digit));
data/postgresql-12-12.4/contrib/pgcrypto/internal.c:312:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&cx->keybuf, key, klen);
data/postgresql-12-12.4/contrib/pgcrypto/internal.c:315:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(cx->iv, iv, 128 / 8);
data/postgresql-12-12.4/contrib/pgcrypto/internal.c:344:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(res, data, dlen);
data/postgresql-12-12.4/contrib/pgcrypto/internal.c:349:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(cx->iv, res + dlen - 16, 16);
data/postgresql-12-12.4/contrib/pgcrypto/internal.c:372:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(res, data, dlen);
data/postgresql-12-12.4/contrib/pgcrypto/internal.c:377:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(cx->iv, data + dlen - 16, 16);
data/postgresql-12-12.4/contrib/pgcrypto/internal.c:460:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(res, data, dlen);
data/postgresql-12-12.4/contrib/pgcrypto/internal.c:485:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(res, data, dlen);
data/postgresql-12-12.4/contrib/pgcrypto/mbuf.c:112:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dst->data_end, buf, len);
data/postgresql-12-12.4/contrib/pgcrypto/mbuf.c:290:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tmpbuf, *data_p, res);
data/postgresql-12-12.4/contrib/pgcrypto/mbuf.c:306:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(tmpbuf + total, tmp, res);
data/postgresql-12-12.4/contrib/pgcrypto/mbuf.c:331:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dst, p, len);
data/postgresql-12-12.4/contrib/pgcrypto/mbuf.c:475:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(mp->buf + mp->pos, data, len);
data/postgresql-12-12.4/contrib/pgcrypto/mbuf.c:479:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(mp->buf + mp->pos, data, need);
data/postgresql-12-12.4/contrib/pgcrypto/mbuf.c:507:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(mp->buf, data, len);
data/postgresql-12-12.4/contrib/pgcrypto/openssl.c:479:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(od->key, key, klen);
data/postgresql-12-12.4/contrib/pgcrypto/openssl.c:482:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(od->iv, iv, bs);
data/postgresql-12-12.4/contrib/pgcrypto/openssl.c:498:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(od->key, key, klen > 8 ? 8 : klen);
data/postgresql-12-12.4/contrib/pgcrypto/openssl.c:501:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(od->iv, iv, bs);
data/postgresql-12-12.4/contrib/pgcrypto/openssl.c:517:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(od->key, key, klen > 24 ? 24 : klen);
data/postgresql-12-12.4/contrib/pgcrypto/openssl.c:520:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(od->iv, iv, bs);
data/postgresql-12-12.4/contrib/pgcrypto/openssl.c:535:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(od->key, key, klen);
data/postgresql-12-12.4/contrib/pgcrypto/openssl.c:538:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(od->iv, iv, bs);
data/postgresql-12-12.4/contrib/pgcrypto/openssl.c:561:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(od->key, key, klen);
data/postgresql-12-12.4/contrib/pgcrypto/openssl.c:564:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(od->iv, iv, bs);
data/postgresql-12-12.4/contrib/pgcrypto/pgcrypto.c:138:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[PX_MAX_SALT_LEN + 1];
data/postgresql-12-12.4/contrib/pgcrypto/pgcrypto.c:161:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[PX_MAX_SALT_LEN + 1];
data/postgresql-12-12.4/contrib/pgcrypto/pgp-armor.c:440:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buf, armor_start, armor_len);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-cfb.c:77:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ctx->fr, iv, ctx->block_size);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-cfb.c:145:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(ctx->fr, ctx->encbuf + 2, ctx->block_size - 2);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-cfb.c:146:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(ctx->fr + ctx->block_size - 2, ctx->encbuf, 2);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-cfb.c:179:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(ctx->fr, ctx->encbuf + 2, ctx->block_size - 2);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-cfb.c:180:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(ctx->fr + ctx->block_size - 2, ctx->encbuf, 2);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-cfb.c:217:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(ctx->fr, ctx->encbuf, ctx->block_size);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-cfb.c:239:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(ctx->fr, ctx->encbuf, ctx->block_size);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-decrypt.c:492:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dst, src, len);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-decrypt.c:669:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ctx->sess_key, ctx->s2k.key, ctx->s2k.key_len);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-encrypt.c:537:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(p, ctx->s2k.salt, 8);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-encrypt.c:591:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ctx->sess_key, ctx->s2k.key, ctx->s2k.key_len);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-info.c:58:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(keyid_buf, pk->key_id, 8);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-info.c:219:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(dst, "ANYKEY", 7);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-info.c:227:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(dst, "SYMKEY", 7);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-mpi.c:64:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(n->data, data, n->bytes);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-pgsql.c:189:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		res = pgp_disable_mdc(ctx, atoi(val));
data/postgresql-12-12.4/contrib/pgcrypto/pgp-pgsql.c:191:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		res = pgp_set_sess_key(ctx, atoi(val));
data/postgresql-12-12.4/contrib/pgcrypto/pgp-pgsql.c:193:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		res = pgp_set_s2k_mode(ctx, atoi(val));
data/postgresql-12-12.4/contrib/pgcrypto/pgp-pgsql.c:195:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		res = pgp_set_s2k_count(ctx, atoi(val));
data/postgresql-12-12.4/contrib/pgcrypto/pgp-pgsql.c:201:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		res = pgp_set_compress_algo(ctx, atoi(val));
data/postgresql-12-12.4/contrib/pgcrypto/pgp-pgsql.c:203:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		res = pgp_set_compress_level(ctx, atoi(val));
data/postgresql-12-12.4/contrib/pgcrypto/pgp-pgsql.c:205:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		res = pgp_set_convert_crlf(ctx, atoi(val));
data/postgresql-12-12.4/contrib/pgcrypto/pgp-pgsql.c:207:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		res = pgp_set_unicode_mode(ctx, atoi(val));
data/postgresql-12-12.4/contrib/pgcrypto/pgp-pgsql.c:214:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ex->debug = atoi(val);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-pgsql.c:223:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ex->disable_mdc = atoi(val);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-pgsql.c:228:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ex->use_sess_key = atoi(val);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-pgsql.c:233:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ex->s2k_mode = atoi(val);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-pgsql.c:238:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ex->s2k_count = atoi(val);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-pgsql.c:253:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ex->compress_algo = atoi(val);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-pgsql.c:258:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ex->unicode_mode = atoi(val);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-pgsql.c:888:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(VARDATA(res), buf.data, buf.len);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-pgsql.c:914:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(VARDATA(res), buf.data, buf.len);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-pgsql.c:978:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char	   *values[2];
data/postgresql-12-12.4/contrib/pgcrypto/pgp-pubdec.c:228:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ctx->sess_key, msg + 1, ctx->sess_key_len);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-pubenc.c:76:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buf + pad_len + 2, data, data_len);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-pubenc.c:102:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(secmsg + 1, ctx->sess_key, klen);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-pubkey.c:152:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pk->key_id, hash + 12, 8);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-s2k.c:68:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(dst, buf, md_rlen);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-s2k.c:74:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(dst, buf, remain);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-s2k.c:112:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(dst, buf, md_rlen);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-s2k.c:118:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(dst, buf, remain);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-s2k.c:182:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(dst, buf, md_rlen);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-s2k.c:188:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(dst, buf, remain);
data/postgresql-12-12.4/contrib/pgcrypto/px-crypt.c:137:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		rbuf[16];
data/postgresql-12-12.4/contrib/pgcrypto/px-hmac.c:70:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(keybuf, key, klen);
data/postgresql-12-12.4/contrib/pgcrypto/px.c:159:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		buf[512];
data/postgresql-12-12.4/contrib/pgcrypto/px.c:202:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(ivbuf, iv, ivs);
data/postgresql-12-12.4/contrib/pgcrypto/px.c:204:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(ivbuf, iv, ivlen);
data/postgresql-12-12.4/contrib/pgcrypto/px.c:211:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(keybuf, key, klen);
data/postgresql-12-12.4/contrib/pgcrypto/px.c:244:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(bbuf, data + *rlen, bpos);
data/postgresql-12-12.4/contrib/pgcrypto/rijndael.c:574:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(iv, iva, bs);
data/postgresql-12-12.4/contrib/pgcrypto/rijndael.c:624:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
show4x256u32(char *name, uint32 data[4][256])
data/postgresql-12-12.4/contrib/pgrowlocks/pgrowlocks.c:204:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
						char		buf[NCHARS];
data/postgresql-12-12.4/contrib/pgstattuple/pgstatindex.c:326:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char	   *values[10];
data/postgresql-12-12.4/contrib/pgstattuple/pgstattuple.c:96:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *values[NCOLUMNS];
data/postgresql-12-12.4/contrib/pgstattuple/pgstattuple.c:97:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		values_buf[NCOLUMNS][NCHARS];
data/postgresql-12-12.4/contrib/postgres_fdw/connection.c:446:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sql[64];
data/postgresql-12-12.4/contrib/postgres_fdw/connection.c:862:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sql[100];
data/postgresql-12-12.4/contrib/postgres_fdw/connection.c:1025:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		errbuf[256];
data/postgresql-12-12.4/contrib/postgres_fdw/option.c:249:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(popt, non_libpq_options, sizeof(non_libpq_options));
data/postgresql-12-12.4/contrib/postgres_fdw/postgres_fdw.c:1551:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sql[64];
data/postgresql-12-12.4/contrib/postgres_fdw/postgres_fdw.c:3350:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sql[64];
data/postgresql-12-12.4/contrib/postgres_fdw/postgres_fdw.c:3458:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sql[64];
data/postgresql-12-12.4/contrib/postgres_fdw/postgres_fdw.c:3657:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		n_rows = atoi(PQcmdTuples(res));
data/postgresql-12-12.4/contrib/postgres_fdw/postgres_fdw.c:3677:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		prep_name[NAMEDATALEN];
data/postgresql-12-12.4/contrib/postgres_fdw/postgres_fdw.c:3828:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sql[64];
data/postgresql-12-12.4/contrib/postgres_fdw/postgres_fdw.c:4025:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		dmstate->num_tuples = atoi(PQcmdTuples(dmstate->result));
data/postgresql-12-12.4/contrib/postgres_fdw/postgres_fdw.c:4502:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		fetch_sql[64];
data/postgresql-12-12.4/contrib/seg/seg.c:128:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		p += sprintf(p, "%c", seg->l_ext);
data/postgresql-12-12.4/contrib/seg/seg.c:145:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		p += sprintf(p, "..");
data/postgresql-12-12.4/contrib/seg/seg.c:151:10:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				p += sprintf(p, "%c", seg->u_ext);
data/postgresql-12-12.4/contrib/seg/seg.c:369:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(seg_l, sort_items[0].data, sizeof(SEG));
data/postgresql-12-12.4/contrib/seg/seg.c:387:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(seg_r, sort_items[firstright].data, sizeof(SEG));
data/postgresql-12-12.4/contrib/seg/seg.c:911:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[25] = {
data/postgresql-12-12.4/contrib/seg/seg.c:934:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(result, "%.*e", n - 1, val);
data/postgresql-12-12.4/contrib/seg/seg.c:943:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	exp = atoi(p + 1);
data/postgresql-12-12.4/contrib/seg/seg.c:995:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
						sprintf(&buf[11 + n], "e%d", exp + n - 1);
data/postgresql-12-12.4/contrib/seg/seg.c:997:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
						sprintf(&buf[11], "e%d", exp + n - 1);
data/postgresql-12-12.4/contrib/seg/segparse.c:103:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char strbuf[25] = {
data/postgresql-12-12.4/contrib/seg/segparse.c:860:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/postgresql-12-12.4/contrib/seg/segparse.c:1050:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char yymsgbuf[128];
data/postgresql-12-12.4/contrib/seg/segparse.c:1258:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(strbuf, "%g", result->lower);
data/postgresql-12-12.4/contrib/seg/segparse.c:1260:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(strbuf, "%g", result->upper);
data/postgresql-12-12.4/contrib/seg/segscan.c:2078:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(scanbuf, str, slen);
data/postgresql-12-12.4/contrib/spi/refint.c:61:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		ident[2 * NAMEDATALEN]; /* to identify myself */
data/postgresql-12-12.4/contrib/spi/refint.c:168:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sql[8192];
data/postgresql-12-12.4/contrib/spi/refint.c:258:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		ident[2 * NAMEDATALEN]; /* to identify myself */
data/postgresql-12-12.4/contrib/spi/refint.c:417:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sql[8192];
data/postgresql-12-12.4/contrib/spi/refint.c:496:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
					strcat(sql, " where ");
data/postgresql-12-12.4/contrib/spi/refint.c:520:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
				strcat(sql, " where ");
data/postgresql-12-12.4/contrib/tablefunc/tablefunc.c:131:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	crosstab_HashEnt *hentry; char key[MAX_CATNAME_LEN]; \
data/postgresql-12-12.4/contrib/tablefunc/tablefunc.c:145:40:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	crosstab_HashEnt *hentry; bool found; char key[MAX_CATNAME_LEN]; \
data/postgresql-12-12.4/contrib/tablefunc/tablefunc.c:161:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		internal_catname[MAX_CATNAME_LEN];
data/postgresql-12-12.4/contrib/tablefunc/tablefunc.c:1231:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		current_level[INT32_STRLEN];
data/postgresql-12-12.4/contrib/tablefunc/tablefunc.c:1232:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		serial_str[INT32_STRLEN];
data/postgresql-12-12.4/contrib/tablefunc/tablefunc.c:1281:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(current_level, "%d", level);
data/postgresql-12-12.4/contrib/tablefunc/tablefunc.c:1291:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(serial_str, "%d", (*serial)++);
data/postgresql-12-12.4/contrib/tablefunc/tablefunc.c:1349:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(current_level, "%d", level);
data/postgresql-12-12.4/contrib/tablefunc/tablefunc.c:1375:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(serial_str, "%d", (*serial)++);
data/postgresql-12-12.4/contrib/unaccent/unaccent.c:78:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(curnode->replaceTo, replaceTo, replacelen);
data/postgresql-12-12.4/contrib/uuid-ossp/uuid-ossp.c:258:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		strbuf[40];
data/postgresql-12-12.4/contrib/uuid-ossp/uuid-ossp.c:338:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					unsigned char sha1result[SHA1_RESULTLEN];
data/postgresql-12-12.4/contrib/uuid-ossp/uuid-ossp.c:474:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		strbuf[40];
data/postgresql-12-12.4/contrib/uuid-ossp/uuid-ossp.c:486:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[16];
data/postgresql-12-12.4/contrib/vacuumlo/vacuumlo.c:66:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[BUFSIZE];
data/postgresql-12-12.4/contrib/vacuumlo/vacuumlo.c:73:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char password[100];
data/postgresql-12-12.4/contrib/vacuumlo/vacuumlo.c:90:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		const char *keywords[PARAMS_ARRAY_SIZE];
data/postgresql-12-12.4/contrib/vacuumlo/vacuumlo.c:91:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		const char *values[PARAMS_ARRAY_SIZE];
data/postgresql-12-12.4/contrib/vacuumlo/vacuumlo.c:160:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buf, "CREATE TEMP TABLE vacuum_l AS ");
data/postgresql-12-12.4/contrib/vacuumlo/vacuumlo.c:162:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, "SELECT oid AS lo FROM pg_largeobject_metadata");
data/postgresql-12-12.4/contrib/vacuumlo/vacuumlo.c:164:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, "SELECT DISTINCT loid AS lo FROM pg_largeobject");
data/postgresql-12-12.4/contrib/vacuumlo/vacuumlo.c:181:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buf, "ANALYZE vacuum_l");
data/postgresql-12-12.4/contrib/vacuumlo/vacuumlo.c:203:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buf, "SELECT s.nspname, c.relname, a.attname ");
data/postgresql-12-12.4/contrib/vacuumlo/vacuumlo.c:204:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buf, "FROM pg_class c, pg_attribute a, pg_namespace s, pg_type t ");
data/postgresql-12-12.4/contrib/vacuumlo/vacuumlo.c:205:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buf, "WHERE a.attnum > 0 AND NOT a.attisdropped ");
data/postgresql-12-12.4/contrib/vacuumlo/vacuumlo.c:206:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buf, "      AND a.attrelid = c.oid ");
data/postgresql-12-12.4/contrib/vacuumlo/vacuumlo.c:207:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buf, "      AND a.atttypid = t.oid ");
data/postgresql-12-12.4/contrib/vacuumlo/vacuumlo.c:208:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buf, "      AND c.relnamespace = s.oid ");
data/postgresql-12-12.4/contrib/vacuumlo/vacuumlo.c:209:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buf, "      AND t.typname in ('oid', 'lo') ");
data/postgresql-12-12.4/contrib/vacuumlo/vacuumlo.c:210:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buf, "      AND c.relkind in (" CppAsString2(RELKIND_RELATION) ", " CppAsString2(RELKIND_MATVIEW) ")");
data/postgresql-12-12.4/contrib/vacuumlo/vacuumlo.c:211:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buf, "      AND s.nspname !~ '^pg_'");
data/postgresql-12-12.4/contrib/vacuumlo/vacuumlo.c:300:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buf,
data/postgresql-12-12.4/contrib/xml2/xpath.c:330:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((char *) xpath, "string(", 7);
data/postgresql-12-12.4/contrib/xml2/xpath.c:331:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((char *) (xpath + 7), VARDATA_ANY(xpathsupp), pathsize);
data/postgresql-12-12.4/src/backend/access/brin/brin_tuple.c:331:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dest, tuple, len);
data/postgresql-12-12.4/src/backend/access/common/heaptuple.c:247:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(data, val, data_length);
data/postgresql-12-12.4/src/backend/access/common/heaptuple.c:254:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(data, val, data_length);
data/postgresql-12-12.4/src/backend/access/common/heaptuple.c:262:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(data + 1, VARDATA(val), data_length - 1);
data/postgresql-12-12.4/src/backend/access/common/heaptuple.c:270:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(data, val, data_length);
data/postgresql-12-12.4/src/backend/access/common/heaptuple.c:279:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(data, DatumGetPointer(datum), data_length);
data/postgresql-12-12.4/src/backend/access/common/heaptuple.c:287:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(data, DatumGetPointer(datum), data_length);
data/postgresql-12-12.4/src/backend/access/common/heaptuple.c:692:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((char *) newTuple->t_data, (char *) tuple->t_data, tuple->t_len);
data/postgresql-12-12.4/src/backend/access/common/heaptuple.c:718:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((char *) dest->t_data, (char *) src->t_data, src->t_len);
data/postgresql-12-12.4/src/backend/access/common/heaptuple.c:892:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(nullBits,
data/postgresql-12-12.4/src/backend/access/common/heaptuple.c:918:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(targetData,
data/postgresql-12-12.4/src/backend/access/common/heaptuple.c:1003:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((char *) td, (char *) tuple->t_data, tuple->t_len);
data/postgresql-12-12.4/src/backend/access/common/heaptuple.c:1444:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(result, mtup, mtup->t_len);
data/postgresql-12-12.4/src/backend/access/common/heaptuple.c:1468:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((char *) result->t_data + MINIMAL_TUPLE_OFFSET, mtup, mtup->t_len);
data/postgresql-12-12.4/src/backend/access/common/heaptuple.c:1488:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(result, (char *) htup->t_data + MINIMAL_TUPLE_OFFSET, len);
data/postgresql-12-12.4/src/backend/access/common/indextuple.c:509:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(result, source, size);
data/postgresql-12-12.4/src/backend/access/common/printsimple.c:106:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char		str[12];	/* sign, 10 digits and '\0' */
data/postgresql-12-12.4/src/backend/access/common/printsimple.c:116:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char		str[23];	/* sign, 21 digits and '\0' */
data/postgresql-12-12.4/src/backend/access/common/reloptions.c:1189:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(value, text_str + option->gen->namelen + 1, value_len);
data/postgresql-12-12.4/src/backend/access/common/tupdesc.c:97:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(TupleDescAttr(desc, i), attrs[i], ATTRIBUTE_FIXED_PART_SIZE);
data/postgresql-12-12.4/src/backend/access/common/tupdesc.c:118:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(TupleDescAttr(desc, 0),
data/postgresql-12-12.4/src/backend/access/common/tupdesc.c:159:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(TupleDescAttr(desc, 0),
data/postgresql-12-12.4/src/backend/access/common/tupdesc.c:174:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(cpy->defval, constr->defval, cpy->num_defval * sizeof(AttrDefault));
data/postgresql-12-12.4/src/backend/access/common/tupdesc.c:185:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(cpy->missing, constr->missing, tupdesc->natts * sizeof(AttrMissing));
data/postgresql-12-12.4/src/backend/access/common/tupdesc.c:202:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(cpy->check, constr->check, cpy->num_check * sizeof(ConstrCheck));
data/postgresql-12-12.4/src/backend/access/common/tupdesc.c:238:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dst, src, TupleDescSize(src));
data/postgresql-12-12.4/src/backend/access/common/tupdesc.c:287:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dstAtt, srcAtt, ATTRIBUTE_FIXED_PART_SIZE);
data/postgresql-12-12.4/src/backend/access/gin/ginbtree.c:572:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(page, newrootpg, BLCKSZ);
data/postgresql-12-12.4/src/backend/access/gin/ginbtree.c:573:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(BufferGetPage(lbuffer), newlpage, BLCKSZ);
data/postgresql-12-12.4/src/backend/access/gin/ginbtree.c:574:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(BufferGetPage(rbuffer), newrpage, BLCKSZ);
data/postgresql-12-12.4/src/backend/access/gin/ginbtree.c:579:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(page, newlpage, BLCKSZ);
data/postgresql-12-12.4/src/backend/access/gin/ginbtree.c:580:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(BufferGetPage(rbuffer), newrpage, BLCKSZ);
data/postgresql-12-12.4/src/backend/access/gin/gindatapage.c:172:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result, tmp, (*nitems) * sizeof(ItemPointerData));
data/postgresql-12-12.4/src/backend/access/gin/gindatapage.c:400:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ptr, data, sizeof(PostingItem));
data/postgresql-12-12.4/src/backend/access/gin/gindatapage.c:833:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(tmp, seginfo->seg, segsize);
data/postgresql-12-12.4/src/backend/access/gin/gindatapage.c:940:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(walbufend, &seginfo->nmodifieditems, sizeof(uint16));
data/postgresql-12-12.4/src/backend/access/gin/gindatapage.c:941:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(walbufend + sizeof(uint16), seginfo->modifieditems, datalen);
data/postgresql-12-12.4/src/backend/access/gin/gindatapage.c:948:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(walbufend, seginfo->seg, segsize);
data/postgresql-12-12.4/src/backend/access/gin/gindatapage.c:1011:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(ptr, seginfo->seg, segsize);
data/postgresql-12-12.4/src/backend/access/gin/gindatapage.c:1065:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(ptr, seginfo->seg, segsize);
data/postgresql-12-12.4/src/backend/access/gin/gindatapage.c:1086:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(ptr, seginfo->seg, segsize);
data/postgresql-12-12.4/src/backend/access/gin/gindatapage.c:1273:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(allitems, GinDataPageGetPostingItem(oldpage, FirstOffsetNumber),
data/postgresql-12-12.4/src/backend/access/gin/gindatapage.c:1277:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&allitems[off], GinDataPageGetPostingItem(oldpage, off),
data/postgresql-12-12.4/src/backend/access/gin/gindatapage.c:1296:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(GinDataPageGetPostingItem(lpage, FirstOffsetNumber),
data/postgresql-12-12.4/src/backend/access/gin/gindatapage.c:1300:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(GinDataPageGetPostingItem(rpage, FirstOffsetNumber),
data/postgresql-12-12.4/src/backend/access/gin/gindatapage.c:1416:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(seginfo->items, uncompressed, nuncompressed * sizeof(ItemPointerData));
data/postgresql-12-12.4/src/backend/access/gin/gindatapage.c:1751:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(tmp, seginfo->seg, segsize);
data/postgresql-12-12.4/src/backend/access/gin/gindatapage.c:1807:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr, segment, segsize);
data/postgresql-12-12.4/src/backend/access/gin/ginentrypage.c:142:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr, data, dataSize);
data/postgresql-12-12.4/src/backend/access/gin/ginentrypage.c:188:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ipd, ptr, sizeof(ItemPointerData) * nipd);
data/postgresql-12-12.4/src/backend/access/gin/ginentrypage.c:213:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(nitup, itup, origsize);
data/postgresql-12-12.4/src/backend/access/gin/ginentrypage.c:222:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(nitup, itup, IndexTupleSize(itup));
data/postgresql-12-12.4/src/backend/access/gin/ginentrypage.c:634:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(ptr, insertData->entry, size);
data/postgresql-12-12.4/src/backend/access/gin/ginentrypage.c:641:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr, itup, size);
data/postgresql-12-12.4/src/backend/access/gin/ginentrypage.c:649:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr, insertData->entry, size);
data/postgresql-12-12.4/src/backend/access/gin/ginfast.c:81:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr, tuples[i], this_size);
data/postgresql-12-12.4/src/backend/access/gin/ginfast.c:384:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(ptr, collector->tuples[i], tupsize);
data/postgresql-12-12.4/src/backend/access/gin/ginfast.c:421:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&data.metadata, metadata, sizeof(GinMetaPageData));
data/postgresql-12-12.4/src/backend/access/gin/ginfast.c:644:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&data.metadata, metadata, sizeof(GinMetaPageData));
data/postgresql-12-12.4/src/backend/access/gin/ginpostinglist.c:236:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			unsigned char buf[MaxBytesPerInteger];
data/postgresql-12-12.4/src/backend/access/gin/ginpostinglist.c:243:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(ptr, buf, p - buf);
data/postgresql-12-12.4/src/backend/access/gin/ginpostinglist.c:394:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dst, a, na * sizeof(ItemPointerData));
data/postgresql-12-12.4/src/backend/access/gin/ginpostinglist.c:395:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&dst[na], b, nb * sizeof(ItemPointerData));
data/postgresql-12-12.4/src/backend/access/gin/ginpostinglist.c:400:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dst, b, nb * sizeof(ItemPointerData));
data/postgresql-12-12.4/src/backend/access/gin/ginpostinglist.c:401:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&dst[nb], a, na * sizeof(ItemPointerData));
data/postgresql-12-12.4/src/backend/access/gin/ginutil.c:703:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&data.metadata, metadata, sizeof(GinMetaPageData));
data/postgresql-12-12.4/src/backend/access/gin/ginvacuum.c:70:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(tmpitems, items, sizeof(ItemPointerData) * i);
data/postgresql-12-12.4/src/backend/access/gin/ginxlog.c:60:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(GinDataLeafPageGetPostingList(page), ptr, data->size);
data/postgresql-12-12.4/src/backend/access/gin/ginxlog.c:154:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(GinDataLeafPageGetPostingList(page), plist, totalsize);
data/postgresql-12-12.4/src/backend/access/gin/ginxlog.c:197:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&nitems, walbuf, sizeof(uint16));
data/postgresql-12-12.4/src/backend/access/gin/ginxlog.c:215:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(writePtr, (Pointer) oldseg, segsize);
data/postgresql-12-12.4/src/backend/access/gin/ginxlog.c:268:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(tailCopy, segptr, tailSize);
data/postgresql-12-12.4/src/backend/access/gin/ginxlog.c:284:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(writePtr, newseg, newsegsize);
data/postgresql-12-12.4/src/backend/access/gin/ginxlog.c:291:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(writePtr, newseg, newsegsize);
data/postgresql-12-12.4/src/backend/access/gin/ginxlog.c:310:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(writePtr, segptr, restSize);
data/postgresql-12-12.4/src/backend/access/gin/ginxlog.c:546:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(GinPageGetMeta(metapage), &data->metadata, sizeof(GinMetaPageData));
data/postgresql-12-12.4/src/backend/access/gin/ginxlog.c:689:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(GinPageGetMeta(metapage), &data->metadata, sizeof(GinMetaPageData));
data/postgresql-12-12.4/src/backend/access/gist/gistbuildbuffers.c:309:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ptr, itup, itupsz);
data/postgresql-12-12.4/src/backend/access/gist/gistbuildbuffers.c:331:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(*itup, ptr, itupsz);
data/postgresql-12-12.4/src/backend/access/gist/gistbuildbuffers.c:579:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&oldBuf, nodeBuffer, sizeof(GISTNodeBuffer));
data/postgresql-12-12.4/src/backend/access/gist/gistget.c:377:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(item->distances, myDistances,
data/postgresql-12-12.4/src/backend/access/gist/gistget.c:522:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(item->distances, so->distances,
data/postgresql-12-12.4/src/backend/access/gist/gistproc.c:167:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((void *) pageunion, (void *) cur, sizeof(BOX));
data/postgresql-12-12.4/src/backend/access/gist/gistproc.c:555:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(intervalsUpper, intervalsLower,
data/postgresql-12-12.4/src/backend/access/gist/gistproc.c:1041:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((void *) r, (void *) &(in->boundbox), sizeof(BOX));
data/postgresql-12-12.4/src/backend/access/gist/gistsplit.c:379:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(evec->vector, entryvec->vector + FirstOffsetNumber,
data/postgresql-12-12.4/src/backend/access/gist/gistsplit.c:387:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(evec->vector, entryvec->vector + FirstOffsetNumber + v->spl_nleft,
data/postgresql-12-12.4/src/backend/access/gist/gistsplit.c:742:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(backupSplit.spl_left, v->splitVector.spl_left, sizeof(OffsetNumber) * v->splitVector.spl_nleft);
data/postgresql-12-12.4/src/backend/access/gist/gistsplit.c:744:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(backupSplit.spl_right, v->splitVector.spl_right, sizeof(OffsetNumber) * v->splitVector.spl_nright);
data/postgresql-12-12.4/src/backend/access/gist/gistutil.c:142:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr, vec[i], IndexTupleSize(vec[i]));
data/postgresql-12-12.4/src/backend/access/gist/gistutil.c:242:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		padding[2 * sizeof(GISTENTRY) + GEVHDRSZ];
data/postgresql-12-12.4/src/backend/access/gist/gistxlog.c:236:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(n, begin, sizeof(int));
data/postgresql-12-12.4/src/backend/access/gist/gistxlog.c:652:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		XLogRegisterBufData(0, (char *) (itup[i]), IndexTupleSize(itup[i]));
data/postgresql-12-12.4/src/backend/access/hash/hash_xlog.c:397:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&lowmask, data, sizeof(uint32));
data/postgresql-12-12.4/src/backend/access/hash/hash_xlog.c:413:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&ovflpoint, data, sizeof(uint32));
data/postgresql-12-12.4/src/backend/access/hash/hashovfl.c:672:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				XLogRegisterBufData(1, (char *) itups[i], tups_size[i]);
data/postgresql-12-12.4/src/backend/access/hash/hashovfl.c:972:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
							XLogRegisterBufData(1, (char *) itups[i], tups_size[i]);
data/postgresql-12-12.4/src/backend/access/hash/hashpage.c:1530:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(rel->rd_amcache, HashPageGetMeta(page),
data/postgresql-12-12.4/src/backend/access/heap/heapam.c:311:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(scan->rs_base.rs_key, key, scan->rs_base.rs_nkeys * sizeof(ScanKeyData));
data/postgresql-12-12.4/src/backend/access/heap/heapam.c:2283:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(scratchptr,
data/postgresql-12-12.4/src/backend/access/heap/heapam.c:5758:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((char *) htup + htup->t_hoff,
data/postgresql-12-12.4/src/backend/access/heap/heapam.c:8121:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		data[MaxHeapTupleSize];
data/postgresql-12-12.4/src/backend/access/heap/heapam.c:8178:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((char *) &xlhdr, data, SizeOfHeapHeader);
data/postgresql-12-12.4/src/backend/access/heap/heapam.c:8184:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((char *) htup + SizeofHeapTupleHeader,
data/postgresql-12-12.4/src/backend/access/heap/heapam.c:8239:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		data[MaxHeapTupleSize];
data/postgresql-12-12.4/src/backend/access/heap/heapam.c:8317:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy((char *) htup + SizeofHeapTupleHeader,
data/postgresql-12-12.4/src/backend/access/heap/heapam.c:8388:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		data[MaxHeapTupleSize];
data/postgresql-12-12.4/src/backend/access/heap/heapam.c:8530:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&prefixlen, recdata, sizeof(uint16));
data/postgresql-12-12.4/src/backend/access/heap/heapam.c:8536:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&suffixlen, recdata, sizeof(uint16));
data/postgresql-12-12.4/src/backend/access/heap/heapam.c:8540:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((char *) &xlhdr, recdata, SizeOfHeapHeader);
data/postgresql-12-12.4/src/backend/access/heap/heapam.c:8560:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(newp, recdata, len);
data/postgresql-12-12.4/src/backend/access/heap/heapam.c:8565:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(newp, (char *) oldtup.t_data + oldtup.t_data->t_hoff, prefixlen);
data/postgresql-12-12.4/src/backend/access/heap/heapam.c:8570:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(newp, recdata, len);
data/postgresql-12-12.4/src/backend/access/heap/heapam.c:8580:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(newp, recdata, tuplen);
data/postgresql-12-12.4/src/backend/access/heap/heapam.c:8588:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(newp, (char *) oldtup.t_data + oldtup.t_len - suffixlen, suffixlen);
data/postgresql-12-12.4/src/backend/access/heap/heapam.c:8837:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((char *) htup + htup->t_hoff, newtup, newlen);
data/postgresql-12-12.4/src/backend/access/heap/rewriteheap.c:209:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];	/* path, for error messages */
data/postgresql-12-12.4/src/backend/access/heap/rewriteheap.c:396:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&new_tuple->t_data->t_choice.t_heap,
data/postgresql-12-12.4/src/backend/access/heap/rewriteheap.c:917:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(waldata, &pmap->map, sizeof(pmap->map));
data/postgresql-12-12.4/src/backend/access/heap/rewriteheap.c:1011:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/heap/rewriteheap.c:1029:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(src->path, path, sizeof(path));
data/postgresql-12-12.4/src/backend/access/heap/rewriteheap.c:1040:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&pmap->map, map, sizeof(LogicalRewriteMappingData));
data/postgresql-12-12.4/src/backend/access/heap/rewriteheap.c:1134:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/heap/rewriteheap.c:1228:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH + 20];
data/postgresql-12-12.4/src/backend/access/heap/tuptoaster.c:134:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result, attr, VARSIZE_ANY(attr));
data/postgresql-12-12.4/src/backend/access/heap/tuptoaster.c:211:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(result, attr, VARSIZE_ANY(attr));
data/postgresql-12-12.4/src/backend/access/heap/tuptoaster.c:242:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(VARDATA(new_attr), VARDATA_SHORT(attr), data_size);
data/postgresql-12-12.4/src/backend/access/heap/tuptoaster.c:340:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(VARDATA(result), attrdata + sliceoffset, slicelength);
data/postgresql-12-12.4/src/backend/access/heap/tuptoaster.c:554:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		toast_action[MaxHeapAttributeNumber];
data/postgresql-12-12.4/src/backend/access/heap/tuptoaster.c:1036:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(new_data, olddata, SizeofHeapTupleHeader);
data/postgresql-12-12.4/src/backend/access/heap/tuptoaster.c:1252:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(new_data, tup, SizeofHeapTupleHeader);
data/postgresql-12-12.4/src/backend/access/heap/tuptoaster.c:1311:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(new_values, values, numAttrs * sizeof(Datum));
data/postgresql-12-12.4/src/backend/access/heap/tuptoaster.c:1475:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		data[TOAST_MAX_CHUNK_SIZE + VARHDRSZ];
data/postgresql-12-12.4/src/backend/access/heap/tuptoaster.c:1655:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(VARDATA(&chunk_data), data_p, chunk_size);
data/postgresql-12-12.4/src/backend/access/heap/tuptoaster.c:1706:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(VARDATA_EXTERNAL(result), &toast_pointer, sizeof(toast_pointer));
data/postgresql-12-12.4/src/backend/access/heap/tuptoaster.c:2002:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(VARDATA(result) + residx * TOAST_MAX_CHUNK_SIZE,
data/postgresql-12-12.4/src/backend/access/heap/tuptoaster.c:2234:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(VARDATA(result) +
data/postgresql-12-12.4/src/backend/access/nbtree/nbtpage.c:441:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(rel->rd_amcache, metad, sizeof(BTMetaPageData));
data/postgresql-12-12.4/src/backend/access/nbtree/nbtpage.c:617:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(rel->rd_amcache, metad, sizeof(BTMetaPageData));
data/postgresql-12-12.4/src/backend/access/nbtree/nbtpage.c:677:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(rel->rd_amcache, metad, sizeof(BTMetaPageData));
data/postgresql-12-12.4/src/backend/access/nbtree/nbtree.c:560:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&so->currPos, &so->markPos,
data/postgresql-12-12.4/src/backend/access/nbtree/nbtree.c:564:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(so->currTuples, so->markTuples,
data/postgresql-12-12.4/src/backend/access/nbtree/nbtsearch.c:1033:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(inskey.scankeys + i, subkey, sizeof(ScanKeyData));
data/postgresql-12-12.4/src/backend/access/nbtree/nbtsearch.c:1065:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(inskey.scankeys + keysCount, subkey,
data/postgresql-12-12.4/src/backend/access/nbtree/nbtsearch.c:1613:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(so->currTuples + so->currPos.nextTupleOffset, itup, itupsz);
data/postgresql-12-12.4/src/backend/access/nbtree/nbtsearch.c:1651:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&so->markPos, &so->currPos,
data/postgresql-12-12.4/src/backend/access/nbtree/nbtsearch.c:1655:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(so->markTuples, so->currTuples,
data/postgresql-12-12.4/src/backend/access/nbtree/nbtsort.c:1474:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(sharedquery, debug_query_string, querylen + 1);
data/postgresql-12-12.4/src/backend/access/nbtree/nbtutils.c:243:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(so->arrayKeyData,
data/postgresql-12-12.4/src/backend/access/nbtree/nbtutils.c:787:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(outkeys, cur, sizeof(ScanKeyData));
data/postgresql-12-12.4/src/backend/access/nbtree/nbtutils.c:932:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(outkey, xform[j], sizeof(ScanKeyData));
data/postgresql-12-12.4/src/backend/access/nbtree/nbtutils.c:957:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(outkey, cur, sizeof(ScanKeyData));
data/postgresql-12-12.4/src/backend/access/nbtree/nbtutils.c:1000:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(outkey, cur, sizeof(ScanKeyData));
data/postgresql-12-12.4/src/backend/access/nbtree/nbtutils.c:2177:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(tidpivot, pivot, IndexTupleSize(pivot));
data/postgresql-12-12.4/src/backend/access/nbtree/nbtutils.c:2195:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(pivot, firstright, IndexTupleSize(firstright));
data/postgresql-12-12.4/src/backend/access/nbtree/nbtxlog.c:60:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&itupdata, from, sizeof(IndexTupleData));
data/postgresql-12-12.4/src/backend/access/rmgrdesc/clogdesc.c:30:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&pageno, rec, sizeof(int));
data/postgresql-12-12.4/src/backend/access/rmgrdesc/clogdesc.c:37:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&xlrec, rec, sizeof(xl_clog_truncate));
data/postgresql-12-12.4/src/backend/access/rmgrdesc/committsdesc.c:31:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&pageno, rec, sizeof(int));
data/postgresql-12-12.4/src/backend/access/rmgrdesc/committsdesc.c:58:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(subxids,
data/postgresql-12-12.4/src/backend/access/rmgrdesc/gindesc.c:46:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&nitems, walbuf, sizeof(uint16));
data/postgresql-12-12.4/src/backend/access/rmgrdesc/mxactdesc.c:60:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&pageno, rec, sizeof(int));
data/postgresql-12-12.4/src/backend/access/rmgrdesc/xlogdesc.c:74:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&nextOid, rec, sizeof(Oid));
data/postgresql-12-12.4/src/backend/access/rmgrdesc/xlogdesc.c:91:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&startpoint, rec, sizeof(XLogRecPtr));
data/postgresql-12-12.4/src/backend/access/rmgrdesc/xlogdesc.c:101:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&xlrec, rec, sizeof(xl_parameter_change));
data/postgresql-12-12.4/src/backend/access/rmgrdesc/xlogdesc.c:131:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&fpw, rec, sizeof(bool));
data/postgresql-12-12.4/src/backend/access/rmgrdesc/xlogdesc.c:138:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&xlrec, rec, sizeof(xl_end_of_recovery));
data/postgresql-12-12.4/src/backend/access/spgist/spgdoinsert.c:151:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(sortednos, itemnos, sizeof(OffsetNumber) * nitems);
data/postgresql-12-12.4/src/backend/access/spgist/spgdoinsert.c:487:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(leafptr, it, it->size);
data/postgresql-12-12.4/src/backend/access/spgist/spgdoinsert.c:499:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(leafptr, newLeafTuple, newLeafTuple->size);
data/postgresql-12-12.4/src/backend/access/spgist/spgdoinsert.c:1215:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(leafptr, newLeafs[i], newLeafs[i]->size);
data/postgresql-12-12.4/src/backend/access/spgist/spgscan.c:115:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(item->distances, distances,
data/postgresql-12-12.4/src/backend/access/spgist/spgtextproc.c:121:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(p + VARHDRSZ_SHORT, data, datalen);
data/postgresql-12-12.4/src/backend/access/spgist/spgtextproc.c:126:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(p + VARHDRSZ, data, datalen);
data/postgresql-12-12.4/src/backend/access/spgist/spgtextproc.c:463:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(VARDATA(reconstrText),
data/postgresql-12-12.4/src/backend/access/spgist/spgtextproc.c:467:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(((char *) VARDATA(reconstrText)) + in->level,
data/postgresql-12-12.4/src/backend/access/spgist/spgtextproc.c:494:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			((unsigned char *) VARDATA(reconstrText))[maxReconstrLen - 1] = nodeChar;
data/postgresql-12-12.4/src/backend/access/spgist/spgtextproc.c:610:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(fullValue, VARDATA(reconstrValue), level);
data/postgresql-12-12.4/src/backend/access/spgist/spgtextproc.c:612:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(fullValue + level, VARDATA_ANY(leafValue),
data/postgresql-12-12.4/src/backend/access/spgist/spgutils.c:623:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(target, &datum, sizeof(Datum));
data/postgresql-12-12.4/src/backend/access/spgist/spgutils.c:628:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(target, DatumGetPointer(datum), size);
data/postgresql-12-12.4/src/backend/access/spgist/spgutils.c:779:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr, node, IndexTupleSize(node));
data/postgresql-12-12.4/src/backend/access/spgist/spgxlog.c:90:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&leafTupleHdr, leafTuple, sizeof(SpGistLeafTupleData));
data/postgresql-12-12.4/src/backend/access/spgist/spgxlog.c:234:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&leafTupleHdr, leafTuple,
data/postgresql-12-12.4/src/backend/access/spgist/spgxlog.c:301:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&innerTupleHdr, innerTuple, sizeof(SpGistInnerTupleData));
data/postgresql-12-12.4/src/backend/access/spgist/spgxlog.c:469:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&prefixTupleHdr, prefixTuple, sizeof(SpGistInnerTupleData));
data/postgresql-12-12.4/src/backend/access/spgist/spgxlog.c:473:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&postfixTupleHdr, postfixTuple, sizeof(SpGistInnerTupleData));
data/postgresql-12-12.4/src/backend/access/spgist/spgxlog.c:566:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&innerTupleHdr, innerTuple, sizeof(SpGistInnerTupleData));
data/postgresql-12-12.4/src/backend/access/spgist/spgxlog.c:660:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&leafTupleHdr, leafTuple, sizeof(SpGistLeafTupleData));
data/postgresql-12-12.4/src/backend/access/transam/clog.c:1008:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&pageno, XLogRecGetData(record), sizeof(int));
data/postgresql-12-12.4/src/backend/access/transam/clog.c:1022:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&xlrec, XLogRecGetData(record), sizeof(xl_clog_truncate));
data/postgresql-12-12.4/src/backend/access/transam/commit_ts.c:268:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(CommitTsCtl->shared->page_buffer[slotno] +
data/postgresql-12-12.4/src/backend/access/transam/commit_ts.c:346:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&entry,
data/postgresql-12-12.4/src/backend/access/transam/commit_ts.c:975:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&pageno, XLogRecGetData(record), sizeof(int));
data/postgresql-12-12.4/src/backend/access/transam/commit_ts.c:1010:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(subxids,
data/postgresql-12-12.4/src/backend/access/transam/generic_xlog.c:58:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		delta[MAX_DELTA_SIZE];	/* delta between page images */
data/postgresql-12-12.4/src/backend/access/transam/generic_xlog.c:98:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ptr, &offset, sizeof(offset));
data/postgresql-12-12.4/src/backend/access/transam/generic_xlog.c:100:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ptr, &length, sizeof(length));
data/postgresql-12-12.4/src/backend/access/transam/generic_xlog.c:102:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ptr, data, length);
data/postgresql-12-12.4/src/backend/access/transam/generic_xlog.c:253:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(tmp.data, curpage, BLCKSZ);
data/postgresql-12-12.4/src/backend/access/transam/generic_xlog.c:309:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(page->image, BufferGetPage(buffer), BLCKSZ);
data/postgresql-12-12.4/src/backend/access/transam/generic_xlog.c:366:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(page, pageData->image, pageHeader->pd_lower);
data/postgresql-12-12.4/src/backend/access/transam/generic_xlog.c:369:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(page + pageHeader->pd_upper,
data/postgresql-12-12.4/src/backend/access/transam/generic_xlog.c:385:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(page, pageData->image, pageHeader->pd_lower);
data/postgresql-12-12.4/src/backend/access/transam/generic_xlog.c:388:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(page + pageHeader->pd_upper,
data/postgresql-12-12.4/src/backend/access/transam/generic_xlog.c:422:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(BufferGetPage(pageData->buffer),
data/postgresql-12-12.4/src/backend/access/transam/generic_xlog.c:468:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(page + offset, ptr, length);
data/postgresql-12-12.4/src/backend/access/transam/multixact.c:1534:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(ptr, entry->members, size);
data/postgresql-12-12.4/src/backend/access/transam/multixact.c:1584:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(entry->members, members, nmembers * sizeof(MultiXactMember));
data/postgresql-12-12.4/src/backend/access/transam/multixact.c:3229:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&pageno, XLogRecGetData(record), sizeof(int));
data/postgresql-12-12.4/src/backend/access/transam/multixact.c:3244:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&pageno, XLogRecGetData(record), sizeof(int));
data/postgresql-12-12.4/src/backend/access/transam/multixact.c:3288:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&xlrec, XLogRecGetData(record),
data/postgresql-12-12.4/src/backend/access/transam/multixact.c:3377:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char	   *values[2];
data/postgresql-12-12.4/src/backend/access/transam/parallel.c:524:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(worker.bgw_library_name, "postgres");
data/postgresql-12-12.4/src/backend/access/transam/parallel.c:525:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(worker.bgw_function_name, "ParallelWorkerMain");
data/postgresql-12-12.4/src/backend/access/transam/parallel.c:539:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(worker.bgw_extra, &i, sizeof(int));
data/postgresql-12-12.4/src/backend/access/transam/parallel.c:1239:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&ParallelWorkerNumber, MyBgworkerEntry->bgw_extra, sizeof(int));
data/postgresql-12-12.4/src/backend/access/transam/slru.c:595:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/slru.c:651:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/slru.c:731:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/slru.c:903:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/slru.c:1266:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/slru.c:1282:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/timeline.c:51:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/timeline.c:52:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		histfname[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/access/transam/timeline.c:78:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/timeline.c:79:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		histfname[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/access/transam/timeline.c:126:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		fline[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/timeline.c:223:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/timeline.c:224:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		histfname[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/access/transam/timeline.c:306:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/timeline.c:307:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tmppath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/timeline.c:308:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		histfname[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/access/transam/timeline.c:309:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buffer[BLCKSZ];
data/postgresql-12-12.4/src/backend/access/transam/timeline.c:468:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/timeline.c:469:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tmppath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/twophase.c:173:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		gid[GIDSIZE];	/* The GID assigned to the prepared xact */
data/postgresql-12-12.4/src/backend/access/transam/twophase.c:524:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(proc->subxids.xids, children,
data/postgresql-12-12.4/src/backend/access/transam/twophase.c:693:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(array + i, TwoPhaseState->prepXacts[i],
data/postgresql-12-12.4/src/backend/access/transam/twophase.c:992:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(((char *) records.tail->data) + records.tail->len, data, len);
data/postgresql-12-12.4/src/backend/access/transam/twophase.c:1229:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/twophase.c:1417:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(*buf, XLogRecGetData(xlogreader), sizeof(char) * XLogRecGetDataLen(xlogreader));
data/postgresql-12-12.4/src/backend/access/transam/twophase.c:1654:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/twophase.c:1673:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xact.c:1585:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&s->parent->childXids[s->parent->nChildXids + 1],
data/postgresql-12-12.4/src/backend/access/transam/xact.c:5212:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&result->parallelCurrentXids[0], ParallelCurrentXids,
data/postgresql-12-12.4/src/backend/access/transam/xact.c:5236:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&workspace[i], s->childXids,
data/postgresql-12-12.4/src/backend/access/transam/xact.c:5247:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&result->parallelCurrentXids[0], workspace,
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:302:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char recoveryStopName[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:496:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pad[PG_CACHE_LINE_SIZE];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:552:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pad[PG_CACHE_LINE_SIZE];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:1428:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(replay_image_masked, page, BLCKSZ);
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:1512:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(currpos, rdata_data, freespace);
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:1547:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(currpos, rdata_data, rdata_len);
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:3211:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:3212:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tmppath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:3399:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:3400:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tmppath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:3546:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:3603:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:3627:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		xlogfname[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:3628:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		activitymsg[MAXFNAMELEN + 16];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:3629:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:3709:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:3886:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		filename[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:3952:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:3976:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		lastoff[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:4043:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		switchseg[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:4098:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:4100:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		newpath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:4201:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:4242:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH + sizeof(XLOGDIR)];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:4321:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		fname[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:4527:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buffer[PG_CONTROL_FILE_SIZE];	/* need not be aligned */
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:4576:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffer, ControlFile, sizeof(ControlFileData));
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:4620:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char wal_segsz_str[20];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:4984:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		buf[32];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:5067:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ControlFile, localControlFile, sizeof(ControlFileData));
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:5136:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		mock_auth_nonce[MOCK_AUTH_NONCE_LEN];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:5232:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(recptr, &checkPoint, sizeof(checkPoint));
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:5279:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ControlFile->mock_authentication_nonce, mock_auth_nonce, MOCK_AUTH_NONCE_LEN);
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:5319:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[128];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:5503:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		xlogfname[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:6437:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&checkPoint, XLogRecGetData(xlogreader), sizeof(CheckPoint));
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:6586:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&checkPoint, XLogRecGetData(xlogreader), sizeof(CheckPoint));
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:7190:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
						memcpy(&checkPoint, XLogRecGetData(xlogreader), sizeof(CheckPoint));
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:7198:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
						memcpy(&xlrec, XLogRecGetData(xlogreader), sizeof(xl_end_of_recovery));
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:7476:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		reason[200];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:7477:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		recoveryPath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:7580:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(page, xlogreader->readBuf, len);
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:7721:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		origfname[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:7729:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char		origpath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:7730:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char		partialfname[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:7731:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char		partialpath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:9701:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&nextOid, XLogRecGetData(record), sizeof(Oid));
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:9711:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&checkPoint, XLogRecGetData(record), sizeof(CheckPoint));
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:9806:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&checkPoint, XLogRecGetData(record), sizeof(CheckPoint));
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:9862:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&xlrec, XLogRecGetData(record), sizeof(xl_end_of_recovery));
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:9954:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&xlrec, XLogRecGetData(record), sizeof(xl_parameter_change));
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:9998:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&fpw, XLogRecGetData(record), sizeof(bool));
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:10283:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		strfbuf[128];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:10284:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		xlogfilename[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:10499:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		fullpath[MAXPGPATH + 10];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:10500:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		linkpath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:10799:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		strfbuf[128];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:10800:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		histfilepath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:10801:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		startxlogfilename[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:10802:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		stopxlogfilename[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:10803:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		lastxlogfilename[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:10804:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		histfilename[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:10805:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		backupfrom[20];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:11327:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		startxlogfilename[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:11332:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		backuptype[20];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:11333:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		backupfrom[20];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:11334:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		backuplabel[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:11335:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		backuptime[128];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:11453:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tbsoid[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:11455:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		str[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:11737:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		fname[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:55:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		xlogpath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:56:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		xlogRestoreCmd[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:57:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		lastRestartPointFname[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:333:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		xlogRecoveryCmd[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:334:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		lastRestartPointFname[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:427:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		xlogfpath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:435:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		oldpath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:513:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		archiveStatusPath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:547:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		xlog[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:563:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		archiveReady[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:564:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		archiveDone[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:618:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		archiveStatusPath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:672:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		archiveStatusPath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:717:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		archiveStatusPath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:747:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		archiveStatusPath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:765:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		archiveStatusPath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlogfuncs.c:444:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		xlogfilename[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/access/transam/xlogfuncs.c:506:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		xlogfilename[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/access/transam/xlogfuncs.c:638:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fline[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlogfuncs.c:639:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		backup_start_time[30];
data/postgresql-12-12.4/src/backend/access/transam/xloginsert.c:60:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		compressed_page[PGLZ_MAX_BLCKSZ];
data/postgresql-12-12.4/src/backend/access/transam/xloginsert.c:715:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(scratch, &bkpb, SizeOfXLogRecordBlockHeader);
data/postgresql-12-12.4/src/backend/access/transam/xloginsert.c:719:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(scratch, &bimg, SizeOfXLogRecordBlockImageHeader);
data/postgresql-12-12.4/src/backend/access/transam/xloginsert.c:723:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(scratch, &cbimg,
data/postgresql-12-12.4/src/backend/access/transam/xloginsert.c:730:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(scratch, &regbuf->rnode, sizeof(RelFileNode));
data/postgresql-12-12.4/src/backend/access/transam/xloginsert.c:733:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(scratch, &regbuf->block, sizeof(BlockNumber));
data/postgresql-12-12.4/src/backend/access/transam/xloginsert.c:742:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(scratch, &replorigin_session_origin, sizeof(replorigin_session_origin));
data/postgresql-12-12.4/src/backend/access/transam/xloginsert.c:752:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(scratch, &mainrdata_len, sizeof(uint32));
data/postgresql-12-12.4/src/backend/access/transam/xloginsert.c:818:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(source, page, hole_offset);
data/postgresql-12-12.4/src/backend/access/transam/xloginsert.c:819:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(source + hole_offset,
data/postgresql-12-12.4/src/backend/access/transam/xloginsert.c:938:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(copied_buffer.data, origdata, lower);
data/postgresql-12-12.4/src/backend/access/transam/xloginsert.c:939:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(copied_buffer.data + upper, origdata + upper, BLCKSZ - upper);
data/postgresql-12-12.4/src/backend/access/transam/xloginsert.c:942:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(copied_buffer.data, origdata, BLCKSZ);
data/postgresql-12-12.4/src/backend/access/transam/xlogreader.c:379:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(state->readRecordBuf,
data/postgresql-12-12.4/src/backend/access/transam/xlogreader.c:441:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(buffer, (char *) contdata, len);
data/postgresql-12-12.4/src/backend/access/transam/xlogreader.c:753:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		fname[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/access/transam/xlogreader.c:767:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		fname[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/access/transam/xlogreader.c:786:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		fhdrident_str[32];
data/postgresql-12-12.4/src/backend/access/transam/xlogreader.c:787:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		sysident_str[32];
data/postgresql-12-12.4/src/backend/access/transam/xlogreader.c:817:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		fname[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/access/transam/xlogreader.c:837:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		fname[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/access/transam/xlogreader.c:862:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		fname[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/access/transam/xlogreader.c:1050:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(_dst, ptr, _size);				\
data/postgresql-12-12.4/src/backend/access/transam/xlogreader.c:1303:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(blk->data, ptr, blk->data_len);
data/postgresql-12-12.4/src/backend/access/transam/xlogreader.c:1333:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(state->main_data, ptr, state->main_data_len);
data/postgresql-12-12.4/src/backend/access/transam/xlogreader.c:1442:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(page, ptr, BLCKSZ);
data/postgresql-12-12.4/src/backend/access/transam/xlogreader.c:1446:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(page, ptr, bkpb->hole_offset);
data/postgresql-12-12.4/src/backend/access/transam/xlogreader.c:1449:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(page + (bkpb->hole_offset + bkpb->hole_length),
data/postgresql-12-12.4/src/backend/access/transam/xlogutils.c:570:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(RelationGetRelationName(rel), "%u", rnode.relNode);
data/postgresql-12-12.4/src/backend/access/transam/xlogutils.c:687:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlogutils.c:720:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/access/transam/xlogutils.c:744:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/bootstrap/bootparse.c:1037:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/postgresql-12-12.4/src/backend/bootstrap/bootparse.c:1226:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char yymsgbuf[128];
data/postgresql-12-12.4/src/backend/bootstrap/bootstrap.c:91:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		name[NAMEDATALEN];
data/postgresql-12-12.4/src/backend/bootstrap/bootstrap.c:262:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				MyAuxProcType = atoi(optarg);
data/postgresql-12-12.4/src/backend/bootstrap/bootstrap.c:626:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy((char *) &(*app)->am_typ,
data/postgresql-12-12.4/src/backend/bootstrap/bootstrap.c:647:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		memmove((char *) attrtypes[i],
data/postgresql-12-12.4/src/backend/bootstrap/bootstrap.c:1102:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newind->il_info, indexInfo, sizeof(IndexInfo));
data/postgresql-12-12.4/src/backend/catalog/aclchk.c:2768:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		loname[NAMEDATALEN];
data/postgresql-12-12.4/src/backend/catalog/heap.c:851:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&attStruct, SysAtt[i], sizeof(FormData_pg_attribute));
data/postgresql-12-12.4/src/backend/catalog/heap.c:1619:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		newattname[NAMEDATALEN];
data/postgresql-12-12.4/src/backend/catalog/namespace.c:1114:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(newResult->args, procform->proargtypes.values,
data/postgresql-12-12.4/src/backend/catalog/namespace.c:3286:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		result = atoi(nspname + 8);
data/postgresql-12-12.4/src/backend/catalog/namespace.c:3288:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		result = atoi(nspname + 14);
data/postgresql-12-12.4/src/backend/catalog/namespace.c:3894:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		namespaceName[NAMEDATALEN];
data/postgresql-12-12.4/src/backend/catalog/objectaddress.c:1628:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	membernum = atoi(strVal(llast(linitial(object))));
data/postgresql-12-12.4/src/backend/catalog/objectaddress.c:1873:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	objtype = ((char *) strVal(linitial(object)))[0];
data/postgresql-12-12.4/src/backend/catalog/pg_aggregate.c:223:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(fnArgs + 1, aggArgTypes + (numArgs - (nargs_transfn - 1)),
data/postgresql-12-12.4/src/backend/catalog/pg_aggregate.c:230:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(fnArgs + 1, aggArgTypes, numArgs * sizeof(Oid));
data/postgresql-12-12.4/src/backend/catalog/pg_aggregate.c:373:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(fnArgs + 1, aggArgTypes, numArgs * sizeof(Oid));
data/postgresql-12-12.4/src/backend/catalog/pg_aggregate.c:531:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(fnArgs + 1, aggArgTypes, numArgs * sizeof(Oid));
data/postgresql-12-12.4/src/backend/catalog/pg_constraint.c:492:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		modlabel[NAMEDATALEN];
data/postgresql-12-12.4/src/backend/catalog/pg_constraint.c:1194:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(conkey, ARR_DATA_PTR(arr), numkeys * sizeof(int16));
data/postgresql-12-12.4/src/backend/catalog/pg_constraint.c:1208:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(confkey, ARR_DATA_PTR(arr), numkeys * sizeof(int16));
data/postgresql-12-12.4/src/backend/catalog/pg_constraint.c:1225:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(pf_eq_oprs, ARR_DATA_PTR(arr), numkeys * sizeof(Oid));
data/postgresql-12-12.4/src/backend/catalog/pg_constraint.c:1242:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(pp_eq_oprs, ARR_DATA_PTR(arr), numkeys * sizeof(Oid));
data/postgresql-12-12.4/src/backend/catalog/pg_constraint.c:1259:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ff_eq_oprs, ARR_DATA_PTR(arr), numkeys * sizeof(Oid));
data/postgresql-12-12.4/src/backend/catalog/pg_type.c:804:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(arr + i, typeName, NAMEDATALEN - i);
data/postgresql-12-12.4/src/backend/catalog/toasting.c:140:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		toast_relname[NAMEDATALEN];
data/postgresql-12-12.4/src/backend/catalog/toasting.c:141:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		toast_idxname[NAMEDATALEN];
data/postgresql-12-12.4/src/backend/commands/alter.c:972:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char		namebuf[NAMEDATALEN];
data/postgresql-12-12.4/src/backend/commands/analyze.c:901:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(stats->attr, attr, ATTRIBUTE_FIXED_PART_SIZE);
data/postgresql-12-12.4/src/backend/commands/async.c:172:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		data[NAMEDATALEN + NOTIFY_PAYLOAD_MAX_LENGTH];
data/postgresql-12-12.4/src/backend/commands/async.c:317:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		channel[FLEXIBLE_ARRAY_MEMBER]; /* nul-terminated string */
data/postgresql-12-12.4/src/backend/commands/async.c:1301:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(qe->data, n->channel, channellen + 1);
data/postgresql-12-12.4/src/backend/commands/async.c:1302:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(qe->data + channellen + 1, n->payload, payloadlen + 1);
data/postgresql-12-12.4/src/backend/commands/async.c:1381:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(AsyncCtl->shared->page_buffer[slotno] + offset,
data/postgresql-12-12.4/src/backend/commands/async.c:1759:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		buf[QUEUE_PAGESIZE];
data/postgresql-12-12.4/src/backend/commands/async.c:1845:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(page_buffer.buf + curoffset,
data/postgresql-12-12.4/src/backend/commands/cluster.c:645:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		NewHeapName[NAMEDATALEN];
data/postgresql-12-12.4/src/backend/commands/cluster.c:1489:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		NewToastName[NAMEDATALEN];
data/postgresql-12-12.4/src/backend/commands/collationcmds.c:462:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[ULOC_FULLNAME_CAPACITY];
data/postgresql-12-12.4/src/backend/commands/collationcmds.c:536:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		localebuf[NAMEDATALEN]; /* we assume ASCII so this is fine */
data/postgresql-12-12.4/src/backend/commands/collationcmds.c:560:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		alias[NAMEDATALEN];
data/postgresql-12-12.4/src/backend/commands/conversioncmds.c:48:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		result[1];
data/postgresql-12-12.4/src/backend/commands/copy.c:351:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char BinarySignature[11] = "PGCOPY\n\377\r\n\0";
data/postgresql-12-12.4/src/backend/commands/copy.c:2243:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		curlineno_str[32];
data/postgresql-12-12.4/src/backend/commands/copy.c:2339:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(res, str, len);
data/postgresql-12-12.4/src/backend/commands/copy.c:2340:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(res + len, "...");
data/postgresql-12-12.4/src/backend/commands/copy.c:3572:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		readSig[11];
data/postgresql-12-12.4/src/backend/commands/copy.c:3990:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		mblen_str[2];
data/postgresql-12-12.4/src/backend/commands/event_trigger.c:1846:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(icopy, istmt, sizeof(InternalGrant));
data/postgresql-12-12.4/src/backend/commands/event_trigger.c:1958:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(command->d.atscfg.dictIds, dictIds, sizeof(Oid) * ndicts);
data/postgresql-12-12.4/src/backend/commands/explain.c:2828:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		param[32];
data/postgresql-12-12.4/src/backend/commands/explain.c:3608:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[32];
data/postgresql-12-12.4/src/backend/commands/extension.c:373:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sharepath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/commands/extension.c:386:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sharepath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/commands/extension.c:410:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sharepath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/commands/extension.c:691:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(acontrol, pcontrol, sizeof(ExtensionControlFile));
data/postgresql-12-12.4/src/backend/commands/functioncmds.c:2357:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(nexpr, fexpr, sizeof(FuncExpr));
data/postgresql-12-12.4/src/backend/commands/indexcmds.c:1113:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(part_oids, partdesc->oids, sizeof(Oid) * nparts);
data/postgresql-12-12.4/src/backend/commands/indexcmds.c:2162:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(name, name1, name1chars);
data/postgresql-12-12.4/src/backend/commands/indexcmds.c:2167:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(name + ndx, name2, name2chars);
data/postgresql-12-12.4/src/backend/commands/indexcmds.c:2212:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		modlabel[NAMEDATALEN];
data/postgresql-12-12.4/src/backend/commands/indexcmds.c:2299:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[NAMEDATALEN * 2];
data/postgresql-12-12.4/src/backend/commands/indexcmds.c:2342:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		buf[NAMEDATALEN];
data/postgresql-12-12.4/src/backend/commands/indexcmds.c:2357:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		nbuf[32];
data/postgresql-12-12.4/src/backend/commands/indexcmds.c:2368:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(nbuf, "%d", i);
data/postgresql-12-12.4/src/backend/commands/indexcmds.c:2373:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(buf, origname, nlen);
data/postgresql-12-12.4/src/backend/commands/sequence.c:704:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char		buf[100];
data/postgresql-12-12.4/src/backend/commands/sequence.c:727:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char		buf[100];
data/postgresql-12-12.4/src/backend/commands/sequence.c:954:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		bufv[100],
data/postgresql-12-12.4/src/backend/commands/sequence.c:1468:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		bufx[100];
data/postgresql-12-12.4/src/backend/commands/sequence.c:1505:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		bufm[100];
data/postgresql-12-12.4/src/backend/commands/sequence.c:1518:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		bufm[100],
data/postgresql-12-12.4/src/backend/commands/sequence.c:1545:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		bufs[100],
data/postgresql-12-12.4/src/backend/commands/sequence.c:1557:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		bufs[100],
data/postgresql-12-12.4/src/backend/commands/sequence.c:1587:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		bufs[100],
data/postgresql-12-12.4/src/backend/commands/sequence.c:1599:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		bufs[100],
data/postgresql-12-12.4/src/backend/commands/sequence.c:1616:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		buf[100];
data/postgresql-12-12.4/src/backend/commands/sequence.c:1925:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(page, localpage, BufferGetPageSize(buffer));
data/postgresql-12-12.4/src/backend/commands/statscmds.c:571:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		modlabel[NAMEDATALEN];
data/postgresql-12-12.4/src/backend/commands/statscmds.c:610:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[NAMEDATALEN * 2];
data/postgresql-12-12.4/src/backend/commands/subscriptioncmds.c:332:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		originname[NAMEDATALEN];
data/postgresql-12-12.4/src/backend/commands/subscriptioncmds.c:848:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		originname[NAMEDATALEN];
data/postgresql-12-12.4/src/backend/commands/tablecmds.c:564:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		relname[NAMEDATALEN];
data/postgresql-12-12.4/src/backend/commands/tablecmds.c:5024:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(newslot->tts_values, oldslot->tts_values,
data/postgresql-12-12.4/src/backend/commands/tablecmds.c:5026:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(newslot->tts_isnull, oldslot->tts_isnull,
data/postgresql-12-12.4/src/backend/commands/tablecmds.c:7596:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[NAMEDATALEN * 2];
data/postgresql-12-12.4/src/backend/commands/tablecmds.c:15327:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		partattname[16];
data/postgresql-12-12.4/src/backend/commands/tablespace.c:1288:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(myextra->tblSpcs, tblSpcs, numSpcs * sizeof(Oid));
data/postgresql-12-12.4/src/backend/commands/trigger.c:185:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		internaltrigname[NAMEDATALEN];
data/postgresql-12-12.4/src/backend/commands/trigger.c:894:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(d, "\\000");
data/postgresql-12-12.4/src/backend/commands/trigger.c:1247:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static const char *const funcdescr[3] = {
data/postgresql-12-12.4/src/backend/commands/trigger.c:1998:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(build->tgattr, &(pg_trigger->tgattr.values),
data/postgresql-12-12.4/src/backend/commands/trigger.c:2168:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newdesc, trigdesc, sizeof(TriggerDesc));
data/postgresql-12-12.4/src/backend/commands/trigger.c:2171:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(trigger, trigdesc->triggers,
data/postgresql-12-12.4/src/backend/commands/trigger.c:2183:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(newattr, trigger->tgattr,
data/postgresql-12-12.4/src/backend/commands/trigger.c:4052:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newevent, event, eventsize);
data/postgresql-12-12.4/src/backend/commands/trigger.c:5294:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(state->trigstates, origstate->trigstates,
data/postgresql-12-12.4/src/backend/commands/typecmds.c:1622:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static const char *const prosrc[2] = {"range_constructor2",
data/postgresql-12-12.4/src/backend/commands/variable.c:191:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(result, "ISO");
data/postgresql-12-12.4/src/backend/commands/variable.c:194:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(result, "SQL");
data/postgresql-12-12.4/src/backend/commands/variable.c:197:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(result, "German");
data/postgresql-12-12.4/src/backend/commands/variable.c:200:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(result, "Postgres");
data/postgresql-12-12.4/src/backend/commands/variable.c:206:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(result, ", YMD");
data/postgresql-12-12.4/src/backend/commands/variable.c:209:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(result, ", DMY");
data/postgresql-12-12.4/src/backend/commands/variable.c:212:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(result, ", MDY");
data/postgresql-12-12.4/src/backend/executor/execExpr.c:2137:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&es->steps[es->steps_len++], s, sizeof(ExprEvalStep));
data/postgresql-12-12.4/src/backend/executor/execExprInterp.c:2654:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(elem_dims, ARR_DIMS(array), elem_ndims * sizeof(int));
data/postgresql-12-12.4/src/backend/executor/execExprInterp.c:2656:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(elem_lbs, ARR_LBOUND(array), elem_ndims * sizeof(int));
data/postgresql-12-12.4/src/backend/executor/execExprInterp.c:2729:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ARR_DIMS(result), dims, ndims * sizeof(int));
data/postgresql-12-12.4/src/backend/executor/execExprInterp.c:2730:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ARR_LBOUND(result), lbs, ndims * sizeof(int));
data/postgresql-12-12.4/src/backend/executor/execExprInterp.c:2736:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(dat, subdata[i], subbytes[i]);
data/postgresql-12-12.4/src/backend/executor/execMain.c:2367:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		resname[32];
data/postgresql-12-12.4/src/backend/executor/execMain.c:2806:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(resultRelInfos, parentestate->es_result_relations,
data/postgresql-12-12.4/src/backend/executor/execMain.c:2816:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(resultRelInfos, parentestate->es_root_result_relations,
data/postgresql-12-12.4/src/backend/executor/execParallel.c:355:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(start_address, &nparams, sizeof(int));
data/postgresql-12-12.4/src/backend/executor/execParallel.c:371:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(start_address, &paramid, sizeof(int));
data/postgresql-12-12.4/src/backend/executor/execParallel.c:400:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&nparams, start_address, sizeof(int));
data/postgresql-12-12.4/src/backend/executor/execParallel.c:408:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&paramid, start_address, sizeof(int));
data/postgresql-12-12.4/src/backend/executor/execParallel.c:710:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(query_string, estate->es_sourceText, query_len + 1);
data/postgresql-12-12.4/src/backend/executor/execParallel.c:715:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pstmt_space, pstmt_data, pstmt_len);
data/postgresql-12-12.4/src/backend/executor/execParallel.c:1010:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&planstate->worker_instrument->instrument, instrument, ibytes);
data/postgresql-12-12.4/src/backend/executor/execParallel.c:1065:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(planstate->worker_jit_instrument, shared_jit, ibytes);
data/postgresql-12-12.4/src/backend/executor/execPartition.c:1654:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(pprune->subplan_map, pinfo->subplan_map,
data/postgresql-12-12.4/src/backend/executor/execTuples.c:235:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(data, DatumGetPointer(val), data_length);
data/postgresql-12-12.4/src/backend/executor/execTuples.c:784:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&bdstslot->base.tupdata, bdstslot->base.tuple, sizeof(HeapTupleData));
data/postgresql-12-12.4/src/backend/executor/execTuples.c:2265:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(slot->tts_values, values, natts * sizeof(Datum));
data/postgresql-12-12.4/src/backend/executor/execTuples.c:2266:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(slot->tts_isnull, isnull, natts * sizeof(bool));
data/postgresql-12-12.4/src/backend/executor/functions.c:211:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(argOidVect,
data/postgresql-12-12.4/src/backend/executor/nodeGather.c:198:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(node->reader, node->pei->reader,
data/postgresql-12-12.4/src/backend/executor/nodeGatherMerge.c:239:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(node->reader, node->pei->reader,
data/postgresql-12-12.4/src/backend/executor/nodeHash.c:1000:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(copyTuple, hashTuple, hashTupleSize);
data/postgresql-12-12.4/src/backend/executor/nodeHash.c:1309:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(HJTUPLE_MINTUPLE(copyTuple), tuple, tuple->t_len);
data/postgresql-12-12.4/src/backend/executor/nodeHash.c:1624:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(HJTUPLE_MINTUPLE(hashTuple), tuple, tuple->t_len);
data/postgresql-12-12.4/src/backend/executor/nodeHash.c:1712:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(HJTUPLE_MINTUPLE(hashTuple), tuple, tuple->t_len);
data/postgresql-12-12.4/src/backend/executor/nodeHash.c:1766:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(HJTUPLE_MINTUPLE(hashTuple), tuple, tuple->t_len);
data/postgresql-12-12.4/src/backend/executor/nodeHash.c:2431:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(HJTUPLE_MINTUPLE(hashTuple), tuple, tuple->t_len);
data/postgresql-12-12.4/src/backend/executor/nodeHash.c:2511:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(copyTuple, hashTuple, tupleSize);
data/postgresql-12-12.4/src/backend/executor/nodeHash.c:2659:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(node->shared_info, shared_info, size);
data/postgresql-12-12.4/src/backend/executor/nodeHash.c:2938:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		name[MAXPGPATH];
data/postgresql-12-12.4/src/backend/executor/nodeModifyTable.c:297:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(nulls, slot->tts_isnull, sizeof(*nulls) * natts);
data/postgresql-12-12.4/src/backend/executor/nodeModifyTable.c:332:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(slot->tts_values, values, sizeof(*values) * natts);
data/postgresql-12-12.4/src/backend/executor/nodeModifyTable.c:333:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(slot->tts_isnull, nulls, sizeof(*nulls) * natts);
data/postgresql-12-12.4/src/backend/executor/nodeSort.c:427:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(si, node->shared_info, size);
data/postgresql-12-12.4/src/backend/executor/spi.c:1707:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[64];
data/postgresql-12-12.4/src/backend/executor/spi.c:1769:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buf, "Unrecognized SPI code %d", code);
data/postgresql-12-12.4/src/backend/executor/spi.c:2302:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char		completionTag[COMPLETION_TAG_BUFSIZE];
data/postgresql-12-12.4/src/backend/executor/spi.c:2745:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(newplan->argtypes, plan->argtypes, plan->nargs * sizeof(Oid));
data/postgresql-12-12.4/src/backend/executor/spi.c:2809:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(newplan->argtypes, plan->argtypes, plan->nargs * sizeof(Oid));
data/postgresql-12-12.4/src/backend/foreign/foreign.c:440:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(cfdwroutine, fdwroutine, sizeof(FdwRoutine));
data/postgresql-12-12.4/src/backend/foreign/foreign.c:451:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(fdwroutine, relation->rd_fdwroutine, sizeof(FdwRoutine));
data/postgresql-12-12.4/src/backend/foreign/foreign.c:772:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(hash_path, path, sizeof(HashPath));
data/postgresql-12-12.4/src/backend/foreign/foreign.c:781:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(nest_path, path, sizeof(NestPath));
data/postgresql-12-12.4/src/backend/foreign/foreign.c:790:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(merge_path, path, sizeof(MergePath));
data/postgresql-12-12.4/src/backend/jit/jit.c:73:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/jit/llvm/llvmjit.c:779:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/jit/llvm/llvmjit_inline.cpp:485:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/lib/bloomfilter.c:51:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char bitset[FLEXIBLE_ARRAY_MEMBER];
data/postgresql-12-12.4/src/backend/lib/dshash.c:817:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ENTRY_FROM_ITEM(item), key, hash_table->params.key_size);
data/postgresql-12-12.4/src/backend/lib/rbtree.c:129:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dest + 1, src + 1, rbt->node_size - sizeof(RBTNode));
data/postgresql-12-12.4/src/backend/lib/stringinfo.c:222:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(str->data + str->len, data, datalen);
data/postgresql-12-12.4/src/backend/lib/stringinfo.c:248:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(str->data + str->len, data, datalen);
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:142:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		ClientProof[SCRAM_KEY_LEN];
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:455:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		saltbuf[SCRAM_DEFAULT_SALT_LEN];
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:614:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(stored_key, decoded_stored_buf, SCRAM_KEY_LEN);
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:621:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(server_key, decoded_server_buf, SCRAM_KEY_LEN);
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:734:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[5];
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:754:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[30 + 1];
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:1139:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		raw_nonce[SCRAM_RAW_NONCE_LEN];
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:1235:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(cbind_input + cbind_header_len, cbind_data, cbind_data_len);
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:1285:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(state->ClientProof, client_proof, SCRAM_KEY_LEN);
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:1295:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(state->client_final_message_without_proof, input, proof - begin);
data/postgresql-12-12.4/src/backend/libpq/auth.c:413:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char		hostinfo[NI_MAXHOST];
data/postgresql-12-12.4/src/backend/libpq/auth.c:466:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char		hostinfo[NI_MAXHOST];
data/postgresql-12-12.4/src/backend/libpq/auth.c:850:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		md5Salt[4];		/* Password salt */
data/postgresql-12-12.4/src/backend/libpq/auth.c:1310:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sysmsg[256];
data/postgresql-12-12.4/src/backend/libpq/auth.c:1343:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		accountname[MAXPGPATH];
data/postgresql-12-12.4/src/backend/libpq/auth.c:1344:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		domainname[MAXPGPATH];
data/postgresql-12-12.4/src/backend/libpq/auth.c:1486:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(sspictx, &newctx, sizeof(CtxtHandle));
data/postgresql-12-12.4/src/backend/libpq/auth.c:1746:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		response_type[80];
data/postgresql-12-12.4/src/backend/libpq/auth.c:1816:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		ident_user[IDENT_USERNAME_MAX + 1];
data/postgresql-12-12.4/src/backend/libpq/auth.c:1820:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		remote_addr_s[NI_MAXHOST];
data/postgresql-12-12.4/src/backend/libpq/auth.c:1821:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		remote_port[NI_MAXSERV];
data/postgresql-12-12.4/src/backend/libpq/auth.c:1822:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		local_addr_s[NI_MAXHOST];
data/postgresql-12-12.4/src/backend/libpq/auth.c:1823:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		local_port[NI_MAXSERV];
data/postgresql-12-12.4/src/backend/libpq/auth.c:1824:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		ident_port[NI_MAXSERV];
data/postgresql-12-12.4/src/backend/libpq/auth.c:1825:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		ident_query[80];
data/postgresql-12-12.4/src/backend/libpq/auth.c:1826:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		ident_response[80 + IDENT_USERNAME_MAX];
data/postgresql-12-12.4/src/backend/libpq/auth.c:1988:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		ident_user[IDENT_USERNAME_MAX + 1];
data/postgresql-12-12.4/src/backend/libpq/auth.c:2193:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		hostinfo[NI_MAXHOST];
data/postgresql-12-12.4/src/backend/libpq/auth.c:2914:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pad[RADIUS_BUFFER_SIZE - RADIUS_VECTOR_LENGTH];
data/postgresql-12-12.4/src/backend/libpq/auth.c:2956:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(attr->data, data, len);
data/postgresql-12-12.4/src/backend/libpq/auth.c:3096:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	port = atoi(portstr);
data/postgresql-12-12.4/src/backend/libpq/auth.c:3133:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(cryptvector, secret, strlen(secret));
data/postgresql-12-12.4/src/backend/libpq/auth.c:3139:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(cryptvector + strlen(secret), md5trailer, RADIUS_VECTOR_LENGTH);
data/postgresql-12-12.4/src/backend/libpq/auth.c:3342:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(cryptvector, receivepacket, 4);	/* code+id+length */
data/postgresql-12-12.4/src/backend/libpq/auth.c:3343:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(cryptvector + 4, packet->vector, RADIUS_VECTOR_LENGTH);	/* request
data/postgresql-12-12.4/src/backend/libpq/auth.c:3348:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(cryptvector + RADIUS_HEADER_LENGTH, receive_buffer + RADIUS_HEADER_LENGTH, packetlength - RADIUS_HEADER_LENGTH);
data/postgresql-12-12.4/src/backend/libpq/auth.c:3349:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(cryptvector + packetlength, secret, strlen(secret));
data/postgresql-12-12.4/src/backend/libpq/be-fsstubs.c:417:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[BUFSIZE];
data/postgresql-12-12.4/src/backend/libpq/be-fsstubs.c:418:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fnamebuf[MAXPGPATH];
data/postgresql-12-12.4/src/backend/libpq/be-fsstubs.c:480:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[BUFSIZE];
data/postgresql-12-12.4/src/backend/libpq/be-fsstubs.c:481:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fnamebuf[MAXPGPATH];
data/postgresql-12-12.4/src/backend/libpq/be-gssapi-common.c:58:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		msg_major[128],
data/postgresql-12-12.4/src/backend/libpq/be-secure-gssapi.c:213:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(PqGSSSendBuffer + PqGSSSendLength, &netlen, sizeof(uint32));
data/postgresql-12-12.4/src/backend/libpq/be-secure-gssapi.c:216:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(PqGSSSendBuffer + PqGSSSendLength, output.value, output.length);
data/postgresql-12-12.4/src/backend/libpq/be-secure-gssapi.c:272:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy((char *) ptr + bytes_returned, PqGSSResultBuffer + PqGSSResultNext, bytes_to_copy);
data/postgresql-12-12.4/src/backend/libpq/be-secure-gssapi.c:371:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(PqGSSResultBuffer, output.value, output.length);
data/postgresql-12-12.4/src/backend/libpq/be-secure-gssapi.c:578:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(PqGSSSendBuffer, (char *) &netlen, sizeof(uint32));
data/postgresql-12-12.4/src/backend/libpq/be-secure-gssapi.c:581:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(PqGSSSendBuffer + PqGSSSendLength, output.value, output.length);
data/postgresql-12-12.4/src/backend/libpq/be-secure-openssl.c:767:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(my_bio_methods, biom, sizeof(BIO_METHOD));
data/postgresql-12-12.4/src/backend/libpq/be-secure-openssl.c:1083:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char errbuf[36];
data/postgresql-12-12.4/src/backend/libpq/be-secure-openssl.c:1181:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char hash[EVP_MAX_MD_SIZE];	/* size for SHA-512 */
data/postgresql-12-12.4/src/backend/libpq/be-secure-openssl.c:1223:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(cert_hash, hash, hash_size);
data/postgresql-12-12.4/src/backend/libpq/crypt.c:175:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		crypt_pwd[MD5_PASSWD_LEN + 1];
data/postgresql-12-12.4/src/backend/libpq/crypt.c:229:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		crypt_client_pass[MD5_PASSWD_LEN + 1];
data/postgresql-12-12.4/src/backend/libpq/hba.c:298:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(hbatoken->string, token, toklen + 1);
data/postgresql-12-12.4/src/backend/libpq/hba.c:333:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[MAX_TOKEN];
data/postgresql-12-12.4/src/backend/libpq/hba.c:485:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		rawline[MAX_LINE];
data/postgresql-12-12.4/src/backend/libpq/hba.c:707:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		remote_hostname[NI_MAXHOST];
data/postgresql-12-12.4/src/backend/libpq/hba.c:1169:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&parsedline->addr, gai_result->ai_addr,
data/postgresql-12-12.4/src/backend/libpq/hba.c:1267:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&parsedline->mask, gai_result->ai_addr,
data/postgresql-12-12.4/src/backend/libpq/hba.c:1837:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		hbaline->ldapport = atoi(val);
data/postgresql-12-12.4/src/backend/libpq/hba.c:1993:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			if (atoi(lfirst(l)) == 0)
data/postgresql-12-12.4/src/backend/libpq/hba.c:2419:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buffer[NI_MAXHOST];
data/postgresql-12-12.4/src/backend/libpq/hba.c:2764:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		errstr[100];
data/postgresql-12-12.4/src/backend/libpq/hba.c:2821:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		errstr[100];
data/postgresql-12-12.4/src/backend/libpq/hba.c:2860:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(regexp_pgrole, identLine->pg_role, offset);
data/postgresql-12-12.4/src/backend/libpq/hba.c:2861:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(regexp_pgrole + offset,
data/postgresql-12-12.4/src/backend/libpq/ifaddr.c:148:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(mask, &mask4, sizeof(mask4));
data/postgresql-12-12.4/src/backend/libpq/ifaddr.c:174:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(mask, &mask6, sizeof(mask6));
data/postgresql-12-12.4/src/backend/libpq/ifaddr.c:429:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&lmask, &lifr[i], sizeof(struct lifreq));
data/postgresql-12-12.4/src/backend/libpq/pqcomm.c:142:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char PqRecvBuffer[PQ_RECV_BUFFER_SIZE];
data/postgresql-12-12.4/src/backend/libpq/pqcomm.c:338:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		portNumberStr[32];
data/postgresql-12-12.4/src/backend/libpq/pqcomm.c:340:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		familyDescBuf[64];
data/postgresql-12-12.4/src/backend/libpq/pqcomm.c:342:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		addrBuf[NI_MAXHOST];
data/postgresql-12-12.4/src/backend/libpq/pqcomm.c:351:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		unixSocketPath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/libpq/pqcomm.c:1111:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(s, PqRecvBuffer + PqRecvPointer, amount);
data/postgresql-12-12.4/src/backend/libpq/pqcomm.c:1386:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(PqSendBuffer + PqSendPointer, s, amount);
data/postgresql-12-12.4/src/backend/libpq/pqformat.c:536:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buf, &msg->data[msg->cursor], datalen);
data/postgresql-12-12.4/src/backend/libpq/pqformat.c:566:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(p, str, rawbytes);
data/postgresql-12-12.4/src/backend/nodes/bitmapset.c:83:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(result, a, size);
data/postgresql-12-12.4/src/backend/nodes/copyfuncs.c:61:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(newnode->fldname, from->fldname, _size); \
data/postgresql-12-12.4/src/backend/nodes/extensible.c:31:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		extnodename[EXTNODENAME_MAX_LEN];
data/postgresql-12-12.4/src/backend/nodes/makefuncs.c:275:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tle, src_tle, sizeof(TargetEntry));
data/postgresql-12-12.4/src/backend/nodes/nodeFuncs.c:2528:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy((newnode), (node), sizeof(nodetype)) )
data/postgresql-12-12.4/src/backend/nodes/nodeFuncs.c:2533:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy((newnode), (node), sizeof(nodetype)) )
data/postgresql-12-12.4/src/backend/nodes/outfuncs.c:191:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		in[2];
data/postgresql-12-12.4/src/backend/nodes/params.c:173:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(*start_address, &nparams, sizeof(int));
data/postgresql-12-12.4/src/backend/nodes/params.c:194:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(*start_address, &typeOid, sizeof(Oid));
data/postgresql-12-12.4/src/backend/nodes/params.c:198:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(*start_address, &prm->pflags, sizeof(uint16));
data/postgresql-12-12.4/src/backend/nodes/params.c:231:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&nparams, *start_address, sizeof(int));
data/postgresql-12-12.4/src/backend/nodes/params.c:241:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&prm->ptype, *start_address, sizeof(Oid));
data/postgresql-12-12.4/src/backend/nodes/params.c:245:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&prm->pflags, *start_address, sizeof(uint16));
data/postgresql-12-12.4/src/backend/nodes/print.c:100:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		line[LINELEN + 1];
data/postgresql-12-12.4/src/backend/nodes/print.c:156:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		line[LINELEN + 1];
data/postgresql-12-12.4/src/backend/nodes/read.c:430:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			result = (Node *) makeInteger(atoi(token));
data/postgresql-12-12.4/src/backend/nodes/read.c:436:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(fval, token, tok_len);
data/postgresql-12-12.4/src/backend/nodes/read.c:450:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(val, token + 1, tok_len - 1);
data/postgresql-12-12.4/src/backend/nodes/readfuncs.c:71:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	local_node->fldname = atoi(token)
data/postgresql-12-12.4/src/backend/nodes/readfuncs.c:89:24:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	local_node->fldname = atol(token)
data/postgresql-12-12.4/src/backend/nodes/readfuncs.c:108:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	local_node->fldname = (enumtype) atoi(token)
data/postgresql-12-12.4/src/backend/nodes/readfuncs.c:133:50:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	local_node->fldname = restore_location_fields ? atoi(token) : -1
data/postgresql-12-12.4/src/backend/nodes/readfuncs.c:2859:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			s[i] = (char) atoi(token);
data/postgresql-12-12.4/src/backend/nodes/readfuncs.c:2870:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			s[i] = (char) atoi(token);
data/postgresql-12-12.4/src/backend/nodes/readfuncs.c:2901:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		attr_vals[i] = atoi(token);
data/postgresql-12-12.4/src/backend/nodes/readfuncs.c:2949:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		int_vals[i] = atoi(token);
data/postgresql-12-12.4/src/backend/nodes/tidbitmap.c:310:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(page, &tbm->entry1, sizeof(PagetableEntry));
data/postgresql-12-12.4/src/backend/nodes/tidbitmap.c:849:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(ptbase->ptentry, &tbm->entry1, sizeof(PagetableEntry));
data/postgresql-12-12.4/src/backend/optimizer/path/indxpath.c:3287:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(newclause, clause, sizeof(OpExpr));
data/postgresql-12-12.4/src/backend/optimizer/path/joinrels.c:1532:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(sjinfo, parent_sjinfo, sizeof(SpecialJoinInfo));
data/postgresql-12-12.4/src/backend/optimizer/plan/createplan.c:4624:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(newphv, phv, sizeof(PlaceHolderVar));
data/postgresql-12-12.4/src/backend/optimizer/plan/planagg.c:365:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(subroot, root, sizeof(PlannerInfo));
data/postgresql-12-12.4/src/backend/optimizer/plan/planner.c:1299:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(subroot, root, sizeof(PlannerInfo));
data/postgresql-12-12.4/src/backend/optimizer/plan/planner.c:1493:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(subroot, root, sizeof(PlannerInfo));
data/postgresql-12-12.4/src/backend/optimizer/plan/planner.c:3445:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(adjacency[i], adjacency_buf, (n_adj + 1) * sizeof(short));
data/postgresql-12-12.4/src/backend/optimizer/plan/planner.c:5261:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(newaggref, aggref, sizeof(Aggref));
data/postgresql-12-12.4/src/backend/optimizer/plan/setrefs.c:244:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(newrc, rc, sizeof(PlanRowMark));
data/postgresql-12-12.4/src/backend/optimizer/plan/setrefs.c:401:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newrte, rte, sizeof(RangeTblEntry));
data/postgresql-12-12.4/src/backend/optimizer/plan/setrefs.c:2004:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(child_agg, orig_agg, sizeof(Aggref));
data/postgresql-12-12.4/src/backend/optimizer/plan/subselect.c:565:10:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		ptr += sprintf(ptr, " (returns ");
data/postgresql-12-12.4/src/backend/optimizer/prep/prepjointree.c:292:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(j, jtnode, sizeof(JoinExpr));
data/postgresql-12-12.4/src/backend/optimizer/prep/preptlist.c:132:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		resname[32];
data/postgresql-12-12.4/src/backend/optimizer/util/appendinfo.c:414:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(newinfo, oldinfo, sizeof(RestrictInfo));
data/postgresql-12-12.4/src/backend/optimizer/util/clauses.c:2892:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(ac, node, sizeof(ArrayCoerceExpr));
data/postgresql-12-12.4/src/backend/optimizer/util/clauses.c:4236:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(declared_arg_types, funcform->proargtypes.values,
data/postgresql-12-12.4/src/backend/optimizer/util/inherit.c:228:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		resname[32];
data/postgresql-12-12.4/src/backend/optimizer/util/pathnode.c:3751:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(newpath, ipath, sizeof(IndexPath));
data/postgresql-12-12.4/src/backend/optimizer/util/pathnode.c:3847:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy((newnode), (node), sizeof(nodetype)) )
data/postgresql-12-12.4/src/backend/optimizer/util/plancat.c:2223:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(part_scheme->partopfamily, partkey->partopfamily,
data/postgresql-12-12.4/src/backend/optimizer/util/plancat.c:2227:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(part_scheme->partopcintype, partkey->partopcintype,
data/postgresql-12-12.4/src/backend/optimizer/util/plancat.c:2231:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(part_scheme->partcollation, partkey->partcollation,
data/postgresql-12-12.4/src/backend/optimizer/util/plancat.c:2235:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(part_scheme->parttyplen, partkey->parttyplen,
data/postgresql-12-12.4/src/backend/optimizer/util/plancat.c:2239:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(part_scheme->parttypbyval, partkey->parttypbyval,
data/postgresql-12-12.4/src/backend/optimizer/util/restrictinfo.c:316:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newclause, clause, sizeof(OpExpr));
data/postgresql-12-12.4/src/backend/optimizer/util/restrictinfo.c:326:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(result, rinfo, sizeof(RestrictInfo));
data/postgresql-12-12.4/src/backend/optimizer/util/tlist.c:678:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dst, src, sizeof(PathTarget));
data/postgresql-12-12.4/src/backend/optimizer/util/tlist.c:687:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dst->sortgrouprefs, src->sortgrouprefs, nbytes);
data/postgresql-12-12.4/src/backend/parser/analyze.c:1871:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		selectName[32];
data/postgresql-12-12.4/src/backend/parser/gram.c:25334:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/postgresql-12-12.4/src/backend/parser/gram.c:25547:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char yymsgbuf[128];
data/postgresql-12-12.4/src/backend/parser/parse_expr.c:2260:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fname[16];
data/postgresql-12-12.4/src/backend/parser/parse_oper.c:53:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		oprname[NAMEDATALEN];
data/postgresql-12-12.4/src/backend/parser/parse_relation.c:1801:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		attrname[64];
data/postgresql-12-12.4/src/backend/parser/scan.c:10201:21:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					yylval->ival = atol(yytext + 1);
data/postgresql-12-12.4/src/backend/parser/scan.c:11526:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(yyext->scanbuf, str, slen);
data/postgresql-12-12.4/src/backend/parser/scan.c:11576:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(yyextra->literalbuf + yyextra->literallen, ytext, yleng);
data/postgresql-12-12.4/src/backend/parser/scan.c:11607:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(new, yyextra->literalbuf, llen);
data/postgresql-12-12.4/src/backend/parser/scan.c:11681:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[8];
data/postgresql-12-12.4/src/backend/parser/scansup.c:198:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		buf[NAMEDATALEN];
data/postgresql-12-12.4/src/backend/parser/scansup.c:200:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(buf, ident, len);
data/postgresql-12-12.4/src/backend/partitioning/partbounds.c:811:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(dest->kind[i], src->kind[i],
data/postgresql-12-12.4/src/backend/partitioning/partbounds.c:855:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dest->indexes, src->indexes, sizeof(int) * num_indexes);
data/postgresql-12-12.4/src/backend/partitioning/partbounds.c:2869:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(my_extra->partcollid, key->partcollation,
data/postgresql-12-12.4/src/backend/port/posix_sema.c:47:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pad[PG_CACHE_LINE_SIZE];
data/postgresql-12-12.4/src/backend/port/posix_sema.c:88:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		semname[64];
data/postgresql-12-12.4/src/backend/port/sysv_shmem.c:262:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		line[64];
data/postgresql-12-12.4/src/backend/port/sysv_shmem.c:264:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(line, "%9lu %9lu",
data/postgresql-12-12.4/src/backend/port/sysv_shmem.c:495:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		buf[128];
data/postgresql-12-12.4/src/backend/port/sysv_shmem.c:778:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(AnonymousShmem, hdr, sizeof(PGShmemHeader));
data/postgresql-12-12.4/src/backend/port/win32/crashdump.c:106:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		dumpPath[_MAX_PATH];
data/postgresql-12-12.4/src/backend/port/win32/signal.c:185:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pipename[128];
data/postgresql-12-12.4/src/backend/port/win32/signal.c:290:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pipename[128];
data/postgresql-12-12.4/src/backend/port/win32/socket.c:554:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(writefds, &outwritefds, sizeof(fd_set));
data/postgresql-12-12.4/src/backend/port/win32/socket.c:688:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(readfds, &outreadfds, sizeof(fd_set));
data/postgresql-12-12.4/src/backend/port/win32/socket.c:690:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(writefds, &outwritefds, sizeof(fd_set));
data/postgresql-12-12.4/src/backend/port/win32_shmem.c:79:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(retptr, "Global\\PostgreSQL:");
data/postgresql-12-12.4/src/backend/postmaster/autovacuum.c:365:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *av[10];
data/postgresql-12-12.4/src/backend/postmaster/autovacuum.c:1053:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&(dbary[i++]), db, sizeof(avl_dbase));
data/postgresql-12-12.4/src/backend/postmaster/autovacuum.c:1440:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *av[10];
data/postgresql-12-12.4/src/backend/postmaster/autovacuum.c:1668:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		dbname[NAMEDATALEN];
data/postgresql-12-12.4/src/backend/postmaster/autovacuum.c:2132:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(&hentry->ar_reloptions, relopts,
data/postgresql-12-12.4/src/backend/postmaster/autovacuum.c:2736:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(av, &(((StdRdOptions *) relopts)->autovacuum), sizeof(AutoVacOpts));
data/postgresql-12-12.4/src/backend/postmaster/autovacuum.c:3136:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		activity[MAX_AUTOVAC_ACTIV_LEN];
data/postgresql-12-12.4/src/backend/postmaster/autovacuum.c:3171:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		activity[MAX_AUTOVAC_ACTIV_LEN + 12 + 2];
data/postgresql-12-12.4/src/backend/postmaster/autovacuum.c:3172:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		blk[12 + 2];
data/postgresql-12-12.4/src/backend/postmaster/bgworker.c:194:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&slot->worker, &rw->rw_worker, sizeof(BackgroundWorker));
data/postgresql-12-12.4/src/backend/postmaster/bgworker.c:366:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(rw->rw_worker.bgw_extra, slot->worker.bgw_extra, BGW_EXTRALEN);
data/postgresql-12-12.4/src/backend/postmaster/bgworker.c:572:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&myEntry, &slot->worker, sizeof myEntry);
data/postgresql-12-12.4/src/backend/postmaster/bgworker.c:987:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&slot->worker, worker, sizeof(BackgroundWorker));
data/postgresql-12-12.4/src/backend/postmaster/bgworker.c:1256:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char result[BGW_MAXLEN];
data/postgresql-12-12.4/src/backend/postmaster/checkpointer.c:1317:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(requests, CheckpointerShmem->requests, n * sizeof(CheckpointerRequest));
data/postgresql-12-12.4/src/backend/postmaster/fork_process.c:93:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			int			fd = open(oomfilename, O_WRONLY, 0);
data/postgresql-12-12.4/src/backend/postmaster/pgarch.c:202:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *av[10];
data/postgresql-12-12.4/src/backend/postmaster/pgarch.c:427:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		xlog[MAX_XFN_CHARS + 1];
data/postgresql-12-12.4/src/backend/postmaster/pgarch.c:443:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		pathname[MAXPGPATH];
data/postgresql-12-12.4/src/backend/postmaster/pgarch.c:486:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char		xlogready[MAXPGPATH];
data/postgresql-12-12.4/src/backend/postmaster/pgarch.c:558:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		xlogarchcmd[MAXPGPATH];
data/postgresql-12-12.4/src/backend/postmaster/pgarch.c:559:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pathname[MAXPGPATH];
data/postgresql-12-12.4/src/backend/postmaster/pgarch.c:560:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		activitymsg[MAXFNAMELEN + 16];
data/postgresql-12-12.4/src/backend/postmaster/pgarch.c:714:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		XLogArchiveStatusDir[MAXPGPATH];
data/postgresql-12-12.4/src/backend/postmaster/pgarch.c:726:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		basename[MAX_XFN_CHARS + 1];
data/postgresql-12-12.4/src/backend/postmaster/pgarch.c:743:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(basename, rlde->d_name, basenamelen);
data/postgresql-12-12.4/src/backend/postmaster/pgarch.c:785:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		rlogready[MAXPGPATH];
data/postgresql-12-12.4/src/backend/postmaster/pgarch.c:786:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		rlogdone[MAXPGPATH];
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:642:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fname[MAXPGPATH * 2];
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:702:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *av[10];
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:888:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&this_ent->t_counts, &entry->t_counts,
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:2882:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&lbeentry,
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:3039:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(unvolatize(PgBackendStatus *, vbeentry),
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:3060:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(lbeentry.st_sslstatus, &lsslstatus, sizeof(PgBackendSSLStatus));
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:3063:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(lbeentry.st_gssstatus, &lgssstatus, sizeof(PgBackendGSSStatus));
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:3183:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((char *) beentry->st_activity_raw, cmd_str, len);
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:3312:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((char *) beentry->st_appname, appname, len);
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:3427:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&localentry->backendStatus, unvolatize(PgBackendStatus *, beentry), sizeof(PgBackendStatus));
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:3446:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(localsslstatus, beentry->st_sslstatus, sizeof(PgBackendSSLStatus));
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:3453:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(localgssstatus, beentry->st_gssstatus, sizeof(PgBackendGSSStatus));
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:4870:23:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	fpout = AllocateFile(tmpfile, PG_BINARY_W);
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:4876:7:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
						tmpfile)));
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:4943:7:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
						tmpfile)));
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:4945:10:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		unlink(tmpfile);
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:4952:7:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
						tmpfile)));
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:4953:10:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		unlink(tmpfile);
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:4955:18:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	else if (rename(tmpfile, statfile) < 0)
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:4960:7:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
						tmpfile, statfile)));
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:4961:10:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		unlink(tmpfile);
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:5016:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tmpfile[MAXPGPATH];
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:5016:8:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	char		tmpfile[MAXPGPATH];
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:5017:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		statfile[MAXPGPATH];
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:5019:45:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	get_dbstat_filename(permanent, true, dbid, tmpfile, MAXPGPATH);
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:5027:23:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	fpout = AllocateFile(tmpfile, PG_BINARY_W);
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:5033:7:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
						tmpfile)));
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:5078:7:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
						tmpfile)));
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:5080:10:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		unlink(tmpfile);
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:5087:7:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
						tmpfile)));
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:5088:10:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		unlink(tmpfile);
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:5090:18:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	else if (rename(tmpfile, statfile) < 0)
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:5095:7:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
						tmpfile, statfile)));
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:5096:10:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		unlink(tmpfile);
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:5268:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(dbentry, &dbbuf, sizeof(PgStat_StatDBEntry));
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:5371:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		statfile[MAXPGPATH];
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:5444:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(tabentry, &tabbuf, sizeof(tabbuf));
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:5478:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(funcentry, &funcbuf, sizeof(funcbuf));
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:6065:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		statfile[MAXPGPATH];
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:223:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ExtraOptions[MAXPGPATH];
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:480:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		DataDir[MAXPGPATH];
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:522:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		my_exec_path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:523:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pkglib_path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:524:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		ExtraOptions[MAXPGPATH];
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:694:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				set_debug_options(atoi(optarg), PGC_POSTMASTER, PGC_S_ARGV);
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:1225:23:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		FILE	   *fpidfile = fopen(external_pid_file, "w");
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:1495:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:1647:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((char *) &rmask, (char *) &readmask, sizeof(fd_set));
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:3216:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		namebuf[MAXPGPATH];
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:3659:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		activity_buffer[1024];
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:4190:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buffer[1000];
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:4225:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		remote_host[NI_MAXHOST];
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:4226:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		remote_port[NI_MAXSERV];
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:4227:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		remote_ps_data[NI_MAXHOST];
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:4488:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *av[4];
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:4514:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tmpfilename[MAXPGPATH];
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:4609:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		cmdLine[MAXPGPATH * 2];
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:4613:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		paramHandleStr[32];
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:4653:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(paramHandleStr, "%llu", (LONG_PTR) paramHandle);
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:4655:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(paramHandleStr, "%lu", (DWORD) paramHandle);
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:5028:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		shmem_slot = atoi(argv[1] + 15);
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:5366:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *av[10];
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:5368:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		typebuf[32];
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:5584:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen(OPTS_FILE, "w")) == NULL)
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:5688:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *av[10];
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:5690:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		forkav[MAXPGPATH];
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:5774:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(MyBgworkerEntry, &rw->rw_worker, sizeof(BackgroundWorker));
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:6085:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&param->port, port, sizeof(Port));
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:6091:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&param->ListenSocket, &ListenSocket, sizeof(ListenSocket));
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:6138:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&param->postmaster_alive_fds, &postmaster_alive_fds,
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:6142:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&param->syslogPipe, &syslogPipe, sizeof(syslogPipe));
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:6288:25:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	paramHandle = (HANDLE) atol(id);
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:6298:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&param, paramp, sizeof(BackendParameters));
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:6322:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(port, &param->port, sizeof(Port));
data/postgresql-12-12.4/src/backend/postmaster/syslogger.c:165:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		logbuffer[READ_BUF_SIZE];
data/postgresql-12-12.4/src/backend/postmaster/syslogger.c:193:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		int			fd = open(DEVNULL, O_WRONLY, 0);
data/postgresql-12-12.4/src/backend/postmaster/syslogger.c:744:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *av[10];
data/postgresql-12-12.4/src/backend/postmaster/syslogger.c:746:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		filenobuf[32];
data/postgresql-12-12.4/src/backend/postmaster/syslogger.c:747:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		csvfilenobuf[32];
data/postgresql-12-12.4/src/backend/postmaster/syslogger.c:759:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(filenobuf, "-1");
data/postgresql-12-12.4/src/backend/postmaster/syslogger.c:774:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(csvfilenobuf, "-1");
data/postgresql-12-12.4/src/backend/postmaster/syslogger.c:811:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	fd = atoi(*argv++);
data/postgresql-12-12.4/src/backend/postmaster/syslogger.c:817:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	fd = atoi(*argv++);
data/postgresql-12-12.4/src/backend/postmaster/syslogger.c:824:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	fd = atoi(*argv++);
data/postgresql-12-12.4/src/backend/postmaster/syslogger.c:834:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	fd = atoi(*argv++);
data/postgresql-12-12.4/src/backend/postmaster/syslogger.c:891:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&p, cursor, offsetof(PipeProtoHeader, data));
data/postgresql-12-12.4/src/backend/postmaster/syslogger.c:1124:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		logbuffer[READ_BUF_SIZE];
data/postgresql-12-12.4/src/backend/postmaster/syslogger.c:1208:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fh = fopen(filename, mode);
data/postgresql-12-12.4/src/backend/postmaster/syslogger.c:1473:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fh = fopen(LOG_METAINFO_DATAFILE_TMP, "w");
data/postgresql-12-12.4/src/backend/regex/regc_color.c:225:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(VS(newCd), VS(cm->cdspace), cm->ncds *
data/postgresql-12-12.4/src/backend/regex/regc_color.c:452:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newrowptr,
data/postgresql-12-12.4/src/backend/regex/regc_locale.c:355:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *const classNames[NUM_CCLASSES + 1] = {
data/postgresql-12-12.4/src/backend/regex/regc_nfa.c:2535:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(donemap, outerdonemap, nstates * sizeof(char));
data/postgresql-12-12.4/src/backend/regex/regc_pg_locale.c:92:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char pg_char_properties[128] = {
data/postgresql-12-12.4/src/backend/regex/regcomp.c:507:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(VS(p), VS(v->subs),
data/postgresql-12-12.4/src/backend/regex/regcomp.c:1901:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		idbuf[50];
data/postgresql-12-12.4/src/backend/regex/regcomp.c:2128:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		idbuf[50];
data/postgresql-12-12.4/src/backend/regex/regcomp.c:2182:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buf, "%d", t->id);
data/postgresql-12-12.4/src/backend/regex/regcomp.c:2184:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buf, "%p", t);
data/postgresql-12-12.4/src/backend/regex/regerror.c:67:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		convbuf[sizeof(unk) + 50];	/* 50 = plenty for int */
data/postgresql-12-12.4/src/backend/regex/regerror.c:77:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(convbuf, "%d", r->code);	/* -1 for unknown */
data/postgresql-12-12.4/src/backend/regex/regerror.c:81:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			icode = atoi(errbuf);	/* not our problem if this fails */
data/postgresql-12-12.4/src/backend/regex/regerror.c:89:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(convbuf, "REG_%u", (unsigned) icode);
data/postgresql-12-12.4/src/backend/regex/regerror.c:114:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(errbuf, msg, errbuf_size - 1);
data/postgresql-12-12.4/src/backend/regex/regexec.c:294:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(VS(pmatch), VS(v->pmatch), n * sizeof(regmatch_t));
data/postgresql-12-12.4/src/backend/regex/regexec.c:384:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	chr		   *open;			/* open and close of range of possible starts */
data/postgresql-12-12.4/src/backend/regex/regexec.c:417:40:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	MDEBUG(("between %ld and %ld\n", LOFF(open), LOFF(close)));
data/postgresql-12-12.4/src/backend/regex/regexec.c:421:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	for (begin = open; begin <= close; begin++)
data/postgresql-12-12.4/src/backend/regex/regexec.c:516:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	chr		   *open;			/* open and close of range of possible starts */
data/postgresql-12-12.4/src/backend/regex/regexec.c:543:42:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		MDEBUG(("cbetween %ld and %ld\n", LOFF(open), LOFF(close)));
data/postgresql-12-12.4/src/backend/regex/regexec.c:544:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		for (begin = open; begin <= close; begin++)
data/postgresql-12-12.4/src/backend/replication/basebackup.c:389:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		pathbuf[MAXPGPATH];
data/postgresql-12-12.4/src/backend/replication/basebackup.c:398:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		firstoff[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/replication/basebackup.c:399:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		lastoff[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/replication/basebackup.c:473:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		startfname[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/replication/basebackup.c:488:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char		nextfname[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/replication/basebackup.c:498:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		endfname[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/replication/basebackup.c:509:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		buf[TAR_SEND_SIZE];
data/postgresql-12-12.4/src/backend/replication/basebackup.c:627:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		buf[64];
data/postgresql-12-12.4/src/backend/replication/basebackup.c:784:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		activitymsg[50];
data/postgresql-12-12.4/src/backend/replication/basebackup.c:797:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		is[32];
data/postgresql-12-12.4/src/backend/replication/basebackup.c:886:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		str[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/replication/basebackup.c:970:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		buf[512];
data/postgresql-12-12.4/src/backend/replication/basebackup.c:988:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pathbuf[MAXPGPATH];
data/postgresql-12-12.4/src/backend/replication/basebackup.c:1041:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pathbuf[MAXPGPATH * 2];
data/postgresql-12-12.4/src/backend/replication/basebackup.c:1137:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char		initForkFile[MAXPGPATH];
data/postgresql-12-12.4/src/backend/replication/basebackup.c:1138:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char		relOid[OIDCHARS + 1];
data/postgresql-12-12.4/src/backend/replication/basebackup.c:1144:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(relOid, de->d_name, relOidChars);
data/postgresql-12-12.4/src/backend/replication/basebackup.c:1245:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		linkpath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/replication/basebackup.c:1401:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[TAR_SEND_SIZE];
data/postgresql-12-12.4/src/backend/replication/basebackup.c:1448:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				segmentno = atoi(segmentpath + 1);
data/postgresql-12-12.4/src/backend/replication/basebackup.c:1645:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		h[512];
data/postgresql-12-12.4/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c:128:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *keys[5];
data/postgresql-12-12.4/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c:129:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *vals[5];
data/postgresql-12-12.4/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c:323:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		*sender_port = atoi(ret);
data/postgresql-12-12.4/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c:550:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		cmd[64];
data/postgresql-12-12.4/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c:582:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(*content, PQgetvalue(res, 0, 1), *len);
data/postgresql-12-12.4/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c:919:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char	   *cstrs[MaxTupleAttributeNumber];
data/postgresql-12-12.4/src/backend/replication/logical/decode.c:704:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&change->data.tp.relnode, &target_node, sizeof(RelFileNode));
data/postgresql-12-12.4/src/backend/replication/logical/decode.c:748:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&change->data.tp.relnode, &target_node, sizeof(RelFileNode));
data/postgresql-12-12.4/src/backend/replication/logical/decode.c:821:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&change->data.tp.relnode, &target_node, sizeof(RelFileNode));
data/postgresql-12-12.4/src/backend/replication/logical/decode.c:873:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(change->data.truncate.relids, xlrec->relids,
data/postgresql-12-12.4/src/backend/replication/logical/decode.c:920:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&change->data.tp.relnode, &rnode, sizeof(RelFileNode));
data/postgresql-12-12.4/src/backend/replication/logical/decode.c:956:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy((char *) tuple->tuple.t_data + SizeofHeapTupleHeader,
data/postgresql-12-12.4/src/backend/replication/logical/decode.c:1009:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&change->data.tp.relnode, &target_node, sizeof(RelFileNode));
data/postgresql-12-12.4/src/backend/replication/logical/decode.c:1043:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((char *) &xlhdr,
data/postgresql-12-12.4/src/backend/replication/logical/decode.c:1049:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(((char *) tuple->tuple.t_data) + SizeofHeapTupleHeader,
data/postgresql-12-12.4/src/backend/replication/logical/launcher.c:1144:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&worker, &LogicalRepCtx->workers[i],
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:628:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(change->data.msg.message, message, message_size);
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:1381:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(snap, orig_snap, sizeof(SnapshotData));
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:1388:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(snap->xip, orig_snap->xip, sizeof(TransactionId) * snap->xcnt);
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2135:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(txn->invalidations, msgs,
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2287:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2340:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&ondisk->change, change, sizeof(ReorderBufferChange));
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2382:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(data, &oldtup->tuple, sizeof(HeapTupleData));
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2385:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(data, oldtup->tuple.t_data, oldlen);
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2391:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(data, &newtup->tuple, sizeof(HeapTupleData));
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2394:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(data, newtup->tuple.t_data, newlen);
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2414:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(data, &prefix_size, sizeof(Size));
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2416:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(data, change->data.msg.prefix,
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2421:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(data, &change->data.msg.message_size, sizeof(Size));
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2423:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(data, change->data.msg.message,
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2446:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(data, snap, sizeof(SnapshotData));
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2451:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(data, snap->xip,
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2458:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(data, snap->subxip,
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2480:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(data, change->data.truncate.relids, size);
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2561:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2681:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(change, &ondisk->change, sizeof(ReorderBufferChange));
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2701:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&change->data.tp.oldtuple->tuple, data,
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2710:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(change->data.tp.oldtuple->tuple.t_data, data, tuplelen);
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2719:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&tuplelen, data + offsetof(HeapTupleData, t_len),
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2726:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&change->data.tp.newtuple->tuple, data,
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2735:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(change->data.tp.newtuple->tuple.t_data, data, tuplelen);
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2745:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&prefix_size, data, sizeof(Size));
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2749:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(change->data.msg.prefix, data, prefix_size);
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2754:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&change->data.msg.message_size, data, sizeof(Size));
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2758:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(change->data.msg.message, data,
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2780:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(newsnap, data, size);
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2794:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(relids, data, change->data.truncate.nrelids * sizeof(Oid));
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2828:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2848:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH * 2 + 12];
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:3144:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(VARDATA(reconstructed) + data_done,
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:3161:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(VARDATA_EXTERNAL(new_datum), &redirect_pointer,
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:3176:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newtup->tuple.t_data, tmphtup->t_data, tmphtup->t_len);
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:3267:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fname[MAXPGPATH];
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:3302:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/replication/logical/snapbuild.c:511:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(snapshot->xip,
data/postgresql-12-12.4/src/backend/replication/logical/snapbuild.c:913:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(builder->committed.xip, workspace,
data/postgresql-12-12.4/src/backend/replication/logical/snapbuild.c:1491:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tmppath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/replication/logical/snapbuild.c:1492:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/replication/logical/snapbuild.c:1514:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(path, "pg_logical/snapshots/%X-%X.snap",
data/postgresql-12-12.4/src/backend/replication/logical/snapbuild.c:1557:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(tmppath, "pg_logical/snapshots/%X-%X.snap.%u.tmp",
data/postgresql-12-12.4/src/backend/replication/logical/snapbuild.c:1585:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&ondisk->builder, builder, sizeof(SnapBuild));
data/postgresql-12-12.4/src/backend/replication/logical/snapbuild.c:1601:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ondisk_c, builder->committed.xip, sz);
data/postgresql-12-12.4/src/backend/replication/logical/snapbuild.c:1698:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/replication/logical/snapbuild.c:1707:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(path, "pg_logical/snapshots/%X-%X.snap",
data/postgresql-12-12.4/src/backend/replication/logical/snapbuild.c:1943:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH + 21];
data/postgresql-12-12.4/src/backend/replication/logical/tablesync.c:364:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(rstate, lfirst(lc), sizeof(SubscriptionRelState));
data/postgresql-12-12.4/src/backend/replication/logical/tablesync.c:579:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(outbuf, &copybuf->data[copybuf->cursor], avail);
data/postgresql-12-12.4/src/backend/replication/logical/tablesync.c:612:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(outbuf, &copybuf->data[copybuf->cursor], avail);
data/postgresql-12-12.4/src/backend/replication/logical/worker.c:396:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(slot->tts_values, srcslot->tts_values, natts * sizeof(Datum));
data/postgresql-12-12.4/src/backend/replication/logical/worker.c:397:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(slot->tts_isnull, srcslot->tts_isnull, natts * sizeof(bool));
data/postgresql-12-12.4/src/backend/replication/logical/worker.c:1612:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		originname[NAMEDATALEN];
data/postgresql-12-12.4/src/backend/replication/repl_gram.c:957:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/postgresql-12-12.4/src/backend/replication/repl_gram.c:1146:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char yymsgbuf[128];
data/postgresql-12-12.4/src/backend/replication/repl_scanner.c:2551:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(scanbuf, str, slen);
data/postgresql-12-12.4/src/backend/replication/slot.c:549:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/replication/slot.c:550:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tmppath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/replication/slot.c:647:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/replication/slot.c:1092:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/replication/slot.c:1121:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		path[MAXPGPATH + 12];
data/postgresql-12-12.4/src/backend/replication/slot.c:1171:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tmppath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/replication/slot.c:1172:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/replication/slot.c:1232:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tmppath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/replication/slot.c:1233:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/replication/slot.c:1283:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&cp.slotdata, &slot->data, sizeof(ReplicationSlotPersistentData));
data/postgresql-12-12.4/src/backend/replication/slot.c:1388:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		slotdir[MAXPGPATH + 12];
data/postgresql-12-12.4/src/backend/replication/slot.c:1389:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH + 22];
data/postgresql-12-12.4/src/backend/replication/slot.c:1565:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&slot->data, &cp.slotdata,
data/postgresql-12-12.4/src/backend/replication/syncrep.c:206:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(new_status, old_status, len);
data/postgresql-12-12.4/src/backend/replication/syncrep.c:207:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(new_status + len, " waiting for %X/%X",
data/postgresql-12-12.4/src/backend/replication/syncrep.c:1326:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(pconf, syncrep_parse_result, syncrep_parse_result->config_size);
data/postgresql-12-12.4/src/backend/replication/syncrep_gram.c:870:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/postgresql-12-12.4/src/backend/replication/syncrep_gram.c:1059:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char yymsgbuf[128];
data/postgresql-12-12.4/src/backend/replication/syncrep_gram.c:1572:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	config->num_sync = atoi(num_sync);
data/postgresql-12-12.4/src/backend/replication/syncrep_scanner.c:2149:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(scanbuf, str, slen);
data/postgresql-12-12.4/src/backend/replication/walreceiver.c:169:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		conninfo[MAXCONNINFO];
data/postgresql-12-12.4/src/backend/replication/walreceiver.c:171:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		slotname[NAMEDATALEN];
data/postgresql-12-12.4/src/backend/replication/walreceiver.c:308:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		standby_sysid[32];
data/postgresql-12-12.4/src/backend/replication/walreceiver.c:576:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		xlogfname[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/replication/walreceiver.c:671:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		activitymsg[50];
data/postgresql-12-12.4/src/backend/replication/walreceiver.c:697:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		expectedfname[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/replication/walreceiver.c:910:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char		xlogfname[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/replication/walreceiver.c:1028:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		activitymsg[50];
data/postgresql-12-12.4/src/backend/replication/walreceiver.c:1356:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sender_host[NI_MAXHOST];
data/postgresql-12-12.4/src/backend/replication/walreceiver.c:1358:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		slotname[NAMEDATALEN];
data/postgresql-12-12.4/src/backend/replication/walreceiver.c:1359:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		conninfo[MAXCONNINFO];
data/postgresql-12-12.4/src/backend/replication/walsender.c:347:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sysid[32];
data/postgresql-12-12.4/src/backend/replication/walsender.c:348:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		xloc[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/replication/walsender.c:437:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		histfname[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/replication/walsender.c:438:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/replication/walsender.c:716:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		startpos_str[8 + 1 + 8 + 1];
data/postgresql-12-12.4/src/backend/replication/walsender.c:855:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		xloc[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/replication/walsender.c:1192:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&ctx->out->data[1 + sizeof(int64) + sizeof(int64)],
data/postgresql-12-12.4/src/backend/replication/walsender.c:2389:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/replication/walsender.c:2780:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&output_message.data[1 + sizeof(int64) + sizeof(int64)],
data/postgresql-12-12.4/src/backend/replication/walsender.c:2799:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		activitymsg[50];
data/postgresql-12-12.4/src/backend/rewrite/rewriteHandler.c:1043:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(fstore, prior_expr, sizeof(FieldStore));
data/postgresql-12-12.4/src/backend/rewrite/rewriteHandler.c:1054:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(fstore, src_expr, sizeof(FieldStore));
data/postgresql-12-12.4/src/backend/rewrite/rewriteHandler.c:1063:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(sbsref, src_expr, sizeof(SubscriptingRef));
data/postgresql-12-12.4/src/backend/rewrite/rewriteHandler.c:1078:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(newcoerce, coerce_expr, sizeof(CoerceToDomain));
data/postgresql-12-12.4/src/backend/snowball/dict_snowball.c:292:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(txt, d->z->p, d->z->l);
data/postgresql-12-12.4/src/backend/statistics/dependencies.c:141:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&state->dependencies[(state->k * state->ndependencies)],
data/postgresql-12-12.4/src/backend/statistics/dependencies.c:466:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tmp, &dependencies->magic, sizeof(uint32));
data/postgresql-12-12.4/src/backend/statistics/dependencies.c:468:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tmp, &dependencies->type, sizeof(uint32));
data/postgresql-12-12.4/src/backend/statistics/dependencies.c:470:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tmp, &dependencies->ndeps, sizeof(uint32));
data/postgresql-12-12.4/src/backend/statistics/dependencies.c:478:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(tmp, &d->degree, sizeof(double));
data/postgresql-12-12.4/src/backend/statistics/dependencies.c:481:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(tmp, &d->nattributes, sizeof(AttrNumber));
data/postgresql-12-12.4/src/backend/statistics/dependencies.c:484:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(tmp, d->attributes, sizeof(AttrNumber) * d->nattributes);
data/postgresql-12-12.4/src/backend/statistics/dependencies.c:522:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&dependencies->magic, tmp, sizeof(uint32));
data/postgresql-12-12.4/src/backend/statistics/dependencies.c:524:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&dependencies->type, tmp, sizeof(uint32));
data/postgresql-12-12.4/src/backend/statistics/dependencies.c:526:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&dependencies->ndeps, tmp, sizeof(uint32));
data/postgresql-12-12.4/src/backend/statistics/dependencies.c:558:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&degree, tmp, sizeof(double));
data/postgresql-12-12.4/src/backend/statistics/dependencies.c:562:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&k, tmp, sizeof(AttrNumber));
data/postgresql-12-12.4/src/backend/statistics/dependencies.c:576:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(d->attributes, tmp, sizeof(AttrNumber) * d->nattributes);
data/postgresql-12-12.4/src/backend/statistics/mcv.c:305:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(item->values, groups[i].values, sizeof(Datum) * numattrs);
data/postgresql-12-12.4/src/backend/statistics/mcv.c:306:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(item->isnull, groups[i].isnull, sizeof(bool) * numattrs);
data/postgresql-12-12.4/src/backend/statistics/mcv.c:842:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ptr, &mcvlist->magic, sizeof(uint32));
data/postgresql-12-12.4/src/backend/statistics/mcv.c:845:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ptr, &mcvlist->type, sizeof(uint32));
data/postgresql-12-12.4/src/backend/statistics/mcv.c:848:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ptr, &mcvlist->nitems, sizeof(uint32));
data/postgresql-12-12.4/src/backend/statistics/mcv.c:851:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ptr, &mcvlist->ndimensions, sizeof(AttrNumber));
data/postgresql-12-12.4/src/backend/statistics/mcv.c:854:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ptr, mcvlist->types, sizeof(Oid) * ndims);
data/postgresql-12-12.4/src/backend/statistics/mcv.c:858:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ptr, info, sizeof(DimensionInfo) * ndims);
data/postgresql-12-12.4/src/backend/statistics/mcv.c:886:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(ptr, &tmp, info[dim].typlen);
data/postgresql-12-12.4/src/backend/statistics/mcv.c:892:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(ptr, DatumGetPointer(value), info[dim].typlen);
data/postgresql-12-12.4/src/backend/statistics/mcv.c:900:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(ptr, &len, sizeof(uint32));
data/postgresql-12-12.4/src/backend/statistics/mcv.c:904:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(ptr, VARDATA_ANY(DatumGetPointer(value)), len);
data/postgresql-12-12.4/src/backend/statistics/mcv.c:912:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(ptr, &len, sizeof(uint32));
data/postgresql-12-12.4/src/backend/statistics/mcv.c:916:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(ptr, DatumGetCString(value), len);
data/postgresql-12-12.4/src/backend/statistics/mcv.c:937:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr, mcvitem->isnull, sizeof(bool) * ndims);
data/postgresql-12-12.4/src/backend/statistics/mcv.c:940:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr, &mcvitem->frequency, sizeof(double));
data/postgresql-12-12.4/src/backend/statistics/mcv.c:943:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr, &mcvitem->base_frequency, sizeof(double));
data/postgresql-12-12.4/src/backend/statistics/mcv.c:969:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(ptr, &index, sizeof(uint16));
data/postgresql-12-12.4/src/backend/statistics/mcv.c:1041:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&mcvlist->magic, ptr, sizeof(uint32));
data/postgresql-12-12.4/src/backend/statistics/mcv.c:1044:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&mcvlist->type, ptr, sizeof(uint32));
data/postgresql-12-12.4/src/backend/statistics/mcv.c:1047:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&mcvlist->nitems, ptr, sizeof(uint32));
data/postgresql-12-12.4/src/backend/statistics/mcv.c:1050:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&mcvlist->ndimensions, ptr, sizeof(AttrNumber));
data/postgresql-12-12.4/src/backend/statistics/mcv.c:1094:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(mcvlist->types, ptr, sizeof(Oid) * ndims);
data/postgresql-12-12.4/src/backend/statistics/mcv.c:1100:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(info, ptr, ndims * sizeof(DimensionInfo));
data/postgresql-12-12.4/src/backend/statistics/mcv.c:1191:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&v, ptr, info[dim].typlen);
data/postgresql-12-12.4/src/backend/statistics/mcv.c:1209:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(dataptr, ptr, info[dim].typlen);
data/postgresql-12-12.4/src/backend/statistics/mcv.c:1225:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(&len, ptr, sizeof(uint32));
data/postgresql-12-12.4/src/backend/statistics/mcv.c:1230:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(VARDATA(dataptr), ptr, len);
data/postgresql-12-12.4/src/backend/statistics/mcv.c:1247:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(&len, ptr, sizeof(uint32));
data/postgresql-12-12.4/src/backend/statistics/mcv.c:1250:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(dataptr, ptr, len);
data/postgresql-12-12.4/src/backend/statistics/mcv.c:1284:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(item->isnull, ptr, sizeof(bool) * ndims);
data/postgresql-12-12.4/src/backend/statistics/mcv.c:1287:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&item->frequency, ptr, sizeof(double));
data/postgresql-12-12.4/src/backend/statistics/mcv.c:1290:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&item->base_frequency, ptr, sizeof(double));
data/postgresql-12-12.4/src/backend/statistics/mcv.c:1298:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&index, ptr, sizeof(uint16));
data/postgresql-12-12.4/src/backend/statistics/mvdistinct.c:205:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tmp, &ndistinct->magic, sizeof(uint32));
data/postgresql-12-12.4/src/backend/statistics/mvdistinct.c:207:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tmp, &ndistinct->type, sizeof(uint32));
data/postgresql-12-12.4/src/backend/statistics/mvdistinct.c:209:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tmp, &ndistinct->nitems, sizeof(uint32));
data/postgresql-12-12.4/src/backend/statistics/mvdistinct.c:221:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(tmp, &item.ndistinct, sizeof(double));
data/postgresql-12-12.4/src/backend/statistics/mvdistinct.c:223:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(tmp, &nmembers, sizeof(int));
data/postgresql-12-12.4/src/backend/statistics/mvdistinct.c:231:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(tmp, &value, sizeof(AttrNumber));
data/postgresql-12-12.4/src/backend/statistics/mvdistinct.c:270:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&ndist.magic, tmp, sizeof(uint32));
data/postgresql-12-12.4/src/backend/statistics/mvdistinct.c:272:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&ndist.type, tmp, sizeof(uint32));
data/postgresql-12-12.4/src/backend/statistics/mvdistinct.c:274:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&ndist.nitems, tmp, sizeof(uint32));
data/postgresql-12-12.4/src/backend/statistics/mvdistinct.c:310:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&item->ndistinct, tmp, sizeof(double));
data/postgresql-12-12.4/src/backend/statistics/mvdistinct.c:314:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&nelems, tmp, sizeof(int));
data/postgresql-12-12.4/src/backend/statistics/mvdistinct.c:322:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&attno, tmp, sizeof(AttrNumber));
data/postgresql-12-12.4/src/backend/statistics/mvdistinct.c:692:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&state->combinations[(state->k * state->current)],
data/postgresql-12-12.4/src/backend/storage/file/buffile.c:224:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		name[MAXPGPATH];
data/postgresql-12-12.4/src/backend/storage/file/buffile.c:283:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		segment_name[MAXPGPATH];
data/postgresql-12-12.4/src/backend/storage/file/buffile.c:345:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		segment_name[MAXPGPATH];
data/postgresql-12-12.4/src/backend/storage/file/buffile.c:564:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr, file->buffer.data + file->pos, nthistime);
data/postgresql-12-12.4/src/backend/storage/file/buffile.c:610:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(file->buffer.data + file->pos, ptr, nthistime);
data/postgresql-12-12.4/src/backend/storage/file/copydir.c:41:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fromfile[MAXPGPATH * 2];
data/postgresql-12-12.4/src/backend/storage/file/copydir.c:42:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tofile[MAXPGPATH * 2];
data/postgresql-12-12.4/src/backend/storage/file/fd.c:975:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(fileName, fileFlags, fileMode);
data/postgresql-12-12.4/src/backend/storage/file/fd.c:1003:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[2048];
data/postgresql-12-12.4/src/backend/storage/file/fd.c:1546:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tempdirpath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/storage/file/fd.c:1547:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tempfilepath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/storage/file/fd.c:2231:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((file = fopen(name, mode)) != NULL)
data/postgresql-12-12.4/src/backend/storage/file/fd.c:2899:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		temp_path[MAXPGPATH + 10 + sizeof(TABLESPACE_VERSION_DIRECTORY) + sizeof(PG_TEMP_FILES_DIR)];
data/postgresql-12-12.4/src/backend/storage/file/fd.c:2961:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		rm_path[MAXPGPATH * 2];
data/postgresql-12-12.4/src/backend/storage/file/fd.c:3027:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		dbspace_path[MAXPGPATH * 2];
data/postgresql-12-12.4/src/backend/storage/file/fd.c:3055:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		rm_path[MAXPGPATH * 2];
data/postgresql-12-12.4/src/backend/storage/file/fd.c:3234:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		subpath[MAXPGPATH * 2];
data/postgresql-12-12.4/src/backend/storage/file/fd.c:3435:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		parentpath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/storage/file/reinit.c:33:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		oid[OIDCHARS + 1];
data/postgresql-12-12.4/src/backend/storage/file/reinit.c:48:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		temp_path[MAXPGPATH + 10 + sizeof(TABLESPACE_VERSION_DIRECTORY)];
data/postgresql-12-12.4/src/backend/storage/file/reinit.c:106:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		dbspace_path[MAXPGPATH * 2];
data/postgresql-12-12.4/src/backend/storage/file/reinit.c:153:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		rm_path[MAXPGPATH * 2];
data/postgresql-12-12.4/src/backend/storage/file/reinit.c:202:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(ent.oid, de->d_name, oidchars);
data/postgresql-12-12.4/src/backend/storage/file/reinit.c:244:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(ent.oid, de->d_name, oidchars);
data/postgresql-12-12.4/src/backend/storage/file/reinit.c:282:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		oidbuf[OIDCHARS + 1];
data/postgresql-12-12.4/src/backend/storage/file/reinit.c:283:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		srcpath[MAXPGPATH * 2];
data/postgresql-12-12.4/src/backend/storage/file/reinit.c:284:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		dstpath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/storage/file/reinit.c:300:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(oidbuf, de->d_name, oidchars);
data/postgresql-12-12.4/src/backend/storage/file/reinit.c:325:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		oidbuf[OIDCHARS + 1];
data/postgresql-12-12.4/src/backend/storage/file/reinit.c:326:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		mainpath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/storage/file/reinit.c:338:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(oidbuf, de->d_name, oidchars);
data/postgresql-12-12.4/src/backend/storage/file/sharedfileset.c:123:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/storage/file/sharedfileset.c:132:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		tempdirpath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/storage/file/sharedfileset.c:133:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		filesetpath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/storage/file/sharedfileset.c:152:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/storage/file/sharedfileset.c:169:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/storage/file/sharedfileset.c:182:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		dirpath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/storage/file/sharedfileset.c:232:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tempdirpath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/storage/file/sharedfileset.c:258:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		dirpath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/storage/ipc/dsm.c:297:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		buf[MAXPGPATH + sizeof(PG_DYNSHMEM_DIR)];
data/postgresql-12-12.4/src/backend/storage/ipc/dsm_impl.c:215:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		name[64];
data/postgresql-12-12.4/src/backend/storage/ipc/dsm_impl.c:410:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		name[64];
data/postgresql-12-12.4/src/backend/storage/ipc/dsm_impl.c:596:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		name[64];
data/postgresql-12-12.4/src/backend/storage/ipc/dsm_impl.c:776:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		name[64];
data/postgresql-12-12.4/src/backend/storage/ipc/dsm_impl.c:957:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char		name[64];
data/postgresql-12-12.4/src/backend/storage/ipc/dsm_impl.c:1005:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char		name[64];
data/postgresql-12-12.4/src/backend/storage/ipc/ipc.c:133:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		gprofDirName[32];
data/postgresql-12-12.4/src/backend/storage/ipc/latch.c:1570:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[16];
data/postgresql-12-12.4/src/backend/storage/ipc/procarray.c:1653:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
						memcpy(snapshot->subxip + subcount,
data/postgresql-12-12.4/src/backend/storage/ipc/procarray.c:2056:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&xids[count], (void *) proc->subxids.xids,
data/postgresql-12-12.4/src/backend/storage/ipc/shm_mq.c:80:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		mq_ring[FLEXIBLE_ARRAY_MEMBER];
data/postgresql-12-12.4/src/backend/storage/ipc/shm_mq.c:424:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		tmpbuf[MAXIMUM_ALIGNOF];
data/postgresql-12-12.4/src/backend/storage/ipc/shm_mq.c:660:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&mqh->mqh_buffer[mqh->mqh_partial_bytes], rawdata,
data/postgresql-12-12.4/src/backend/storage/ipc/shm_mq.c:727:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&mqh->mqh_buffer[mqh->mqh_partial_bytes], rawdata, rb);
data/postgresql-12-12.4/src/backend/storage/ipc/shm_mq.c:977:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&mq->mq_ring[mq->mq_ring_offset + offset],
data/postgresql-12-12.4/src/backend/storage/ipc/standby.c:260:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(new_status, old_status, len);
data/postgresql-12-12.4/src/backend/storage/ipc/standby.c:261:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(new_status + len, " waiting");
data/postgresql-12-12.4/src/backend/storage/large_object/inv_api.c:568:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(buf + nread, VARDATA(datafield) + off, n);
data/postgresql-12-12.4/src/backend/storage/large_object/inv_api.c:604:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		data[LOBLKSIZE + VARHDRSZ];
data/postgresql-12-12.4/src/backend/storage/large_object/inv_api.c:686:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(workb, VARDATA(datafield), len);
data/postgresql-12-12.4/src/backend/storage/large_object/inv_api.c:702:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(workb + off, buf + nwritten, n);
data/postgresql-12-12.4/src/backend/storage/large_object/inv_api.c:747:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(workb + off, buf + nwritten, n);
data/postgresql-12-12.4/src/backend/storage/large_object/inv_api.c:795:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		data[LOBLKSIZE + VARHDRSZ];
data/postgresql-12-12.4/src/backend/storage/large_object/inv_api.c:871:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(workb, VARDATA(datafield), pagelen);
data/postgresql-12-12.4/src/backend/storage/lmgr/lock.c:1740:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(new_status, old_status, len);
data/postgresql-12-12.4/src/backend/storage/lmgr/lock.c:1741:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(new_status + len, " waiting");
data/postgresql-12-12.4/src/backend/storage/lmgr/lock.c:3225:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&(record.locktag), &(locallock->tag.lock), sizeof(LOCKTAG));
data/postgresql-12-12.4/src/backend/storage/lmgr/lock.c:3608:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&instance->locktag, &lock->tag, sizeof(LOCKTAG));
data/postgresql-12-12.4/src/backend/storage/lmgr/lock.c:3786:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&instance->locktag, &lock->tag, sizeof(LOCKTAG));
data/postgresql-12-12.4/src/backend/storage/lmgr/lwlock.c:148:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tranche_name[NAMEDATALEN];
data/postgresql-12-12.4/src/backend/storage/page/bufpage.c:335:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((char *) page + upper, item, size);
data/postgresql-12-12.4/src/backend/storage/page/bufpage.c:376:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(temp, page, pageSize);
data/postgresql-12-12.4/src/backend/storage/page/bufpage.c:397:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(PageGetSpecialPointer(temp),
data/postgresql-12-12.4/src/backend/storage/page/bufpage.c:415:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((char *) oldPage, (char *) tempPage, pageSize);
data/postgresql-12-12.4/src/backend/storage/page/bufpage.c:938:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(phdr->pd_linp, newitemids, nused * sizeof(ItemIdData));
data/postgresql-12-12.4/src/backend/storage/page/bufpage.c:1148:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(PageGetItem(page, tupid), newtup, newsize);
data/postgresql-12-12.4/src/backend/storage/page/bufpage.c:1186:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pageCopy, (char *) page, BLCKSZ);
data/postgresql-12-12.4/src/backend/storage/sync/sync.c:182:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/storage/sync/sync.c:362:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/tcop/fastpath.c:55:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fname[NAMEDATALEN]; /* function name for logging */
data/postgresql-12-12.4/src/backend/tcop/fastpath.c:231:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(fip->argtypes, pp->proargtypes.values, pp->pronargs * sizeof(Oid));
data/postgresql-12-12.4/src/backend/tcop/fastpath.c:270:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		msec_str[32];
data/postgresql-12-12.4/src/backend/tcop/postgres.c:993:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		msec_str[32];
data/postgresql-12-12.4/src/backend/tcop/postgres.c:1072:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		completionTag[COMPLETION_TAG_BUFSIZE];
data/postgresql-12-12.4/src/backend/tcop/postgres.c:1328:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		msec_str[32];
data/postgresql-12-12.4/src/backend/tcop/postgres.c:1594:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		msec_str[32];
data/postgresql-12-12.4/src/backend/tcop/postgres.c:1952:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		completionTag[COMPLETION_TAG_BUFSIZE];
data/postgresql-12-12.4/src/backend/tcop/postgres.c:1960:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		msec_str[32];
data/postgresql-12-12.4/src/backend/tcop/postgres.c:3341:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		debugstr[64];
data/postgresql-12-12.4/src/backend/tcop/postgres.c:3343:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(debugstr, "debug%d", debug_flag);
data/postgresql-12-12.4/src/backend/tcop/postgres.c:3511:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				set_debug_options(atoi(optarg), ctx, gucsource);
data/postgresql-12-12.4/src/backend/tcop/postgres.c:3616:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					FrontendProtocol = (ProtocolVersion) atoi(optarg);
data/postgresql-12-12.4/src/backend/tcop/postgres.c:4560:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((char *) &user, (char *) &r.ru_utime, sizeof(user));
data/postgresql-12-12.4/src/backend/tcop/postgres.c:4561:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((char *) &sys, (char *) &r.ru_stime, sizeof(sys));
data/postgresql-12-12.4/src/backend/tcop/pquery.c:195:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(completionTag, "???");
data/postgresql-12-12.4/src/backend/tcop/pquery.c:644:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(portal->formats, formats, natts * sizeof(int16));
data/postgresql-12-12.4/src/backend/tcop/pquery.c:1008:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		completionTag[COMPLETION_TAG_BUFSIZE];
data/postgresql-12-12.4/src/backend/tcop/pquery.c:1369:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(completionTag, "SELECT 0 0");
data/postgresql-12-12.4/src/backend/tcop/pquery.c:1371:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(completionTag, "INSERT 0 0");
data/postgresql-12-12.4/src/backend/tcop/pquery.c:1373:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(completionTag, "UPDATE 0");
data/postgresql-12-12.4/src/backend/tcop/pquery.c:1375:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(completionTag, "DELETE 0");
data/postgresql-12-12.4/src/backend/tcop/utility.c:447:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
								strcpy(completionTag, "ROLLBACK");
data/postgresql-12-12.4/src/backend/tcop/utility.c:457:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
								strcpy(completionTag, "ROLLBACK");
data/postgresql-12-12.4/src/backend/tsearch/dict_ispell.c:141:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(cptr, ptr, sizeof(TSLexeme));
data/postgresql-12-12.4/src/backend/tsearch/dict_thesaurus.c:95:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ptr->lexeme, b, e - b);
data/postgresql-12-12.4/src/backend/tsearch/dict_thesaurus.c:150:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ptr->res[nres].lexeme, b, e - b);
data/postgresql-12-12.4/src/backend/tsearch/spell.c:386:14:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sflag += sprintf(sflag, "%0d", s);
data/postgresql-12-12.4/src/backend/tsearch/spell.c:456:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		flag[BUFSIZ];
data/postgresql-12-12.4/src/backend/tsearch/spell.c:737:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		errstr[100];
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1062:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sbuf[BUFSIZ];
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1121:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sflag[BUFSIZ];
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1191:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		type[BUFSIZ],
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1193:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sflag[BUFSIZ];
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1194:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		mask[BUFSIZ],
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1196:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		find[BUFSIZ],
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1198:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		repl[BUFSIZ],
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1310:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				naffix = atoi(sflag);
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1421:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		flag[BUFSIZ];
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1422:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		mask[BUFSIZ];
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1423:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		find[BUFSIZ];
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1424:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		repl[BUFSIZ];
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1860:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
						memcpy(data->aff, aff, sizeof(AFFIX *) * naff);
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1881:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(data->aff, aff, sizeof(AFFIX *) * naff);
data/postgresql-12-12.4/src/backend/tsearch/spell.c:2174:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		newword[2 * MAXNORMLEN] = "";
data/postgresql-12-12.4/src/backend/tsearch/spell.c:2175:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pnewword[2 * MAXNORMLEN] = "";
data/postgresql-12-12.4/src/backend/tsearch/spell.c:2389:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		buf[MAXNORMLEN];
data/postgresql-12-12.4/src/backend/tsearch/spell.c:2403:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(buf, word + startpos, lenaff);
data/postgresql-12-12.4/src/backend/tsearch/to_tsany.c:199:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(str + stroff, prs->words[i].word, prs->words[i].len);
data/postgresql-12-12.4/src/backend/tsearch/ts_locale.c:39:2:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	wchar_t		character[WC_BUF_LEN];
data/postgresql-12-12.4/src/backend/tsearch/ts_locale.c:55:2:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	wchar_t		character[WC_BUF_LEN];
data/postgresql-12-12.4/src/backend/tsearch/ts_locale.c:71:2:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	wchar_t		character[WC_BUF_LEN];
data/postgresql-12-12.4/src/backend/tsearch/ts_locale.c:87:2:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	wchar_t		character[WC_BUF_LEN];
data/postgresql-12-12.4/src/backend/tsearch/ts_locale.c:209:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[4096];		/* lines must not be longer than this */
data/postgresql-12-12.4/src/backend/tsearch/ts_parse.c:452:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(prs->words[prs->curwords].word, buf, buflen);
data/postgresql-12-12.4/src/backend/tsearch/ts_parse.c:479:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&(prs->words[prs->curwords]), word, sizeof(HeadlineWordEntry));
data/postgresql-12-12.4/src/backend/tsearch/ts_parse.c:633:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(ptr, prs->fragdelim, prs->fragdelimlen);
data/postgresql-12-12.4/src/backend/tsearch/ts_parse.c:647:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(ptr, prs->startsel, prs->startsellen);
data/postgresql-12-12.4/src/backend/tsearch/ts_parse.c:650:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(ptr, wrd->word, wrd->len);
data/postgresql-12-12.4/src/backend/tsearch/ts_parse.c:654:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(ptr, prs->stopsel, prs->stopsellen);
data/postgresql-12-12.4/src/backend/tsearch/ts_typanalyze.c:270:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(item->key.lexeme, hash_key.lexeme, hash_key.length);
data/postgresql-12-12.4/src/backend/tsearch/ts_utils.c:36:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sharepath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/tsearch/wparser.c:90:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char	   *values[3];
data/postgresql-12-12.4/src/backend/tsearch/wparser.c:91:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		txtid[16];
data/postgresql-12-12.4/src/backend/tsearch/wparser.c:94:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(txtid, "%d", st->list[st->cur].lexid);
data/postgresql-12-12.4/src/backend/tsearch/wparser.c:203:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(st->list[st->cur].lexeme, lex, llen);
data/postgresql-12-12.4/src/backend/tsearch/wparser.c:234:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char	   *values[2];
data/postgresql-12-12.4/src/backend/tsearch/wparser.c:235:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		tid[16];
data/postgresql-12-12.4/src/backend/tsearch/wparser.c:239:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(tid, "%d", st->list[st->cur].type);
data/postgresql-12-12.4/src/backend/tsearch/wparser_def.c:275:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(res, prev, sizeof(TParserPosition));
data/postgresql-12-12.4/src/backend/utils/adt/acl.c:243:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		name[NAMEDATALEN];
data/postgresql-12-12.4/src/backend/utils/adt/acl.c:244:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		name2[NAMEDATALEN];
data/postgresql-12-12.4/src/backend/utils/adt/acl.c:413:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ACL_DAT(result_acl),
data/postgresql-12-12.4/src/backend/utils/adt/acl.c:433:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ACL_DAT(result_acl),
data/postgresql-12-12.4/src/backend/utils/adt/acl.c:437:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ACL_DAT(result_acl) + ACL_NUM(left_acl),
data/postgresql-12-12.4/src/backend/utils/adt/acl.c:618:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(p, "%u", aip->ai_grantee);
data/postgresql-12-12.4/src/backend/utils/adt/acl.c:646:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(p, "%u", aip->ai_grantor);
data/postgresql-12-12.4/src/backend/utils/adt/acl.c:968:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(new_acl, old_acl, ACL_SIZE(old_acl));
data/postgresql-12-12.4/src/backend/utils/adt/acl.c:978:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(new_aip, old_aip, num * sizeof(AclItem));
data/postgresql-12-12.4/src/backend/utils/adt/acl.c:1076:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(new_aip, old_aip, num * sizeof(AclItem));
data/postgresql-12-12.4/src/backend/utils/adt/acl.c:1177:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(acl, old_acl, ACL_SIZE(old_acl));
data/postgresql-12-12.4/src/backend/utils/adt/array_expanded.c:198:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(eah->dims, oldeah->dims, ndims * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/array_expanded.c:199:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(eah->lbound, oldeah->lbound, ndims * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/array_expanded.c:210:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(eah->dvalues, oldeah->dvalues, dvalueslen * sizeof(Datum));
data/postgresql-12-12.4/src/backend/utils/adt/array_expanded.c:215:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(eah->dnulls, oldeah->dnulls, dvalueslen * sizeof(bool));
data/postgresql-12-12.4/src/backend/utils/adt/array_expanded.c:308:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result, eah->fvalue, allocated_size);
data/postgresql-12-12.4/src/backend/utils/adt/array_expanded.c:331:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ARR_DIMS(aresult), eah->dims, ndims * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/array_expanded.c:332:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ARR_LBOUND(aresult), eah->lbound, ndims * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/array_userfuncs.c:366:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dims, dims2, ndims * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/array_userfuncs.c:367:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(lbs, lbs2, ndims * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/array_userfuncs.c:394:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dims, dims1, ndims * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/array_userfuncs.c:395:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(lbs, lbs1, ndims * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/array_userfuncs.c:432:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ARR_DIMS(result), dims, ndims * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/array_userfuncs.c:433:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ARR_LBOUND(result), lbs, ndims * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/array_userfuncs.c:435:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ARR_DATA_PTR(result), dat1, ndatabytes1);
data/postgresql-12-12.4/src/backend/utils/adt/array_userfuncs.c:436:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ARR_DATA_PTR(result) + ndatabytes1, dat2, ndatabytes2);
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:276:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			lBound[ndim] = atoi(p);
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:299:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ub = atoi(p);
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:408:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ARR_DIMS(retval), dim, ndim * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:409:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ARR_LBOUND(retval), lBound, ndim * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:1020:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *p,
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:1185:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(ptr, "[%d:%d]", lb[i], lb[i] + dims[i] - 1);
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:1406:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ARR_DIMS(retval), dim, ndim * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:1407:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ARR_LBOUND(retval), lBound, ndim * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:1680:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[MAXDIM * 33 + 1];
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:1692:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(p, "[%d:%d]", lb[i], dimv[i] + lb[i] - 1);
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:2147:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ARR_DIMS(newarray), span, ndim * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:2256:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(resultarray, DatumGetPointer(arraydatum), arraytyplen);
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:2317:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dim, ARR_DIMS(array), ndim * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:2318:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(lb, ARR_LBOUND(array), ndim * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:2420:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ARR_DIMS(newarray), dim, ndim * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:2421:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ARR_LBOUND(newarray), lb, ndim * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:2426:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((char *) newarray + overheadlen,
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:2432:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((char *) newarray + overheadlen + lenbefore + newitemlen,
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:2517:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dim, eah->dims, ndim * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:2518:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(lb, eah->lbound, ndim * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:2659:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(eah->dims, dim, ndim * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:2660:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(eah->lbound, lb, ndim * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:2693:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		oldValue = (char *) DatumGetPointer(dvalues[offset]);
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:2864:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dim, ARR_DIMS(array), ndim * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:2865:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(lb, ARR_LBOUND(array), ndim * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:3019:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ARR_DIMS(newarray), dim, ndim * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:3020:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ARR_LBOUND(newarray), lb, ndim * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:3036:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((char *) newarray + overheadlen,
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:3039:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((char *) newarray + overheadlen + lenbefore,
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:3042:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((char *) newarray + overheadlen + lenbefore + newitemsize,
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:3256:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ARR_DIMS(result), AARR_DIMS(v), ndim * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:3257:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ARR_LBOUND(result), AARR_LBOUND(v), ndim * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:3395:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ARR_DIMS(result), dims, ndims * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:3396:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ARR_LBOUND(result), lbs, ndims * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:4665:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(destptr, srcptr, numbytes);
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:5311:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&astate->dims[1], dims, ndims * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:5313:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&astate->lbs[1], lbs, ndims * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:5351:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(astate->data + astate->nbytes, data, ndatabytes);
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:5443:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ARR_DIMS(result), astate->dims, astate->ndims * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:5444:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ARR_LBOUND(result), astate->lbs, astate->ndims * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:5445:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ARR_DATA_PTR(result), astate->data, astate->nbytes);
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:5773:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ARR_DIMS(result), dimv, ndims * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:5774:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ARR_LBOUND(result), lbsv, ndims * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:6302:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ARR_DIMS(result), ARR_DIMS(array), ndim * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:6303:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ARR_LBOUND(result), ARR_LBOUND(array), ndim * sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:41:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[128];
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:314:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[128];
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:393:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(bufptr, ssymbol, strlen(ssymbol));
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:949:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[256];
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:963:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(buf, "minus ");
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:983:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, " quadrillion ");
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:989:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, " trillion ");
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:995:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, " billion ");
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:1001:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, " million ");
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:1007:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, " thousand ");
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:1014:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, "zero");
data/postgresql-12-12.4/src/backend/utils/adt/cryptohashes.c:36:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		hexsum[MD5_HASH_LEN + 1];
data/postgresql-12-12.4/src/backend/utils/adt/cryptohashes.c:59:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		hexsum[MD5_HASH_LEN + 1];
data/postgresql-12-12.4/src/backend/utils/adt/cryptohashes.c:82:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[PG_SHA224_DIGEST_LENGTH];
data/postgresql-12-12.4/src/backend/utils/adt/cryptohashes.c:94:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(VARDATA(result), buf, sizeof(buf));
data/postgresql-12-12.4/src/backend/utils/adt/cryptohashes.c:106:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[PG_SHA256_DIGEST_LENGTH];
data/postgresql-12-12.4/src/backend/utils/adt/cryptohashes.c:118:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(VARDATA(result), buf, sizeof(buf));
data/postgresql-12-12.4/src/backend/utils/adt/cryptohashes.c:130:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[PG_SHA384_DIGEST_LENGTH];
data/postgresql-12-12.4/src/backend/utils/adt/cryptohashes.c:142:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(VARDATA(result), buf, sizeof(buf));
data/postgresql-12-12.4/src/backend/utils/adt/cryptohashes.c:154:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[PG_SHA512_DIGEST_LENGTH];
data/postgresql-12-12.4/src/backend/utils/adt/cryptohashes.c:166:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(VARDATA(result), buf, sizeof(buf));
data/postgresql-12-12.4/src/backend/utils/adt/date.c:126:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *field[MAXDATEFIELDS];
data/postgresql-12-12.4/src/backend/utils/adt/date.c:128:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		workbuf[MAXDATELEN + 1];
data/postgresql-12-12.4/src/backend/utils/adt/date.c:186:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[MAXDATELEN + 1];
data/postgresql-12-12.4/src/backend/utils/adt/date.c:1186:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		workbuf[MAXDATELEN + 1];
data/postgresql-12-12.4/src/backend/utils/adt/date.c:1187:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *field[MAXDATEFIELDS];
data/postgresql-12-12.4/src/backend/utils/adt/date.c:1302:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[MAXDATELEN + 1];
data/postgresql-12-12.4/src/backend/utils/adt/date.c:2042:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		workbuf[MAXDATELEN + 1];
data/postgresql-12-12.4/src/backend/utils/adt/date.c:2043:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *field[MAXDATEFIELDS];
data/postgresql-12-12.4/src/backend/utils/adt/date.c:2070:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[MAXDATELEN + 1];
data/postgresql-12-12.4/src/backend/utils/adt/date.c:2769:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tzname[TZ_STRLEN_MAX + 1];
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:1675:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		upabbr[TZ_STRLEN_MAX + 1];
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:2340:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *field[MAXDATEFIELDS];
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:2815:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			tm->tm_mday = atoi(str + (len - 2));
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:2817:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			tm->tm_mon = atoi(str + (len - 4));
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:2819:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			tm->tm_year = atoi(str);
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:2834:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			tm->tm_sec = atoi(str + 4);
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:2836:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			tm->tm_min = atoi(str + 2);
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:2838:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			tm->tm_hour = atoi(str);
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:2847:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			tm->tm_min = atoi(str + 2);
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:2849:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			tm->tm_hour = atoi(str);
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:3914:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(str, " BC", 3);	/* Don't copy NUL */
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4026:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(str, " %.*s", MAXTZLEN, tzn);
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4053:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(str, " %.*s", MAXTZLEN, tzn);
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4066:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(str, days[tm->tm_wday], 3);
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4073:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(str, months[tm->tm_mon - 1], 3);
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4078:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(str, months[tm->tm_mon - 1], 3);
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4097:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(str, " %.*s", MAXTZLEN, tzn);
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4117:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(str, " BC", 3);	/* Don't copy NUL */
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4134:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(cp, "%d%c", value, units);
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4270:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(cp, "%c%d-%d %c%d %c%d:%02d:",
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4280:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(cp, "%d-%d", year, mon);
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4284:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(cp, "%d %d:%02d:", mday, hour, min);
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4291:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(cp, "%d:%02d:", hour, min);
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4305:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(cp, "PT0S");
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4380:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
				strcat(cp, " 0");
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4382:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
				strcat(cp, " ago");
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4627:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buffer[TOKMAXLEN + 1];
data/postgresql-12-12.4/src/backend/utils/adt/datum.c:161:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(resultptr, vl, realSize);
data/postgresql-12-12.4/src/backend/utils/adt/datum.c:174:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(resultptr, DatumGetPointer(value), realSize);
data/postgresql-12-12.4/src/backend/utils/adt/datum.c:387:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(*start_address, &header, sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/datum.c:395:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(*start_address, &value, sizeof(Datum));
data/postgresql-12-12.4/src/backend/utils/adt/datum.c:408:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(*start_address, tmp, header);
data/postgresql-12-12.4/src/backend/utils/adt/datum.c:416:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(*start_address, DatumGetPointer(value), header);
data/postgresql-12-12.4/src/backend/utils/adt/datum.c:436:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&header, *start_address, sizeof(int));
data/postgresql-12-12.4/src/backend/utils/adt/datum.c:454:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&val, *start_address, sizeof(Datum));
data/postgresql-12-12.4/src/backend/utils/adt/datum.c:462:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(d, *start_address, header);
data/postgresql-12-12.4/src/backend/utils/adt/dbsize.c:44:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		filename[MAXPGPATH * 2];
data/postgresql-12-12.4/src/backend/utils/adt/dbsize.c:88:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		dirpath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/utils/adt/dbsize.c:89:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pathname[MAXPGPATH + 21 + sizeof(TABLESPACE_VERSION_DIRECTORY)];
data/postgresql-12-12.4/src/backend/utils/adt/dbsize.c:169:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tblspcPath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/utils/adt/dbsize.c:170:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pathname[MAXPGPATH * 2];
data/postgresql-12-12.4/src/backend/utils/adt/dbsize.c:277:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pathname[MAXPGPATH];
data/postgresql-12-12.4/src/backend/utils/adt/dbsize.c:537:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[64];
data/postgresql-12-12.4/src/backend/utils/adt/expandeddatum.c:61:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(VARDATA_EXTERNAL(eohptr->eoh_rw_ptr), &ptr, sizeof(ptr));
data/postgresql-12-12.4/src/backend/utils/adt/expandeddatum.c:64:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(VARDATA_EXTERNAL(eohptr->eoh_ro_ptr), &ptr, sizeof(ptr));
data/postgresql-12-12.4/src/backend/utils/adt/expandedrecord.c:777:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(tuphdr, erh->fvalue->t_data, allocated_size);
data/postgresql-12-12.4/src/backend/utils/adt/expandedrecord.c:1204:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		oldValue = (char *) DatumGetPointer(dvalues[fnumber - 1]);
data/postgresql-12-12.4/src/backend/utils/adt/expandedrecord.c:1336:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				oldValue = (char *) DatumGetPointer(dvalues[fnumber]);
data/postgresql-12-12.4/src/backend/utils/adt/expandedrecord.c:1511:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dummy_erh->dvalues, erh->dvalues,
data/postgresql-12-12.4/src/backend/utils/adt/expandedrecord.c:1513:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dummy_erh->dnulls, erh->dnulls,
data/postgresql-12-12.4/src/backend/utils/adt/format_type.c:459:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(result, ", ");
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:161:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		character[MAX_MULTIBYTE_CHAR_LEN + 1];	/* if type is CHAR */
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:376:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		str[DCH_CACHE_SIZE + 1];
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:384:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		str[NUM_CACHE_SIZE + 1];
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:1322:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(n->character, str, chlen);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:1347:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(n->character, str, chlen);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2228:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		copy[DCH_MAX_ITEM_SIZ + 1];
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2489:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(s, "%0*d", S_FM(n->suffix) ? 0 : (tm->tm_hour >= 0) ? 2 : 3,
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2497:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(s, "%0*d", S_FM(n->suffix) ? 0 : (tm->tm_hour >= 0) ? 2 : 3,
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2504:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(s, "%0*d", S_FM(n->suffix) ? 0 : (tm->tm_min >= 0) ? 2 : 3,
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2511:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(s, "%0*d", S_FM(n->suffix) ? 0 : (tm->tm_sec >= 0) ? 2 : 3,
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2518:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(s, "%03d", (int) (in->fsec / INT64CONST(1000)));
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2524:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(s, "%06d", (int) in->fsec);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2530:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(s, "%d", tm->tm_hour * SECS_PER_HOUR +
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2559:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(s, "%c%02d",
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2566:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(s, "%02d",
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2572:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(s, "%c%0*d",
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2579:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(s, ":%02d",
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2726:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(s, "%0*d", S_FM(n->suffix) ? 0 : (tm->tm_mon >= 0) ? 2 : 3,
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2839:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(s, "%0*d", S_FM(n->suffix) ? 0 : 3,
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2848:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(s, "%0*d", S_FM(n->suffix) ? 0 : 2, tm->tm_mday);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2855:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(s, "%d", tm->tm_wday + 1);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2862:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(s, "%d", (tm->tm_wday == 0) ? 7 : tm->tm_wday);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2868:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(s, "%0*d", S_FM(n->suffix) ? 0 : 2,
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2875:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(s, "%0*d", S_FM(n->suffix) ? 0 : 2,
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2884:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(s, "%d", (tm->tm_mon - 1) / 3 + 1);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2902:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(s, "%0*d", S_FM(n->suffix) ? 0 : (i >= 0) ? 2 : 3, i);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2904:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(s, "%d", i);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2911:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(s, "%d,%03d", i,
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2919:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(s, "%0*d",
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2934:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(s, "%0*d",
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2949:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(s, "%0*d",
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2964:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(s, "%1d",
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2990:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(s, "%d", (tm->tm_mday - 1) / 7 + 1);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2996:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(s, "%d", date2j(tm->tm_year, tm->tm_mon, tm->tm_mday));
data/postgresql-12-12.4/src/backend/utils/adt/genfile.c:168:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char	rbuf[1];
data/postgresql-12-12.4/src/backend/utils/adt/genfile.c:625:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		path[MAXPGPATH * 2];
data/postgresql-12-12.4/src/backend/utils/adt/genfile.c:680:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/utils/adt/geo_spgist.c:209:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(next_rect_box, rect_box, sizeof(RectBox));
data/postgresql-12-12.4/src/backend/utils/adt/geo_spgist.c:599:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(out->distances[i], distances,
data/postgresql-12-12.4/src/backend/utils/adt/inet_cidr_ntop.c:176:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char inbuf[16];
data/postgresql-12-12.4/src/backend/utils/adt/inet_cidr_ntop.c:177:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		outbuf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:255.255.255.255/128")];
data/postgresql-12-12.4/src/backend/utils/adt/inet_cidr_ntop.c:200:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(inbuf, src, p);
data/postgresql-12-12.4/src/backend/utils/adt/inet_net_pton.c:553:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dst, tmp, NS_IN6ADDRSZ);
data/postgresql-12-12.4/src/backend/utils/adt/int.c:121:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result->values, int2s, n * sizeof(int16));
data/postgresql-12-12.4/src/backend/utils/adt/int8.c:152:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[MAXINT8LEN + 1];
data/postgresql-12-12.4/src/backend/utils/adt/json.c:155:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(tokstr, lex->token_start, len);
data/postgresql-12-12.4/src/backend/utils/adt/json.c:377:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&copylex, lex, sizeof(JsonLexContext));
data/postgresql-12-12.4/src/backend/utils/adt/json.c:834:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char		utf8str[5];
data/postgresql-12-12.4/src/backend/utils/adt/json.c:1142:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(token, lex->token_start, toklen);
data/postgresql-12-12.4/src/backend/utils/adt/json.c:1241:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(token, lex->token_start, toklen);
data/postgresql-12-12.4/src/backend/utils/adt/json.c:1309:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ctxt, context_start, ctxtlen);
data/postgresql-12-12.4/src/backend/utils/adt/json.c:1334:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(res, s, len);
data/postgresql-12-12.4/src/backend/utils/adt/json.c:1507:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char		buf[MAXDATELEN + 1];
data/postgresql-12-12.4/src/backend/utils/adt/json.c:1515:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char		buf[MAXDATELEN + 1];
data/postgresql-12-12.4/src/backend/utils/adt/json.c:1523:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char		buf[MAXDATELEN + 1];
data/postgresql-12-12.4/src/backend/utils/adt/json.c:2165:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(VARDATA(result), buffer->data, buflen);
data/postgresql-12-12.4/src/backend/utils/adt/json.c:2166:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(VARDATA(result) + buflen, addon, addlen);
data/postgresql-12-12.4/src/backend/utils/adt/jsonb_gin.c:1330:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		hashbuf[10];
data/postgresql-12-12.4/src/backend/utils/adt/jsonb_gin.c:1353:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(VARDATA(item) + 1, str, len);
data/postgresql-12-12.4/src/backend/utils/adt/jsonb_util.c:109:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(VARDATA(out), val->val.binary.data, val->val.binary.len);
data/postgresql-12-12.4/src/backend/utils/adt/jsonb_util.c:1404:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffer->data + offset, data, len);
data/postgresql-12-12.4/src/backend/utils/adt/jsonb_util.c:1841:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(res, ptr, sizeof(JsonbPair));
data/postgresql-12-12.4/src/backend/utils/adt/jsonfuncs.c:141:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fname[NAMEDATALEN]; /* hash key (MUST BE FIRST) */
data/postgresql-12-12.4/src/backend/utils/adt/jsonfuncs.c:551:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(cstr, v.val.string.val, v.val.string.len);
data/postgresql-12-12.4/src/backend/utils/adt/jsonfuncs.c:2809:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(str, json, len);
data/postgresql-12-12.4/src/backend/utils/adt/jsonfuncs.c:3475:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(val, _state->save_json_start, len);
data/postgresql-12-12.4/src/backend/utils/adt/jsonfuncs.c:3902:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(val, _state->save_json_start, len);
data/postgresql-12-12.4/src/backend/utils/adt/jsonpath_gram.c:1059:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/postgresql-12-12.4/src/backend/utils/adt/jsonpath_gram.c:1253:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char yymsgbuf[128];
data/postgresql-12-12.4/src/backend/utils/adt/jsonpath_scan.c:4110:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(scanbuf, str, slen);
data/postgresql-12-12.4/src/backend/utils/adt/jsonpath_scan.c:4157:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(scanstring.val + scanstring.len, s, l);
data/postgresql-12-12.4/src/backend/utils/adt/jsonpath_scan.c:4222:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char utf8str[5];
data/postgresql-12-12.4/src/backend/utils/adt/like_match.c:302:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(result, pat, VARSIZE_ANY(pat));
data/postgresql-12-12.4/src/backend/utils/adt/like_support.c:989:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(patt, VARDATA_ANY(bstr), pattlen);
data/postgresql-12-12.4/src/backend/utils/adt/like_support.c:1540:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(workstr, VARDATA_ANY(bstr), len);
data/postgresql-12-12.4/src/backend/utils/adt/like_support.c:1579:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(cmptxt, workstr, len);
data/postgresql-12-12.4/src/backend/utils/adt/like_support.c:1588:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(VARDATA(cmptxt), workstr, len);
data/postgresql-12-12.4/src/backend/utils/adt/like_support.c:1738:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(VARDATA(bstr), str, str_len);
data/postgresql-12-12.4/src/backend/utils/adt/lockfuncs.c:70:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		vxidstr[32];
data/postgresql-12-12.4/src/backend/utils/adt/lockfuncs.c:162:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		tnbuf[32];
data/postgresql-12-12.4/src/backend/utils/adt/mac.c:66:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		junk[2];
data/postgresql-12-12.4/src/backend/utils/adt/mac.c:512:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&res, authoritative, sizeof(macaddr));
data/postgresql-12-12.4/src/backend/utils/adt/mac.c:514:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&res, authoritative, SIZEOF_DATUM);
data/postgresql-12-12.4/src/backend/utils/adt/mac8.c:40:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const signed char hexlookup[128] = {
data/postgresql-12-12.4/src/backend/utils/adt/misc.c:307:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sourcepath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/utils/adt/misc.c:308:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		targetpath[MAXPGPATH];
data/postgresql-12-12.4/src/backend/utils/adt/misc.c:437:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char	   *values[3];
data/postgresql-12-12.4/src/backend/utils/adt/misc.c:741:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		lbuffer[MAXPGPATH];
data/postgresql-12-12.4/src/backend/utils/adt/name.c:62:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(NameStr(*result), s, len);
data/postgresql-12-12.4/src/backend/utils/adt/name.c:97:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(result, str, nbytes);
data/postgresql-12-12.4/src/backend/utils/adt/name.c:382:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		suffix[20];
data/postgresql-12-12.4/src/backend/utils/adt/name.c:395:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(NameStr(*result), NameStr(*nam), namlen);
data/postgresql-12-12.4/src/backend/utils/adt/name.c:396:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(NameStr(*result) + namlen, suffix, suflen);
data/postgresql-12-12.4/src/backend/utils/adt/network.c:118:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tmp[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:255.255.255.255/128")];
data/postgresql-12-12.4/src/backend/utils/adt/network.c:315:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dst, src, VARSIZE_ANY(src));
data/postgresql-12-12.4/src/backend/utils/adt/network.c:355:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ip_addr(dst), ip_addr(src), (bits + 7) / 8);
data/postgresql-12-12.4/src/backend/utils/adt/network.c:793:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tmp[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:255.255.255.255/128")];
data/postgresql-12-12.4/src/backend/utils/adt/network.c:819:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tmp[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:255.255.255.255/128")];
data/postgresql-12-12.4/src/backend/utils/adt/network.c:842:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tmp[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:255.255.255.255/128")];
data/postgresql-12-12.4/src/backend/utils/adt/network.c:860:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tmp[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:255.255.255.255/128")];
data/postgresql-12-12.4/src/backend/utils/adt/network.c:1335:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		remote_host[NI_MAXHOST];
data/postgresql-12-12.4/src/backend/utils/adt/network.c:1374:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		remote_port[NI_MAXSERV];
data/postgresql-12-12.4/src/backend/utils/adt/network.c:1411:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		local_host[NI_MAXHOST];
data/postgresql-12-12.4/src/backend/utils/adt/network.c:1450:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		local_port[NI_MAXSERV];
data/postgresql-12-12.4/src/backend/utils/adt/network_gist.c:84:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char ipaddr[16];	/* up to 128 bits of common address */
data/postgresql-12-12.4/src/backend/utils/adt/network_gist.c:485:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(gk_ip_addr(result), addr, (commonbits + 7) / 8);
data/postgresql-12-12.4/src/backend/utils/adt/network_gist.c:559:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(gk_ip_addr(r), ip_addr(in), gk_ip_addrsize(r));
data/postgresql-12-12.4/src/backend/utils/adt/network_gist.c:600:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ip_addr(dst), gk_ip_addr(key), ip_addrsize(dst));
data/postgresql-12-12.4/src/backend/utils/adt/numeric.c:980:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(new, num, VARSIZE(num));
data/postgresql-12-12.4/src/backend/utils/adt/numeric.c:1005:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(new, num, VARSIZE(num));
data/postgresql-12-12.4/src/backend/utils/adt/numeric.c:1116:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(res, num, VARSIZE(num));
data/postgresql-12-12.4/src/backend/utils/adt/numeric.c:1144:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(res, num, VARSIZE(num));
data/postgresql-12-12.4/src/backend/utils/adt/numeric.c:1176:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(res, num, VARSIZE(num));
data/postgresql-12-12.4/src/backend/utils/adt/numeric.c:1719:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(VARDATA(buf), VARDATA_SHORT(original_varatt), sz);
data/postgresql-12-12.4/src/backend/utils/adt/numeric.c:3379:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[DBL_DIG + 100];
data/postgresql-12-12.4/src/backend/utils/adt/numeric.c:3450:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[FLT_DIG + 100];
data/postgresql-12-12.4/src/backend/utils/adt/numeric.c:5940:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dest->digits, NUMERIC_DIGITS(num), ndigits * sizeof(NumericDigit));
data/postgresql-12-12.4/src/backend/utils/adt/numeric.c:5983:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(newbuf + 1, value->digits,
data/postgresql-12-12.4/src/backend/utils/adt/numeric.c:6309:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(NUMERIC_DIGITS(result), digits, n * sizeof(NumericDigit));
data/postgresql-12-12.4/src/backend/utils/adt/numeric.c:7301:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dividend + 1, var1->digits, var1ndigits * sizeof(NumericDigit));
data/postgresql-12-12.4/src/backend/utils/adt/numeric.c:7302:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(divisor + 1, var2->digits, var2ndigits * sizeof(NumericDigit));
data/postgresql-12-12.4/src/backend/utils/adt/numeric.c:9343:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&new_pos_digits[weightdiff], accum->pos_digits,
data/postgresql-12-12.4/src/backend/utils/adt/numeric.c:9347:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&new_neg_digits[weightdiff], accum->neg_digits,
data/postgresql-12-12.4/src/backend/utils/adt/numeric.c:9430:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dst->pos_digits, src->pos_digits, src->ndigits * sizeof(int32));
data/postgresql-12-12.4/src/backend/utils/adt/numeric.c:9431:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dst->neg_digits, src->neg_digits, src->ndigits * sizeof(int32));
data/postgresql-12-12.4/src/backend/utils/adt/numutils.c:296:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(a, "-2147483648", 12);
data/postgresql-12-12.4/src/backend/utils/adt/numutils.c:350:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(a, "-9223372036854775808", 21);
data/postgresql-12-12.4/src/backend/utils/adt/oid.c:174:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result->values, oids, n * sizeof(Oid));
data/postgresql-12-12.4/src/backend/utils/adt/oid.c:245:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(rp, "%u", oidArray->values[num]);
data/postgresql-12-12.4/src/backend/utils/adt/oracle_compat.c:199:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr_ret, ptr2, mlen);
data/postgresql-12-12.4/src/backend/utils/adt/oracle_compat.c:212:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr_ret, ptr1, mlen);
data/postgresql-12-12.4/src/backend/utils/adt/oracle_compat.c:295:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr_ret, ptr1, mlen);
data/postgresql-12-12.4/src/backend/utils/adt/oracle_compat.c:307:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr_ret, ptr2, mlen);
data/postgresql-12-12.4/src/backend/utils/adt/oracle_compat.c:599:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(VARDATA(ret), ptr, m);
data/postgresql-12-12.4/src/backend/utils/adt/oracle_compat.c:793:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(target, p, len);
data/postgresql-12-12.4/src/backend/utils/adt/oracle_compat.c:802:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(target, source, source_len);
data/postgresql-12-12.4/src/backend/utils/adt/oracle_compat.c:1063:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(cp, sp, slen);
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:96:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	   *localized_abbrev_days[7];
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:97:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	   *localized_full_days[7];
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:98:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	   *localized_abbrev_months[12];
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:99:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	   *localized_full_months[12];
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:109:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char lc_collate_envbuf[LC_ENV_BUFSIZE];
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:110:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char lc_ctype_envbuf[LC_ENV_BUFSIZE];
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:113:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char lc_messages_envbuf[LC_ENV_BUFSIZE];
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:115:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char lc_monetary_envbuf[LC_ENV_BUFSIZE];
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:116:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char lc_numeric_envbuf[LC_ENV_BUFSIZE];
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:117:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char lc_time_envbuf[LC_ENV_BUFSIZE];
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:196:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		static char save_lc_ctype[LC_ENV_BUFSIZE];
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:704:2:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	wchar_t		wformat[8];		/* formats used below need 3 chars */
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:705:2:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	wchar_t		wbuf[MAX_L10N_DATA];
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:711:8:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
	len = MultiByteToWideChar(CP_UTF8, 0, format, -1,
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:773:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[(2 * 7 + 2 * 12) * MAX_L10N_DATA];
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:999:2:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	wchar_t		test_locale[LOCALE_NAME_MAX_LENGTH];
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:1065:2:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	wchar_t		wc_locale_name[LOCALE_NAME_MAX_LENGTH];
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:1066:2:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	wchar_t		buffer[LOCALE_NAME_MAX_LENGTH];
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:1067:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char iso_lc_messages[LOCALE_NAME_MAX_LENGTH];
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:1087:2:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
	MultiByteToWideChar(CP_ACP, 0, winlocname, len, wc_locale_name,
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:1102:3:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		wchar_t    *argv[3];
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:1140:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char iso_lc_messages[32];
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:1184:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		isolang[32],
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:1225:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[32];
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:1696:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		buf[U_MAX_VERSION_STRING_LENGTH];
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:2031:13:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
			result = MultiByteToWideChar(CP_UTF8, 0, from, fromlen, to, tolen - 1);
data/postgresql-12-12.4/src/backend/utils/adt/pg_lsn.c:80:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[MAXPG_LSNLEN + 1];
data/postgresql-12-12.4/src/backend/utils/adt/pg_lsn.c:213:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[256];
data/postgresql-12-12.4/src/backend/utils/adt/pgstatfuncs.c:773:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char		remote_host[NI_MAXHOST];
data/postgresql-12-12.4/src/backend/utils/adt/pgstatfuncs.c:774:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char		remote_port[NI_MAXSERV];
data/postgresql-12-12.4/src/backend/utils/adt/pgstatfuncs.c:794:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
						values[14] = Int32GetDatum(atoi(remote_port));
data/postgresql-12-12.4/src/backend/utils/adt/pgstatfuncs.c:1118:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		remote_host[NI_MAXHOST];
data/postgresql-12-12.4/src/backend/utils/adt/pgstatfuncs.c:1165:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		remote_port[NI_MAXSERV];
data/postgresql-12-12.4/src/backend/utils/adt/rangetypes.c:2455:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(ptr, val, data_length);
data/postgresql-12-12.4/src/backend/utils/adt/rangetypes.c:2463:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(ptr + 1, VARDATA(val), data_length - 1);
data/postgresql-12-12.4/src/backend/utils/adt/rangetypes.c:2470:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(ptr, val, data_length);
data/postgresql-12-12.4/src/backend/utils/adt/rangetypes.c:2478:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr, DatumGetPointer(datum), data_length);
data/postgresql-12-12.4/src/backend/utils/adt/rangetypes.c:2486:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr, DatumGetPointer(datum), data_length);
data/postgresql-12-12.4/src/backend/utils/adt/rangetypes_gist.c:1101:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(by_upper, by_lower, nentries * sizeof(NonEmptyRange));
data/postgresql-12-12.4/src/backend/utils/adt/regexp.c:146:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		errMsg[100];
data/postgresql-12-12.4/src/backend/utils/adt/regexp.c:225:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(re_temp.cre_pat, text_re_val, text_re_len);
data/postgresql-12-12.4/src/backend/utils/adt/regexp.c:270:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		errMsg[100];
data/postgresql-12-12.4/src/backend/utils/adt/regexp.c:779:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(r, p, mblen);
data/postgresql-12-12.4/src/backend/utils/adt/regexp.c:795:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(r, p, mblen);
data/postgresql-12-12.4/src/backend/utils/adt/regexp.c:1456:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		errMsg[100];
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:347:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		pkrelname[MAX_QUOTED_REL_NAME_LEN];
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:348:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		attname[MAX_QUOTED_NAME_LEN];
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:349:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		paramname[16];
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:376:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(paramname, "$%d", i + 1);
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:475:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		pkrelname[MAX_QUOTED_REL_NAME_LEN];
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:476:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		attname[MAX_QUOTED_NAME_LEN];
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:477:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		paramname[16];
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:503:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(paramname, "$%d", i + 1);
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:662:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		fkrelname[MAX_QUOTED_REL_NAME_LEN];
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:663:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		attname[MAX_QUOTED_NAME_LEN];
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:664:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		paramname[16];
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:693:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(paramname, "$%d", i + 1);
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:769:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		fkrelname[MAX_QUOTED_REL_NAME_LEN];
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:770:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		attname[MAX_QUOTED_NAME_LEN];
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:771:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		paramname[16];
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:799:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(paramname, "$%d", i + 1);
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:879:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		fkrelname[MAX_QUOTED_REL_NAME_LEN];
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:880:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		attname[MAX_QUOTED_NAME_LEN];
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:881:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		paramname[16];
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:918:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(paramname, "$%d", j + 1);
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:1060:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		fkrelname[MAX_QUOTED_REL_NAME_LEN];
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:1061:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		attname[MAX_QUOTED_NAME_LEN];
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:1062:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		paramname[16];
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:1098:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(paramname, "$%d", i + 1);
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:1301:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pkrelname[MAX_QUOTED_REL_NAME_LEN];
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:1302:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fkrelname[MAX_QUOTED_REL_NAME_LEN];
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:1303:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pkattname[MAX_QUOTED_NAME_LEN + 3];
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:1304:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fkattname[MAX_QUOTED_NAME_LEN + 3];
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:1311:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		workmembuf[32];
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:1400:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(pkattname, "pk.");
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:1401:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(fkattname, "fk.");
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:1521:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&fake_riinfo, riinfo, sizeof(RI_ConstraintInfo));
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:1577:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pkrelname[MAX_QUOTED_REL_NAME_LEN];
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:1578:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fkrelname[MAX_QUOTED_REL_NAME_LEN];
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:1579:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pkattname[MAX_QUOTED_NAME_LEN + 3];
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:1580:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fkattname[MAX_QUOTED_NAME_LEN + 3];
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:1584:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		workmembuf[32];
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:1630:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(pkattname, "pk.");
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:1631:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(fkattname, "fk.");
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:1756:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&fake_riinfo, riinfo, sizeof(RI_ConstraintInfo));
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:1857:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		onename[MAX_QUOTED_NAME_LEN];
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:2048:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&riinfo->conname, &conForm->conname, sizeof(NameData));
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:2193:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		nulls[RI_MAX_NUMKEYS * 2];
data/postgresql-12-12.4/src/backend/utils/adt/rowtypes.c:287:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(result, tuple->t_data, tuple->t_len);
data/postgresql-12-12.4/src/backend/utils/adt/rowtypes.c:635:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(result, tuple->t_data, tuple->t_len);
data/postgresql-12-12.4/src/backend/utils/adt/ruleutils.c:287:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		name[NAMEDATALEN];	/* Hash key --- must be first */
data/postgresql-12-12.4/src/backend/utils/adt/ruleutils.c:523:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		nulls[1];
data/postgresql-12-12.4/src/backend/utils/adt/ruleutils.c:716:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		nulls[2];
data/postgresql-12-12.4/src/backend/utils/adt/ruleutils.c:2472:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(NameStr(*result), "unknown (OID=%u)", roleid);
data/postgresql-12-12.4/src/backend/utils/adt/ruleutils.c:3516:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
						memcpy(modname, refname, refnamelen);
data/postgresql-12-12.4/src/backend/utils/adt/ruleutils.c:3517:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
						sprintf(modname + refnamelen, "_%d", hentry->counter);
data/postgresql-12-12.4/src/backend/utils/adt/ruleutils.c:4396:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(modname, colname, colnamelen);
data/postgresql-12-12.4/src/backend/utils/adt/ruleutils.c:4397:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(modname + colnamelen, "_%d", i);
data/postgresql-12-12.4/src/backend/utils/adt/selfuncs.c:4175:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		x[1];
data/postgresql-12-12.4/src/backend/utils/adt/tid.c:58:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *p,
data/postgresql-12-12.4/src/backend/utils/adt/tid.c:112:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[32];
data/postgresql-12-12.4/src/backend/utils/adt/timestamp.c:160:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *field[MAXDATEFIELDS];
data/postgresql-12-12.4/src/backend/utils/adt/timestamp.c:162:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		workbuf[MAXDATELEN + MAXDATEFIELDS];
data/postgresql-12-12.4/src/backend/utils/adt/timestamp.c:214:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[MAXDATELEN + 1];
data/postgresql-12-12.4/src/backend/utils/adt/timestamp.c:403:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *field[MAXDATEFIELDS];
data/postgresql-12-12.4/src/backend/utils/adt/timestamp.c:405:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		workbuf[MAXDATELEN + MAXDATEFIELDS];
data/postgresql-12-12.4/src/backend/utils/adt/timestamp.c:456:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tzname[TZ_STRLEN_MAX + 1];
data/postgresql-12-12.4/src/backend/utils/adt/timestamp.c:756:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[MAXDATELEN + 1];
data/postgresql-12-12.4/src/backend/utils/adt/timestamp.c:878:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *field[MAXDATEFIELDS];
data/postgresql-12-12.4/src/backend/utils/adt/timestamp.c:880:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		workbuf[256];
data/postgresql-12-12.4/src/backend/utils/adt/timestamp.c:945:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[MAXDATELEN + 1];
data/postgresql-12-12.4/src/backend/utils/adt/timestamp.c:1609:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		templ[128];
data/postgresql-12-12.4/src/backend/utils/adt/timestamp.c:1610:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[128];
data/postgresql-12-12.4/src/backend/utils/adt/timestamp.c:1722:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[MAXDATELEN + 1];
data/postgresql-12-12.4/src/backend/utils/adt/timestamp.c:4093:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tzname[TZ_STRLEN_MAX + 1];
data/postgresql-12-12.4/src/backend/utils/adt/timestamp.c:5019:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tzname[TZ_STRLEN_MAX + 1];
data/postgresql-12-12.4/src/backend/utils/adt/timestamp.c:5234:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tzname[TZ_STRLEN_MAX + 1];
data/postgresql-12-12.4/src/backend/utils/adt/tsgistidx.c:31:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef char BITVEC[SIGLEN];
data/postgresql-12-12.4/src/backend/utils/adt/tsgistidx.c:56:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		data[FLEXIBLE_ARRAY_MEMBER];
data/postgresql-12-12.4/src/backend/utils/adt/tsgistidx.c:421:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((void *) GETSIGN(result), (void *) base, sizeof(BITVEC));
data/postgresql-12-12.4/src/backend/utils/adt/tsgistidx.c:565:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((void *) item->sign, (void *) GETSIGN(key), sizeof(BITVEC));
data/postgresql-12-12.4/src/backend/utils/adt/tsgistidx.c:678:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((void *) GETSIGN(datum_l), (void *) cache[seed_1].sign, sizeof(BITVEC));
data/postgresql-12-12.4/src/backend/utils/adt/tsgistidx.c:691:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((void *) GETSIGN(datum_r), (void *) cache[seed_2].sign, sizeof(BITVEC));
data/postgresql-12-12.4/src/backend/utils/adt/tsquery.c:618:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((void *) state->curop, (void *) strval, lenval);
data/postgresql-12-12.4/src/backend/utils/adt/tsquery.c:899:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&ptr[i], item, sizeof(QueryOperand));
data/postgresql-12-12.4/src/backend/utils/adt/tsquery.c:905:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&ptr[i], item, sizeof(QueryOperator));
data/postgresql-12-12.4/src/backend/utils/adt/tsquery.c:914:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((void *) GETOPERAND(query), (void *) state.op, state.sumlen);
data/postgresql-12-12.4/src/backend/utils/adt/tsquery.c:1051:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(in->cur, "( ");
data/postgresql-12-12.4/src/backend/utils/adt/tsquery.c:1064:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(in->cur, " )");
data/postgresql-12-12.4/src/backend/utils/adt/tsquery.c:1083:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(in->cur, "( ");
data/postgresql-12-12.4/src/backend/utils/adt/tsquery.c:1125:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(in->cur, " )");
data/postgresql-12-12.4/src/backend/utils/adt/tsquery.c:1328:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(ptr, operands[i], item->qoperand.length + 1);
data/postgresql-12-12.4/src/backend/utils/adt/tsquery_cleanup.c:71:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((void *) &(state->ptr[state->cur]), (void *) node->valnode, sizeof(QueryItem));
data/postgresql-12-12.4/src/backend/utils/adt/tsquery_cleanup.c:426:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(GETQUERY(out), items, len * sizeof(QueryItem));
data/postgresql-12-12.4/src/backend/utils/adt/tsquery_cleanup.c:437:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(operands, GETOPERAND(in) + op->distance, op->length);
data/postgresql-12-12.4/src/backend/utils/adt/tsquery_op.c:284:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(val, operand + ptr->qoperand.distance, len);
data/postgresql-12-12.4/src/backend/utils/adt/tsquery_util.c:234:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(in->child + i, cc->child, cc->nchild * sizeof(QTNode *));
data/postgresql-12-12.4/src/backend/utils/adt/tsquery_util.c:329:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(state->curitem, in->valnode, sizeof(QueryOperand));
data/postgresql-12-12.4/src/backend/utils/adt/tsquery_util.c:331:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(state->curoperand, in->word, in->valnode->qoperand.length);
data/postgresql-12-12.4/src/backend/utils/adt/tsquery_util.c:343:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(state->curitem, in->valnode, sizeof(QueryOperator));
data/postgresql-12-12.4/src/backend/utils/adt/tsquery_util.c:412:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(out->word, in->word, in->valnode->qoperand.length);
data/postgresql-12-12.4/src/backend/utils/adt/tsvector.c:129:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(res, ptr, sizeof(WordEntryIN));
data/postgresql-12-12.4/src/backend/utils/adt/tsvector.c:140:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&res->pos[res->poslen], ptr->pos,
data/postgresql-12-12.4/src/backend/utils/adt/tsvector.c:243:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((void *) cur, (void *) token, toklen);
data/postgresql-12-12.4/src/backend/utils/adt/tsvector.c:282:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(strbuf + stroff, &tmpbuf[arr[i].entry.pos], arr[i].entry.len);
data/postgresql-12-12.4/src/backend/utils/adt/tsvector.c:296:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(strbuf + stroff, arr[i].pos, arr[i].poslen * sizeof(WordEntryPos));
data/postgresql-12-12.4/src/backend/utils/adt/tsvector.c:359:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				curout += sprintf(curout, "%d", WEP_GETPOS(*wptr));
data/postgresql-12-12.4/src/backend/utils/adt/tsvector.c:503:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(STRPTR(vec) + datalen, lexeme, lex_len);
data/postgresql-12-12.4/src/backend/utils/adt/tsvector.c:529:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(STRPTR(vec) + datalen, &npos, sizeof(uint16));
data/postgresql-12-12.4/src/backend/utils/adt/tsvector_op.c:51:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		lexeme[FLEXIBLE_ARRAY_MEMBER];
data/postgresql-12-12.4/src/backend/utils/adt/tsvector_op.c:191:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(cur, STRPTR(in) + arrin[i].pos, arrin[i].len);
data/postgresql-12-12.4/src/backend/utils/adt/tsvector_op.c:248:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(out, in, VARSIZE(in));
data/postgresql-12-12.4/src/backend/utils/adt/tsvector_op.c:314:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tsout, tsin, VARSIZE(tsin));
data/postgresql-12-12.4/src/backend/utils/adt/tsvector_op.c:531:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dataout + curoff, data + arrin[i].pos, arrin[i].len);
data/postgresql-12-12.4/src/backend/utils/adt/tsvector_op.c:542:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(dataout + curoff,
data/postgresql-12-12.4/src/backend/utils/adt/tsvector_op.c:822:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(cur, lex, lex_len);
data/postgresql-12-12.4/src/backend/utils/adt/tsvector_op.c:925:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dataout + cur_pos, datain + arrin[i].pos, arrin[i].len);
data/postgresql-12-12.4/src/backend/utils/adt/tsvector_op.c:1017:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(data + dataoff, data1 + ptr1->pos, ptr1->len);
data/postgresql-12-12.4/src/backend/utils/adt/tsvector_op.c:1023:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(data + dataoff, _POSVECPTR(in1, ptr1), POSDATALEN(in1, ptr1) * sizeof(WordEntryPos) + sizeof(uint16));
data/postgresql-12-12.4/src/backend/utils/adt/tsvector_op.c:1035:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(data + dataoff, data2 + ptr2->pos, ptr2->len);
data/postgresql-12-12.4/src/backend/utils/adt/tsvector_op.c:1059:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(data + dataoff, data1 + ptr1->pos, ptr1->len);
data/postgresql-12-12.4/src/backend/utils/adt/tsvector_op.c:1067:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(data + dataoff, _POSVECPTR(in1, ptr1), POSDATALEN(in1, ptr1) * sizeof(WordEntryPos) + sizeof(uint16));
data/postgresql-12-12.4/src/backend/utils/adt/tsvector_op.c:1098:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(data + dataoff, data1 + ptr1->pos, ptr1->len);
data/postgresql-12-12.4/src/backend/utils/adt/tsvector_op.c:1104:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(data + dataoff, _POSVECPTR(in1, ptr1), POSDATALEN(in1, ptr1) * sizeof(WordEntryPos) + sizeof(uint16));
data/postgresql-12-12.4/src/backend/utils/adt/tsvector_op.c:1117:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(data + dataoff, data2 + ptr2->pos, ptr2->len);
data/postgresql-12-12.4/src/backend/utils/adt/tsvector_op.c:1397:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(allpos + npos, data->pos, sizeof(WordEntryPos) * data->npos);
data/postgresql-12-12.4/src/backend/utils/adt/tsvector_op.c:2166:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(node->lexeme, STRPTR(txt) + we->pos, node->lenlexeme);
data/postgresql-12-12.4/src/backend/utils/adt/tsvector_op.c:2360:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char	   *values[3];
data/postgresql-12-12.4/src/backend/utils/adt/tsvector_op.c:2361:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		ndoc[16];
data/postgresql-12-12.4/src/backend/utils/adt/tsvector_op.c:2362:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		nentry[16];
data/postgresql-12-12.4/src/backend/utils/adt/tsvector_op.c:2366:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(values[0], entry->lexeme, entry->lenlexeme);
data/postgresql-12-12.4/src/backend/utils/adt/tsvector_op.c:2368:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(ndoc, "%d", entry->ndoc);
data/postgresql-12-12.4/src/backend/utils/adt/tsvector_op.c:2370:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(nentry, "%d", entry->nentry);
data/postgresql-12-12.4/src/backend/utils/adt/tsvector_parser.c:313:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				WEP_SETPOS(pos[npos - 1], LIMITPOS(atoi(state->prsbuf)));
data/postgresql-12-12.4/src/backend/utils/adt/txid.c:717:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(snap, arg, VARSIZE(arg));
data/postgresql-12-12.4/src/backend/utils/adt/uuid.c:105:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		str_buf[3];
data/postgresql-12-12.4/src/backend/utils/adt/uuid.c:109:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(str_buf, src, 2);
data/postgresql-12-12.4/src/backend/utils/adt/uuid.c:147:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(uuid->data, pq_getmsgbytes(buffer, UUID_LEN), UUID_LEN);
data/postgresql-12-12.4/src/backend/utils/adt/uuid.c:374:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&res, authoritative->data, sizeof(Datum));
data/postgresql-12-12.4/src/backend/utils/adt/varbit.c:414:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(VARBITS(result), VARBITS(arg),
data/postgresql-12-12.4/src/backend/utils/adt/varbit.c:764:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(VARBITS(result), VARBITS(arg), VARBITBYTES(result));
data/postgresql-12-12.4/src/backend/utils/adt/varbit.c:1002:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(VARBITS(result), VARBITS(arg1), VARBITBYTES(arg1));
data/postgresql-12-12.4/src/backend/utils/adt/varbit.c:1008:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(VARBITS(result) + VARBITBYTES(arg1), VARBITS(arg2),
data/postgresql-12-12.4/src/backend/utils/adt/varbit.c:1113:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(VARBITS(result), VARBITS(arg) + (s1 - 1) / BITS_PER_BYTE,
data/postgresql-12-12.4/src/backend/utils/adt/varbit.c:1414:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(r, p, len);
data/postgresql-12-12.4/src/backend/utils/adt/varbit.c:1485:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(r, p, len);
data/postgresql-12-12.4/src/backend/utils/adt/varbit.c:1823:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(r, p, VARBITBYTES(arg1));
data/postgresql-12-12.4/src/backend/utils/adt/varchar.c:181:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(r, s, len);
data/postgresql-12-12.4/src/backend/utils/adt/varchar.c:338:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(r, s, len);
data/postgresql-12-12.4/src/backend/utils/adt/varchar.c:394:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(NameStr(*result), s_data, len);
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:188:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(VARDATA(result), s, len);
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:212:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(result, VARDATA_ANY(tunpacked), len);
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:248:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dst, VARDATA_ANY(srcunpacked), dst_len);
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:519:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(VARDATA(result), state->data, state->len);
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:742:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr, VARDATA_ANY(t1), len1);
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:744:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr + len1, VARDATA_ANY(t2), len2);
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:1011:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(VARDATA(ret), s, (p - s));
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:1502:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		a1buf[TEXTBUFLEN];
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:1503:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		a2buf[TEXTBUFLEN];
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:1558:9:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
				r = MultiByteToWideChar(CP_UTF8, 0, arg1, len1,
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:1571:9:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
				r = MultiByteToWideChar(CP_UTF8, 0, arg2, len2,
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:1619:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(a1p, arg1, len1);
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:1621:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(a2p, arg2, len2);
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:2315:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(sss->buf1, a1p, len1);
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:2328:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(sss->buf2, a2p, len2);
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:2482:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(pres, authoritative_data, Min(len, sizeof(Datum)));
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:2508:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(pres, sss->buf2, Min(sizeof(Datum), sss->last_len2));
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:2513:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(sss->buf1, authoritative_data, len);
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:2603:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(pres, sss->buf2, Min(sizeof(Datum), bsize));
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:3195:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr, VARDATA_ANY(t1), len1);
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:3197:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr + len1, VARDATA_ANY(t2), len2);
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:3421:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	byte = ((unsigned char *) VARDATA_ANY(v))[n];
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:3456:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	byte = ((unsigned char *) VARDATA_ANY(v))[byteNo];
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:3491:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	((unsigned char *) VARDATA(res))[n] = newByte;
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:3539:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	oldByte = ((unsigned char *) VARDATA(res))[byteNo];
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:3546:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	((unsigned char *) VARDATA(res))[byteNo] = newByte;
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:3570:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(NameStr(*result), VARDATA_ANY(s), len);
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:4455:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		errMsg[100];
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:5008:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[32];		/* bigger than needed, but reasonable */
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:5032:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[32];		/* bigger than needed, but reasonable */
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:5399:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(dst, p, sz);
data/postgresql-12-12.4/src/backend/utils/adt/xml.c:378:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(VARDATA(result), str, nbytes);
data/postgresql-12-12.4/src/backend/utils/adt/xml.c:1162:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(result, str, len * sizeof(xmlChar));
data/postgresql-12-12.4/src/backend/utils/adt/xml.c:1174:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(result, str, len);
data/postgresql-12-12.4/src/backend/utils/adt/xml.c:2094:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		utf8string[8];	/* need room for trailing zero */
data/postgresql-12-12.4/src/backend/utils/adt/xml.c:2221:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char		buf[MAXDATELEN + 1];
data/postgresql-12-12.4/src/backend/utils/adt/xml.c:2242:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char		buf[MAXDATELEN + 1];
data/postgresql-12-12.4/src/backend/utils/adt/xml.c:2269:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char		buf[MAXDATELEN + 1];
data/postgresql-12-12.4/src/backend/utils/adt/xml.c:2408:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ret, s, len);
data/postgresql-12-12.4/src/backend/utils/cache/attoptcache.c:156:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(opts, bytea_opts, VARSIZE(bytea_opts));
data/postgresql-12-12.4/src/backend/utils/cache/attoptcache.c:176:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(result, attopt->opts, VARSIZE(attopt->opts));
data/postgresql-12-12.4/src/backend/utils/cache/catcache.c:1336:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(cur_skey, cache->cc_skey, sizeof(ScanKeyData) * nkeys);
data/postgresql-12-12.4/src/backend/utils/cache/catcache.c:1624:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(cur_skey, cache->cc_skey, sizeof(ScanKeyData) * cache->cc_nkeys);
data/postgresql-12-12.4/src/backend/utils/cache/catcache.c:1843:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((char *) ct->tuple.t_data,
data/postgresql-12-12.4/src/backend/utils/cache/inval.c:809:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(SharedInvalidMessagesArray + numSharedInvalidMessagesArray,
data/postgresql-12-12.4/src/backend/utils/cache/lsyscache.c:1514:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(*argtypes, procstruct->proargtypes.values, *nargs * sizeof(Oid));
data/postgresql-12-12.4/src/backend/utils/cache/partcache.c:168:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(key->partattrs, attrs, key->partnatts * sizeof(int16));
data/postgresql-12-12.4/src/backend/utils/cache/plancache.c:419:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(plansource->param_types, param_types, num_params * sizeof(Oid));
data/postgresql-12-12.4/src/backend/utils/cache/plancache.c:1358:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(newsource->param_types, plansource->param_types,
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:418:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(relationForm, relp, CLASS_TUPLE_SIZE);
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:487:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(relation->rd_options, options, VARSIZE(options));
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:564:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(TupleDescAttr(relation->rd_att, attnum - 1),
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:1353:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(cached, tmp, sizeof(IndexAmRoutine));
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:1472:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(relation->rd_indcollation, indcoll->values, indnkeyatts * sizeof(Oid));
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:1504:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(relation->rd_indoption, indoption->values, indnkeyatts * sizeof(int16));
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:1555:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&indexSupport[attIndex * maxSupportNumber],
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:1892:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(TupleDescAttr(relation->rd_att, i),
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:2175:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(relation->rd_rel, relp, CLASS_TUPLE_SIZE);
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:2295:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(relation->rd_rel, relp, CLASS_TUPLE_SIZE);
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:2590:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&tmpstruct, newrel, sizeof(RelationData));
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:2591:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(newrel, relation, sizeof(RelationData));
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:2592:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(relation, &tmpstruct, sizeof(RelationData));
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:2607:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(relation->rd_rel, newrel->rd_rel, CLASS_TUPLE_SIZE);
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:3845:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy((char *) relation->rd_rel, (char *) relp, CLASS_TUPLE_SIZE);
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:4028:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(TupleDescAttr(result, i), &attrs[i], ATTRIBUTE_FIXED_PART_SIZE);
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:5068:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ops, indexRelation->rd_exclops, sizeof(Oid) * indnkeyatts);
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:5069:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(funcs, indexRelation->rd_exclprocs, sizeof(Oid) * indnkeyatts);
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:5070:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(strats, indexRelation->rd_exclstrats, sizeof(uint16) * indnkeyatts);
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:5128:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ops, ARR_DATA_PTR(arr), sizeof(Oid) * indnkeyatts);
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:5155:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(indexRelation->rd_exclops, ops, sizeof(Oid) * indnkeyatts);
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:5156:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(indexRelation->rd_exclprocs, funcs, sizeof(Oid) * indnkeyatts);
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:5157:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(indexRelation->rd_exclstrats, strats, sizeof(uint16) * indnkeyatts);
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:5180:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		return memcpy(pubactions, relation->rd_pubactions,
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:5225:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(relation->rd_pubactions, pubactions, sizeof(PublicationActions));
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:5365:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		initfilename[MAXPGPATH];
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:5761:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tempfilename[MAXPGPATH];
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:5762:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		finalfilename[MAXPGPATH];
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:6017:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		localinitfname[MAXPGPATH];
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:6018:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sharedinitfname[MAXPGPATH];
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:6060:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH + 10 + sizeof(TABLESPACE_VERSION_DIRECTORY)];
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:6092:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		initfilename[MAXPGPATH * 2];
data/postgresql-12-12.4/src/backend/utils/cache/relmapper.c:701:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		mapfilename[MAXPGPATH];
data/postgresql-12-12.4/src/backend/utils/cache/relmapper.c:802:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		mapfilename[MAXPGPATH];
data/postgresql-12-12.4/src/backend/utils/cache/relmapper.c:932:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(realmap, newmap, sizeof(RelMapFile));
data/postgresql-12-12.4/src/backend/utils/cache/relmapper.c:969:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&newmap, &shared_map, sizeof(RelMapFile));
data/postgresql-12-12.4/src/backend/utils/cache/relmapper.c:971:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&newmap, &local_map, sizeof(RelMapFile));
data/postgresql-12-12.4/src/backend/utils/cache/spccache.c:155:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(opts, bytea_opts, VARSIZE(bytea_opts));
data/postgresql-12-12.4/src/backend/utils/cache/ts_cache.c:507:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(maplists[maxtokentype].dictIds, mapdicts,
data/postgresql-12-12.4/src/backend/utils/cache/ts_cache.c:534:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(maplists[maxtokentype].dictIds, mapdicts,
data/postgresql-12-12.4/src/backend/utils/cache/ts_cache.c:541:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(entry->map, maplists,
data/postgresql-12-12.4/src/backend/utils/cache/typcache.c:2459:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(enumdata->enum_values, items, numitems * sizeof(EnumItem));
data/postgresql-12-12.4/src/backend/utils/error/elog.c:154:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char formatted_start_time[FORMATTED_TS_LEN];
data/postgresql-12-12.4/src/backend/utils/error/elog.c:155:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char formatted_log_time[FORMATTED_TS_LEN];
data/postgresql-12-12.4/src/backend/utils/error/elog.c:1489:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newedata, edata, sizeof(ErrorData));
data/postgresql-12-12.4/src/backend/utils/error/elog.c:1669:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newedata, edata, sizeof(ErrorData));
data/postgresql-12-12.4/src/backend/utils/error/elog.c:1847:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((fd = open(OutputFileName, O_CREAT | O_APPEND | O_WRONLY,
data/postgresql-12-12.4/src/backend/utils/error/elog.c:1957:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		buf[PG_SYSLOG_LIMIT + 1];
data/postgresql-12-12.4/src/backend/utils/error/elog.c:1977:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(buf, line, buflen);
data/postgresql-12-12.4/src/backend/utils/error/elog.c:2208:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		msbuf[13];
data/postgresql-12-12.4/src/backend/utils/error/elog.c:2229:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(msbuf, ".%03d", (int) (saved_timeval.tv_usec / 1000));
data/postgresql-12-12.4/src/backend/utils/error/elog.c:2230:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(formatted_log_time + 19, msbuf, 4);
data/postgresql-12-12.4/src/backend/utils/error/elog.c:2412:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char		strfbuf[128];
data/postgresql-12-12.4/src/backend/utils/error/elog.c:2443:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char		strfbuf[128];
data/postgresql-12-12.4/src/backend/utils/error/elog.c:2456:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char		strfbuf[128];
data/postgresql-12-12.4/src/backend/utils/error/elog.c:2562:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
						char		strfbuf[128];
data/postgresql-12-12.4/src/backend/utils/error/elog.c:2823:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[12];
data/postgresql-12-12.4/src/backend/utils/error/elog.c:3084:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(p.proto.data, data, PIPE_MAX_PAYLOAD);
data/postgresql-12-12.4/src/backend/utils/error/elog.c:3094:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(p.proto.data, data, len);
data/postgresql-12-12.4/src/backend/utils/error/elog.c:3135:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		tbuf[12];
data/postgresql-12-12.4/src/backend/utils/error/elog.c:3387:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		errbuf[2048];	/* Arbitrary size? */
data/postgresql-12-12.4/src/backend/utils/fmgr/dfmgr.c:48:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		varName[NAMEDATALEN];	/* hash key (must be first) */
data/postgresql-12-12.4/src/backend/utils/fmgr/dfmgr.c:65:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		filename[FLEXIBLE_ARRAY_MEMBER];	/* Full pathname of file */
data/postgresql-12-12.4/src/backend/utils/fmgr/dfmgr.c:318:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		library_version[32];
data/postgresql-12-12.4/src/backend/utils/fmgr/fmgr.c:613:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dstinfo, srcinfo, sizeof(FmgrInfo));
data/postgresql-12-12.4/src/backend/utils/fmgr/fmgr.c:1758:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result, datum, len);
data/postgresql-12-12.4/src/backend/utils/fmgr/funcapi.c:919:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(*p_argtypes, ARR_DATA_PTR(arr),
data/postgresql-12-12.4/src/backend/utils/fmgr/funcapi.c:928:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(*p_argtypes, procStruct->proargtypes.values,
data/postgresql-12-12.4/src/backend/utils/fmgr/funcapi.c:965:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(*p_argmodes, ARR_DATA_PTR(arr),
data/postgresql-12-12.4/src/backend/utils/fmgr/funcapi.c:1006:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(*p_trftypes, ARR_DATA_PTR(arr),
data/postgresql-12-12.4/src/backend/utils/hash/dynahash.c:401:20:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		hashp->keycopy = memcpy;
data/postgresql-12-12.4/src/backend/utils/hash/dynahash.c:1621:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(p, old_p, old_dirsize);
data/postgresql-12-12.4/src/backend/utils/init/globals.c:70:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char		OutputFileName[MAXPGPATH];	/* debugging output file */
data/postgresql-12-12.4/src/backend/utils/init/globals.c:72:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char		my_exec_path[MAXPGPATH];	/* full path to my executable */
data/postgresql-12-12.4/src/backend/utils/init/globals.c:73:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char		pkglib_path[MAXPGPATH]; /* full path to lib directory */
data/postgresql-12-12.4/src/backend/utils/init/globals.c:76:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char		postgres_exec_path[MAXPGPATH];	/* full path to backend */
data/postgresql-12-12.4/src/backend/utils/init/miscinit.c:877:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buffer[MAXPGPATH * 2 + 256];
data/postgresql-12-12.4/src/backend/utils/init/miscinit.c:920:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		my_gp_pid = atoi(envvar);
data/postgresql-12-12.4/src/backend/utils/init/miscinit.c:937:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fd = open(filename, O_RDWR | O_CREAT | O_EXCL, pg_file_create_mode);
data/postgresql-12-12.4/src/backend/utils/init/miscinit.c:954:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fd = open(filename, O_RDONLY, pg_file_create_mode);
data/postgresql-12-12.4/src/backend/utils/init/miscinit.c:982:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		encoded_pid = atoi(buffer);
data/postgresql-12-12.4/src/backend/utils/init/miscinit.c:1189:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		lockfile[MAXPGPATH];
data/postgresql-12-12.4/src/backend/utils/init/miscinit.c:1229:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		buffer[1];
data/postgresql-12-12.4/src/backend/utils/init/miscinit.c:1231:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fd = open(socketLockFile, O_RDONLY | PG_BINARY, 0);
data/postgresql-12-12.4/src/backend/utils/init/miscinit.c:1261:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		srcbuffer[BLCKSZ];
data/postgresql-12-12.4/src/backend/utils/init/miscinit.c:1262:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		destbuffer[BLCKSZ];
data/postgresql-12-12.4/src/backend/utils/init/miscinit.c:1264:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(DIRECTORY_LOCK_FILE, O_RDWR | PG_BINARY, 0);
data/postgresql-12-12.4/src/backend/utils/init/miscinit.c:1300:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(destbuffer, srcbuffer, srcptr - srcbuffer);
data/postgresql-12-12.4/src/backend/utils/init/miscinit.c:1387:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buffer[BLCKSZ];
data/postgresql-12-12.4/src/backend/utils/init/miscinit.c:1389:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(DIRECTORY_LOCK_FILE, O_RDWR | PG_BINARY, 0);
data/postgresql-12-12.4/src/backend/utils/init/miscinit.c:1430:13:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	file_pid = atol(buffer);
data/postgresql-12-12.4/src/backend/utils/init/miscinit.c:1456:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		full_path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/utils/init/miscinit.c:1462:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		file_version_string[64];
data/postgresql-12-12.4/src/backend/utils/init/miscinit.c:1612:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		locale_path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/utils/init/postinit.c:598:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		dbname[NAMEDATALEN];
data/postgresql-12-12.4/src/backend/utils/mb/encnames.c:558:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buff[NAMEDATALEN],
data/postgresql-12-12.4/src/backend/utils/mb/iso.c:16:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		koitab[128],
data/postgresql-12-12.4/src/backend/utils/mb/iso.c:18:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[4096];
data/postgresql-12-12.4/src/backend/utils/mb/mbutils.c:509:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(VARDATA(retval), dest_str, len);
data/postgresql-12-12.4/src/backend/utils/mb/mbutils.c:1118:12:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
		dstlen = MultiByteToWideChar(codepage, 0, str, len, utf16, len);
data/postgresql-12-12.4/src/backend/utils/mb/mbutils.c:1142:12:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
		dstlen = MultiByteToWideChar(CP_UTF8, 0, utf8, len, utf16, len);
data/postgresql-12-12.4/src/backend/utils/mb/wchar.c:2046:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[8 * 5 + 1];
data/postgresql-12-12.4/src/backend/utils/mb/wchar.c:2056:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		p += sprintf(p, "0x%02x", (unsigned char) mbstr[j]);
data/postgresql-12-12.4/src/backend/utils/mb/wchar.c:2079:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[8 * 5 + 1];
data/postgresql-12-12.4/src/backend/utils/mb/wchar.c:2089:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		p += sprintf(p, "0x%02x", (unsigned char) mbstr[j]);
data/postgresql-12-12.4/src/backend/utils/mb/win1251.c:16:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		koitab[128],
data/postgresql-12-12.4/src/backend/utils/mb/win1251.c:18:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[4096];
data/postgresql-12-12.4/src/backend/utils/mb/win866.c:16:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		koitab[128],
data/postgresql-12-12.4/src/backend/utils/mb/win866.c:18:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[4096];
data/postgresql-12-12.4/src/backend/utils/misc/guc-file.c:2525:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		abs_path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/utils/misc/guc-file.c:3024:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		filename[MAXPGPATH];
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:773:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		unit[MAX_UNIT_LEN + 1]; /* unit, as a string, like "kB" or
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:5192:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		limbuf[16];
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:5195:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(limbuf, "%ld", new_limit);
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:6059:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		unitstr[MAX_UNIT_LEN + 1];
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:6213:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				static char bbuf[8];
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:6222:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				static char xbuf[8];
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:7504:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buffer[256];
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:7560:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buffer[256];
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:7904:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		AutoConfFileName[MAXPGPATH];
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:7905:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		AutoConfTmpFileName[MAXPGPATH];
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:9002:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buffer[256];
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:9362:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char	   *values[NUM_PG_SETTINGS_ATTS];
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:9526:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buffer[256];
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:10055:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(*destptr, val, valsize);
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:10156:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(start_address, &actual_size, sizeof(actual_size));
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:10194:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dest, *srcptr, size);
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:10253:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char	   *error_context_name_and_value[2];
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:10950:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(*extra, newwalconsistency, (RM_MAX_ID + 1) * sizeof(bool));
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:11219:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char nbuf[16];
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:11236:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char nbuf[16];
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:11253:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char nbuf[16];
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:11270:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char nbuf[16];
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:11427:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[12];
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:11436:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[12];
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:11445:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[12];
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:11606:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char	   *field[MAXDATEFIELDS];
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:11608:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		workbuf[MAXDATELEN + MAXDATEFIELDS];
data/postgresql-12-12.4/src/backend/utils/misc/pg_config.c:36:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *values[2];
data/postgresql-12-12.4/src/backend/utils/misc/pg_controldata.c:88:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		xlogfilename[MAXFNAMELEN];
data/postgresql-12-12.4/src/backend/utils/misc/pg_rusage.c:42:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char result[100];
data/postgresql-12-12.4/src/backend/utils/misc/ps_status.c:95:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ps_buffer[PS_BUFFER_SIZE];
data/postgresql-12-12.4/src/backend/utils/misc/ps_status.c:391:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		name[PS_BUFFER_SIZE + 32];
data/postgresql-12-12.4/src/backend/utils/misc/tzparser.c:259:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(arrayptr, entry, sizeof(tzEntry));
data/postgresql-12-12.4/src/backend/utils/misc/tzparser.c:279:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		share_path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/utils/misc/tzparser.c:280:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		file_path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/utils/misc/tzparser.c:282:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tzbuf[1024];
data/postgresql-12-12.4/src/backend/utils/mmgr/aset.c:190:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		padding[MAXIMUM_ALIGNOF - ALLOCCHUNK_RAWSIZE % MAXIMUM_ALIGNOF];
data/postgresql-12-12.4/src/backend/utils/mmgr/aset.c:305:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char LogTable256[256] =
data/postgresql-12-12.4/src/backend/utils/mmgr/aset.c:1274:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(newPointer, pointer, oldsize);
data/postgresql-12-12.4/src/backend/utils/mmgr/aset.c:1362:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		stats_string[200];
data/postgresql-12-12.4/src/backend/utils/mmgr/freepage.c:728:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&btp->u.leaf_key[btp->hdr.nused], &np->u.leaf_key[0],
data/postgresql-12-12.4/src/backend/utils/mmgr/freepage.c:734:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&btp->u.internal_key[btp->hdr.nused], &np->u.internal_key[0],
data/postgresql-12-12.4/src/backend/utils/mmgr/freepage.c:753:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&np->u.leaf_key[np->hdr.nused], &btp->u.leaf_key[0],
data/postgresql-12-12.4/src/backend/utils/mmgr/freepage.c:759:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&np->u.internal_key[np->hdr.nused], &btp->u.internal_key[0],
data/postgresql-12-12.4/src/backend/utils/mmgr/freepage.c:1212:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&newsibling->u.leaf_key,
data/postgresql-12-12.4/src/backend/utils/mmgr/freepage.c:1218:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&newsibling->u.internal_key,
data/postgresql-12-12.4/src/backend/utils/mmgr/generation.c:119:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		padding[MAXIMUM_ALIGNOF - GENERATIONCHUNK_RAWSIZE % MAXIMUM_ALIGNOF];
data/postgresql-12-12.4/src/backend/utils/mmgr/generation.c:637:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newPointer, pointer, oldsize);
data/postgresql-12-12.4/src/backend/utils/mmgr/generation.c:714:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		stats_string[200];
data/postgresql-12-12.4/src/backend/utils/mmgr/mcxt.c:1155:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(nstr, string, len);
data/postgresql-12-12.4/src/backend/utils/mmgr/mcxt.c:1179:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(out, in, len);
data/postgresql-12-12.4/src/backend/utils/mmgr/portalmem.c:50:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		portalname[MAX_PORTALNAME_LEN];
data/postgresql-12-12.4/src/backend/utils/mmgr/portalmem.c:238:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		portalname[MAX_PORTALNAME_LEN];
data/postgresql-12-12.4/src/backend/utils/mmgr/portalmem.c:244:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(portalname, "<unnamed portal %u>", unnamed_portal_count);
data/postgresql-12-12.4/src/backend/utils/mmgr/slab.c:680:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		stats_string[200];
data/postgresql-12-12.4/src/backend/utils/sort/logtape.c:434:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		filename[MAXPGPATH];
data/postgresql-12-12.4/src/backend/utils/sort/logtape.c:576:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		filename[MAXPGPATH];
data/postgresql-12-12.4/src/backend/utils/sort/logtape.c:692:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(lt->buffer + lt->pos, ptr, nthistime);
data/postgresql-12-12.4/src/backend/utils/sort/logtape.c:854:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr, lt->buffer + lt->pos, nthistime);
data/postgresql-12-12.4/src/backend/utils/sort/sharedtuplestore.c:49:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		data[FLEXIBLE_ARRAY_MEMBER];
data/postgresql-12-12.4/src/backend/utils/sort/sharedtuplestore.c:67:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		name[NAMEDATALEN];	/* A name for this tuplestore. */
data/postgresql-12-12.4/src/backend/utils/sort/sharedtuplestore.c:311:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		name[MAXPGPATH];
data/postgresql-12-12.4/src/backend/utils/sort/sharedtuplestore.c:362:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(accessor->write_pointer, meta_data,
data/postgresql-12-12.4/src/backend/utils/sort/sharedtuplestore.c:371:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(accessor->write_pointer + accessor->sts->meta_data_size,
data/postgresql-12-12.4/src/backend/utils/sort/sharedtuplestore.c:391:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(accessor->write_pointer, (char *) tuple + written,
data/postgresql-12-12.4/src/backend/utils/sort/sharedtuplestore.c:403:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(accessor->write_pointer, meta_data,
data/postgresql-12-12.4/src/backend/utils/sort/sharedtuplestore.c:405:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(accessor->write_pointer + accessor->sts->meta_data_size, tuple,
data/postgresql-12-12.4/src/backend/utils/sort/sharedtuplestore.c:560:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char		name[MAXPGPATH];
data/postgresql-12-12.4/src/backend/utils/sort/tuplesort.c:193:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buffer[SLAB_SLOT_SIZE];
data/postgresql-12-12.4/src/backend/utils/sort/tuplesort.c:4151:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newtuple, tuple, tuplen);
data/postgresql-12-12.4/src/backend/utils/time/combocid.c:333:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(start_address + sizeof(int), comboCids,
data/postgresql-12-12.4/src/backend/utils/time/snapmgr.c:597:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(CurrentSnapshot->xip, sourcesnap->xip,
data/postgresql-12-12.4/src/backend/utils/time/snapmgr.c:601:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(CurrentSnapshot->subxip, sourcesnap->subxip,
data/postgresql-12-12.4/src/backend/utils/time/snapmgr.c:677:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newsnap, snapshot, sizeof(SnapshotData));
data/postgresql-12-12.4/src/backend/utils/time/snapmgr.c:687:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(newsnap->xip, snapshot->xip,
data/postgresql-12-12.4/src/backend/utils/time/snapmgr.c:703:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(newsnap->subxip, snapshot->subxip,
data/postgresql-12-12.4/src/backend/utils/time/snapmgr.c:1202:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/utils/time/snapmgr.c:1203:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pathtmp[MAXPGPATH];
data/postgresql-12-12.4/src/backend/utils/time/snapmgr.c:1464:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/backend/utils/time/snapmgr.c:1652:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[MAXPGPATH + sizeof(SNAPSHOT_EXPORT_DIR)];
data/postgresql-12-12.4/src/backend/utils/time/snapmgr.c:2128:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(start_address,
data/postgresql-12-12.4/src/backend/utils/time/snapmgr.c:2133:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((TransactionId *) (start_address +
data/postgresql-12-12.4/src/backend/utils/time/snapmgr.c:2148:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((TransactionId *) (start_address + subxipoff),
data/postgresql-12-12.4/src/backend/utils/time/snapmgr.c:2168:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&serialized_snapshot, start_address,
data/postgresql-12-12.4/src/backend/utils/time/snapmgr.c:2197:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(snapshot->xip, serialized_xids,
data/postgresql-12-12.4/src/backend/utils/time/snapmgr.c:2206:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(snapshot->subxip, serialized_xids + serialized_snapshot.xcnt,
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:27:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char tzdirpath[MAXPGPATH];
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:67:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fullname[MAXPGPATH];
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:78:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	return open(fullname, O_RDONLY | PG_BINARY, 0);
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:239:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		cbuf[TZ_STRLEN_MAX + 1];
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:332:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char resultbuf[TZ_STRLEN_MAX + 1];
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:339:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tmptzdir[MAXPGPATH];
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:341:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		std_zone_name[TZ_STRLEN_MAX + 1],
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:343:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		cbuf[TZ_STRLEN_MAX + 1];
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:547:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		link_target[MAXPGPATH];
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:1512:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tzname[128];
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:1513:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		localtzname[256];
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:1564:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		keyname[256];
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:1565:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		zonename[256];
data/postgresql-12-12.4/src/bin/initdb/initdb.c:168:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char infoversion[100];
data/postgresql-12-12.4/src/bin/initdb/initdb.c:230:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char bin_path[MAXPGPATH];
data/postgresql-12-12.4/src/bin/initdb/initdb.c:231:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char backend_exec[MAXPGPATH];
data/postgresql-12-12.4/src/bin/initdb/initdb.c:289:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
#define PG_CMD_DECL		char cmd[MAXPGPATH]; FILE *cmdfd
data/postgresql-12-12.4/src/bin/initdb/initdb.c:378:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(resultp, "\\042");
data/postgresql-12-12.4/src/bin/initdb/initdb.c:432:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		newline = (char *) pg_malloc(strlen(lines[i]) + diff + 1);
data/postgresql-12-12.4/src/bin/initdb/initdb.c:436:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(newline, lines[i], pre);
data/postgresql-12-12.4/src/bin/initdb/initdb.c:438:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(newline + pre, replacement, replen);
data/postgresql-12-12.4/src/bin/initdb/initdb.c:493:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((infile = fopen(path, "r")) == NULL)
data/postgresql-12-12.4/src/bin/initdb/initdb.c:548:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((out_file = fopen(path, "w")) == NULL)
data/postgresql-12-12.4/src/bin/initdb/initdb.c:667:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		result[20];
data/postgresql-12-12.4/src/bin/initdb/initdb.c:669:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(result, "%d", enc);
data/postgresql-12-12.4/src/bin/initdb/initdb.c:856:22:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((version_file = fopen(path, PG_BINARY_W)) == NULL)
data/postgresql-12-12.4/src/bin/initdb/initdb.c:881:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	conf_file = fopen(path, PG_BINARY_W);
data/postgresql-12-12.4/src/bin/initdb/initdb.c:918:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		name[64];
data/postgresql-12-12.4/src/bin/initdb/initdb.c:965:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		cmd[MAXPGPATH];
data/postgresql-12-12.4/src/bin/initdb/initdb.c:1082:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		repltok[MAXPGPATH];
data/postgresql-12-12.4/src/bin/initdb/initdb.c:1083:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/bin/initdb/initdb.c:1084:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *autoconflines[3];
data/postgresql-12-12.4/src/bin/initdb/initdb.c:1146:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(repltok, "datestyle = 'iso, ymd'");
data/postgresql-12-12.4/src/bin/initdb/initdb.c:1149:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(repltok, "datestyle = 'iso, dmy'");
data/postgresql-12-12.4/src/bin/initdb/initdb.c:1153:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(repltok, "datestyle = 'iso, mdy'");
data/postgresql-12-12.4/src/bin/initdb/initdb.c:1378:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		headerline[MAXPGPATH];
data/postgresql-12-12.4/src/bin/initdb/initdb.c:1379:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[64];
data/postgresql-12-12.4/src/bin/initdb/initdb.c:1403:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buf, "%d", NAMEDATALEN);
data/postgresql-12-12.4/src/bin/initdb/initdb.c:1406:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buf, "%d", (int) sizeof(Pointer));
data/postgresql-12-12.4/src/bin/initdb/initdb.c:1501:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pwd1[100];
data/postgresql-12-12.4/src/bin/initdb/initdb.c:1502:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pwd2[100];
data/postgresql-12-12.4/src/bin/initdb/initdb.c:1529:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		FILE	   *pwf = fopen(pwfilename, "r");
data/postgresql-12-12.4/src/bin/initdb/initdb.c:2140:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[128];
data/postgresql-12-12.4/src/bin/initdb/initdb.c:2491:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		full_path[MAXPGPATH];
data/postgresql-12-12.4/src/bin/initdb/initdb.c:3067:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pg_ctl_path[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_archivecleanup/pg_archivecleanup.c:32:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char		exclusiveCleanupFileName[MAXFNAMELEN];	/* the oldest file we want
data/postgresql-12-12.4/src/bin/pg_archivecleanup/pg_archivecleanup.c:96:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		walfile[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_archivecleanup/pg_archivecleanup.c:126:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char		WALFilePath[MAXPGPATH * 2]; /* the file path
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:49:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		old_dir[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:50:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		new_dir[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:403:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		xlogend[64];
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:465:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		xlog[MAXPGPATH];	/* directory or tarfile depending on mode */
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:539:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		statusdir[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:716:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		totaldone_str[32];
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:717:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		totalsize_str[32];
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:940:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		filename[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:943:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tarhdr[512];
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:1009:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				tarfile = fopen(filename, "wb");
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:1037:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			tarfile = fopen(filename, "wb");
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:1095:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		zerobuf[1024];
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:1101:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char		header[512];
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:1233:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
						memcpy(&tarhdr[tarhdrsz], copybuf + pos, bytes2copy);
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:1265:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
							char		header[512];
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:1329:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
							char		zerobuf[512];
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:1380:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		canon_dir[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:1406:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		current_path[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:1407:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		filename[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:1567:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			file = fopen(filename, "wb");
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:1764:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		filename[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:1774:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	cf = fopen(filename, is_recovery_guc_supported ? "a" : "w");
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:1792:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		cf = fopen(filename, "w");
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:1812:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		escaped_label[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:1815:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		xlogstart[64];
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:1816:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		xlogend[64];
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:1933:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		starttli = atoi(PQgetvalue(res, 0, 1));
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:1966:16:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		totalsize += atol(PQgetvalue(res, i, 2));
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:2329:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				compresslevel = atoi(optarg);
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:2367:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				standby_message_timeout = atoi(optarg) * 1000;
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_receivewal.c:262:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		fullpath[MAXPGPATH * 2];
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_receivewal.c:281:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		buf[4];
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_receivewal.c:283:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		fullpath[MAXPGPATH * 2];
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_receivewal.c:288:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			fd = open(fullpath, O_RDONLY | PG_BINARY, 0);
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_receivewal.c:536:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				if (atoi(optarg) <= 0)
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_receivewal.c:553:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				standby_message_timeout = atoi(optarg) * 1000;
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_receivewal.c:578:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				compresslevel = atoi(optarg);
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_recvlogical.c:121:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		replybuf[1 + 8 + 8 + 8 + 8 + 1];
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_recvlogical.c:333:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				outfd = open(outfile, O_CREAT | O_APPEND | O_WRONLY | PG_BINARY,
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_recvlogical.c:741:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				fsync_interval = atoi(optarg) * 1000;
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_recvlogical.c:762:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				if (atoi(optarg) <= 0)
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_recvlogical.c:819:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				standby_message_timeout = atoi(optarg) * 1000;
data/postgresql-12-12.4/src/bin/pg_basebackup/receivelog.c:35:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char current_walfile_name[MAXPGPATH] = "";
data/postgresql-12-12.4/src/bin/pg_basebackup/receivelog.c:64:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char tmppath[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_basebackup/receivelog.c:95:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fn[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_basebackup/receivelog.c:247:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		histfname[MAXFNAMELEN];
data/postgresql-12-12.4/src/bin/pg_basebackup/receivelog.c:265:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		histfname[MAXFNAMELEN];
data/postgresql-12-12.4/src/bin/pg_basebackup/receivelog.c:325:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		replybuf[1 + 8 + 8 + 8 + 8 + 1];
data/postgresql-12-12.4/src/bin/pg_basebackup/receivelog.c:441:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		query[128];
data/postgresql-12-12.4/src/bin/pg_basebackup/receivelog.c:442:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		slotcmd[128];
data/postgresql-12-12.4/src/bin/pg_basebackup/receivelog.c:502:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (stream->timeline > atoi(PQgetvalue(res, 0, 1)))
data/postgresql-12-12.4/src/bin/pg_basebackup/receivelog.c:713:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	*timeline = atoi(PQgetvalue(res, 0, 0));
data/postgresql-12-12.4/src/bin/pg_basebackup/streamutil.c:55:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char password[100];
data/postgresql-12-12.4/src/bin/pg_basebackup/streamutil.c:282:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		xlog_unit[3];
data/postgresql-12-12.4/src/bin/pg_basebackup/streamutil.c:445:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		*starttli = atoi(PQgetvalue(res, 0, 1));
data/postgresql-12-12.4/src/bin/pg_basebackup/streamutil.c:668:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buf, &n64, sizeof(n64));
data/postgresql-12-12.4/src/bin/pg_basebackup/walmethods.c:75:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char tmppath[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_basebackup/walmethods.c:93:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(tmppath, O_WRONLY | O_CREAT | PG_BINARY, pg_file_create_mode);
data/postgresql-12-12.4/src/bin/pg_basebackup/walmethods.c:219:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char tmppath[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_basebackup/walmethods.c:220:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char tmppath2[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_basebackup/walmethods.c:306:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char tmppath[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_basebackup/walmethods.c:320:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char tmppath[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_basebackup/walmethods.c:326:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(tmppath, O_RDONLY | PG_BINARY, 0);
data/postgresql-12-12.4/src/bin/pg_basebackup/walmethods.c:390:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		header[512];
data/postgresql-12-12.4/src/bin/pg_basebackup/walmethods.c:402:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		lasterror[1024];
data/postgresql-12-12.4/src/bin/pg_basebackup/walmethods.c:535:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char tmppath[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_basebackup/walmethods.c:544:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		tar_data->fd = open(tar_data->tarfilename,
data/postgresql-12-12.4/src/bin/pg_basebackup/walmethods.c:789:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		zerobuf[512];
data/postgresql-12-12.4/src/bin/pg_basebackup/walmethods.c:888:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		zerobuf[1024];
data/postgresql-12-12.4/src/bin/pg_checksums/pg_checksums.c:130:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		total_size_str[32];
data/postgresql-12-12.4/src/bin/pg_checksums/pg_checksums.c:131:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		current_size_str[32];
data/postgresql-12-12.4/src/bin/pg_checksums/pg_checksums.c:199:6:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	f = open(fn, PG_BINARY | flags, 0);
data/postgresql-12-12.4/src/bin/pg_checksums/pg_checksums.c:298:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_checksums/pg_checksums.c:311:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		fn[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_checksums/pg_checksums.c:338:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		fnonly[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_checksums/pg_checksums.c:357:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				segmentno = atoi(segmentpath);
data/postgresql-12-12.4/src/bin/pg_checksums/pg_checksums.c:397:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char		tblspc_path[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_checksums/pg_checksums.c:491:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				if (atoi(optarg) == 0)
data/postgresql-12-12.4/src/bin/pg_config/pg_config.c:135:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		my_exec_path[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_controldata/pg_controldata.c:100:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pgctime_str[128];
data/postgresql-12-12.4/src/bin/pg_controldata/pg_controldata.c:101:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		ckpttime_str[128];
data/postgresql-12-12.4/src/bin/pg_controldata/pg_controldata.c:102:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sysident_str[32];
data/postgresql-12-12.4/src/bin/pg_controldata/pg_controldata.c:103:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		mock_auth_nonce_str[MOCK_AUTH_NONCE_LEN * 2 + 1];
data/postgresql-12-12.4/src/bin/pg_controldata/pg_controldata.c:106:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		xlogfilename[MAXFNAMELEN];
data/postgresql-12-12.4/src/bin/pg_controldata/pg_controldata.c:223:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(xlogfilename, _("???"));
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:100:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char postopts_file[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:101:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char version_file[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:102:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char pid_file[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:103:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char backup_file[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:104:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char promote_file[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:105:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char logrotate_file[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:225:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		errbuf[2048];	/* Arbitrary size? */
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:283:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	pidf = fopen(pid_file, "r");
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:343:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(path, O_RDONLY | PG_BINARY, 0);
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:396:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(linebuf, linebegin, slen);
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:451:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		cmd[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:537:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		int			fd = open(log_file, O_RDWR, 0);
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:620:12:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			pmpid = atol(optlines[LOCK_FILE_LINE_PID - 1]);
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:621:14:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			pmstart = atol(optlines[LOCK_FILE_LINE_START_TIME - 1]);
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:807:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		full_path[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:832:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		cmd[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:893:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		static char env_var[32];
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:1206:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((prmfile = fopen(promote_file, "w")) == NULL)
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:1292:23:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((logrotatefile = fopen(logrotate_file, "w")) == NULL)
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:1459:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		cmdPath[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:1923:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char		jobname[128];
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:1925:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(jobname, "PostgreSQL_%lu",
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:2210:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		cmd[MAXPGPATH],
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:2221:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = fopen(filename, "r")) == NULL)
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:2227:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = fopen(filename, "r")) != NULL)
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:2354:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		wait_seconds = atoi(env_wait);
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:2433:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					wait_seconds = atoi(optarg);
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:2496:16:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				killproc = atol(argv[++optind]);
data/postgresql-12-12.4/src/bin/pg_dump/common.c:1055:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		temp[100];
data/postgresql-12-12.4/src/bin/pg_dump/compress_io.c:532:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		mode_compression[32];
data/postgresql-12-12.4/src/bin/pg_dump/compress_io.c:559:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fp->uncompressedfp = fopen(path, mode);
data/postgresql-12-12.4/src/bin/pg_dump/parallel.c:220:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *getMessageFromMaster(int pipefd[2]);
data/postgresql-12-12.4/src/bin/pg_dump/parallel.c:450:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		errbuf[1];
data/postgresql-12-12.4/src/bin/pg_dump/parallel.c:568:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		errbuf[1];
data/postgresql-12-12.4/src/bin/pg_dump/parallel.c:657:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		errbuf[1];
data/postgresql-12-12.4/src/bin/pg_dump/parallel.c:1233:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[256];
data/postgresql-12-12.4/src/bin/pg_dump/parallel.c:1362:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[256];
data/postgresql-12-12.4/src/bin/pg_dump/parallel.c:1535:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:587:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
								char		buffer[40];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:593:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
									strcpy(buffer, "DROP CONSTRAINT");
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:1098:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(newToc->dependencies, opts->deps, opts->nDeps * sizeof(DumpId));
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:1130:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		stamp_str[64];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:1138:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(stamp_str, "[unknown]");
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:1375:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[100];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:1382:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fh = fopen(ropt->tocFile, PG_BINARY_R);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:1534:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		fmode[14];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:1537:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(fmode, "wb%d", compression);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:1552:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				AH->OF = fopen(filename, PG_BINARY_A);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:1559:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				AH->OF = fopen(filename, PG_BINARY_W);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:1709:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy((char *) AH->lo_buf + AH->lo_buf_used, ptr, avail);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:1716:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((char *) AH->lo_buf + AH->lo_buf_used, ptr, remaining);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:2084:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sig[6];			/* More than enough */
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:2110:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		buf[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:2137:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			fh = fopen(AH->fSpec, PG_BINARY_R);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:2159:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&AH->lookahead[0], sig, 5);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:2513:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		workbuf[32];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:2538:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(workbuf, "%u", te->catalogId.tableoid);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:2540:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(workbuf, "%u", te->catalogId.oid);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:2558:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(workbuf, "%d", te->dependencies[i]);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:3789:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tmpMag[7];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:3926:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[64];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:4831:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(clone, AH, sizeof(ArchiveHandle));
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_custom.c:155:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			AH->FH = fopen(AH->fSpec, PG_BINARY_W);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_custom.c:172:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			AH->FH = fopen(AH->fSpec, PG_BINARY_R);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_custom.c:813:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	AH->FH = fopen(AH->fSpec, PG_BINARY_R);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_custom.c:892:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(AH->formatData, ctx, sizeof(lclContext));
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_db.c:127:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		passbuf[100];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_db.c:157:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		const char *keywords[7];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_db.c:158:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		const char *values[7];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_db.c:247:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		passbuf[100];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_db.c:268:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		const char *keywords[7];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_db.c:269:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		const char *values[7];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_db.c:342:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		errbuf[1];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_db.c:599:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(str, buf, bufLen);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_directory.c:200:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		fname[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_directory.c:236:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fn[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_directory.c:326:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fname[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_directory.c:426:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		fname[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_directory.c:438:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fname[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_directory.c:439:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		line[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_directory.c:454:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		fname[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_directory.c:455:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		path[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_directory.c:581:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		fname[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_directory.c:647:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fname[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_directory.c:666:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fname[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_directory.c:685:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[50];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_directory.c:752:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		fname[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_directory.c:805:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(AH->formatData, ctx, sizeof(lclContext));
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:175:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			ctx->tarFH = fopen(AH->fSpec, PG_BINARY_W);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:209:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			ctx->tarFH = fopen(AH->fSpec, PG_BINARY_R);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:252:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fn[K_STD_BUF_SIZE];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:259:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(fn, "%d.dat", te->dumpId);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:261:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(fn, "%d.dat.gz", te->dumpId);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:263:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(fn, "%d.dat", te->dumpId);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:330:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fmode[14];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:379:15:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		tm->tmpFH = tmpfile();
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:395:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			fd = open(name, O_RDWR | O_CREAT | O_EXCL | O_BINARY |
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:418:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(fmode, "wb%d", AH->compression);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:528:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buf, AH->lookahead + AH->lookaheadPos, used);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:540:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			res = fread(&((char *) buf)[used], 1, len, fh);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:548:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				res = GZREAD(&((char *) buf)[used], 1, len, th->zFH);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:565:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				res = fread(&((char *) buf)[used], 1, len, th->nFH);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:639:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[4096];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:724:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[4096];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:871:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ropt, AH->public.ropt, sizeof(RestoreOptions));
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:939:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fname[K_STD_BUF_SIZE];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:941:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(fname, "blobs.toc");
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:957:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fname[255];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:1078:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[32768];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:1112:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		buf1[32],
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:1138:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		header[512];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:1149:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		buf1[100],
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:1162:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		buf[100];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:1190:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		id = atoi(th->targetFile);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:1218:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		h[512];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:1219:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tag[100 + 1];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:1273:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		posbuf[32];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:1274:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		lenbuf[32];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:1284:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		posbuf[32];
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:1302:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		h[512];
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:128:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char		g_opaque_type[10];	/* name for the opaque type */
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:131:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char		g_comment_start[10];
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:132:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char		g_comment_end[10];
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:408:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(g_comment_start, "-- ");
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:410:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(g_opaque_type, "opaque");
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:476:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				numWorkers = atoi(optarg);
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:539:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				compressLevel = atoi(optarg);
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:577:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				extra_float_digits = atoi(optarg);
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:3430:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[LOBBUFSIZE];
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:4134:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		n = atoi(PQgetvalue(res, 0, 0));
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:5684:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		agginfo[i].aggfn.nargs = atoi(PQgetvalue(res, i, i_pronargs));
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:5916:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		finfo[i].nargs = atoi(PQgetvalue(res, i, i_pronargs));
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:6641:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		tblinfo[i].relpages = atoi(PQgetvalue(res, i, i_relpages));
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:6651:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		tblinfo[i].ncheck = atoi(PQgetvalue(res, i, i_relchecks));
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:6660:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			tblinfo[i].owning_col = atoi(PQgetvalue(res, i, i_owning_col));
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:7165:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			indxinfo[j].indnkeyattrs = atoi(PQgetvalue(res, j, i_indnkeyatts));
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:7166:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			indxinfo[j].indnattrs = atoi(PQgetvalue(res, j, i_indnatts));
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:7786:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				tginfo[j].tgtype = atoi(PQgetvalue(res, j, i_tgtype));
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:7787:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				tginfo[j].tgnargs = atoi(PQgetvalue(res, j, i_tgnargs));
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:8490:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			if (j + 1 != atoi(PQgetvalue(res, j, i_attnum)))
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:8495:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			tbinfo->atttypmod[j] = atoi(PQgetvalue(res, j, i_atttypmod));
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:8496:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			tbinfo->attstattarget[j] = atoi(PQgetvalue(res, j, i_attstattarget));
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:8503:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			tbinfo->attlen[j] = atoi(PQgetvalue(res, j, i_attlen));
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:8547:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				adnum = atoi(PQgetvalue(res, j, 2));
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:9860:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		comments[i].objsubid = atoi(PQgetvalue(res, i, i_objsubid));
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:11320:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			if (atoi(PQgetvalue(res, i, i_attnum)) == comments->objsubid)
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:12801:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		query[128];
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:15360:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		labels[i].objsubid = atoi(PQgetvalue(res, i, i_objsubid));
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:17020:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		bufm[32],
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.h:647:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char g_comment_start[10];
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.h:648:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char g_comment_end[10];
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.h:650:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char g_opaque_type[10];	/* name for the opaque type */
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump_sort.c:275:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(objs, ordering, numObjs * sizeof(DumpableObject *));
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump_sort.c:1189:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		buf[1024];
data/postgresql-12-12.4/src/bin/pg_dump/pg_dumpall.c:59:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char pg_dump_bin[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_dump/pg_dumpall.c:86:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char role_catalog[10];
data/postgresql-12-12.4/src/bin/pg_dump/pg_dumpall.c:194:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		full_path[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_dump/pg_dumpall.c:482:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		OPF = fopen(filename, PG_BINARY_W);
data/postgresql-12-12.4/src/bin/pg_dump/pg_dumpall.c:1537:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			OPF = fopen(filename, PG_BINARY_A);
data/postgresql-12-12.4/src/bin/pg_dump/pg_dumpall.c:1647:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char password[100];
data/postgresql-12-12.4/src/bin/pg_dump/pg_dumpall.c:1928:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[64];
data/postgresql-12-12.4/src/bin/pg_dump/pg_restore.c:188:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				numWorkers = atoi(optarg);
data/postgresql-12-12.4/src/bin/pg_resetwal/pg_resetwal.c:377:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = open("postmaster.pid", O_RDONLY, 0)) < 0)
data/postgresql-12-12.4/src/bin/pg_resetwal/pg_resetwal.c:540:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		rawline[64];
data/postgresql-12-12.4/src/bin/pg_resetwal/pg_resetwal.c:543:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((ver_fd = fopen(ver_file, "r")) == NULL)
data/postgresql-12-12.4/src/bin/pg_resetwal/pg_resetwal.c:595:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = open(XLOG_CONTROL_FILE, O_RDONLY | PG_BINARY, 0)) < 0)
data/postgresql-12-12.4/src/bin/pg_resetwal/pg_resetwal.c:751:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sysident_str[32];
data/postgresql-12-12.4/src/bin/pg_resetwal/pg_resetwal.c:835:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fname[MAXFNAMELEN];
data/postgresql-12-12.4/src/bin/pg_resetwal/pg_resetwal.c:1038:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH + sizeof(XLOGDIR)];
data/postgresql-12-12.4/src/bin/pg_resetwal/pg_resetwal.c:1085:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH + sizeof(ARCHSTATDIR)];
data/postgresql-12-12.4/src/bin/pg_resetwal/pg_resetwal.c:1137:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_resetwal/pg_resetwal.c:1167:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(recptr, &ControlFile.checkPointCopy,
data/postgresql-12-12.4/src/bin/pg_resetwal/pg_resetwal.c:1182:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(path, O_RDWR | O_CREAT | O_EXCL | PG_BINARY,
data/postgresql-12-12.4/src/bin/pg_rewind/copy_fetch.c:50:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fullparentpath[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_rewind/copy_fetch.c:65:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		fullpath[MAXPGPATH * 2];
data/postgresql-12-12.4/src/bin/pg_rewind/copy_fetch.c:66:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		path[MAXPGPATH * 2];
data/postgresql-12-12.4/src/bin/pg_rewind/copy_fetch.c:112:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		link_target[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_rewind/copy_fetch.c:159:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		srcpath[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_rewind/copy_fetch.c:164:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	srcfd = open(srcpath, O_RDONLY | PG_BINARY, 0);
data/postgresql-12-12.4/src/bin/pg_rewind/file_ops.c:30:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char dstpath[MAXPGPATH] = "";
data/postgresql-12-12.4/src/bin/pg_rewind/file_ops.c:60:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	dstfd = open(dstpath, mode, pg_file_create_mode);
data/postgresql-12-12.4/src/bin/pg_rewind/file_ops.c:174:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		dstpath[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_rewind/file_ops.c:193:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		dstpath[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_rewind/file_ops.c:201:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(dstpath, O_WRONLY, pg_file_create_mode);
data/postgresql-12-12.4/src/bin/pg_rewind/file_ops.c:216:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		dstpath[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_rewind/file_ops.c:230:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		dstpath[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_rewind/file_ops.c:244:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		dstpath[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_rewind/file_ops.c:258:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		dstpath[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_rewind/file_ops.c:289:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fullpath[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_rewind/file_ops.c:295:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = open(fullpath, O_RDONLY | PG_BINARY, 0)) == -1)
data/postgresql-12-12.4/src/bin/pg_rewind/filemap.c:154:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		localpath[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_rewind/filemap.c:345:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		localpath[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_rewind/filemap.c:509:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		localpath[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_rewind/libpq_fetch.c:235:14:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		filesize = atol(PQgetvalue(res, i, 1));
data/postgresql-12-12.4/src/bin/pg_rewind/libpq_fetch.c:279:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		chunkoff_str[32];
data/postgresql-12-12.4/src/bin/pg_rewind/libpq_fetch.c:326:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&chunkoff, PQgetvalue(res, 0, 1), sizeof(int64));
data/postgresql-12-12.4/src/bin/pg_rewind/libpq_fetch.c:332:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(filename, PQgetvalue(res, 0, 0), filenamelen);
data/postgresql-12-12.4/src/bin/pg_rewind/libpq_fetch.c:382:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *paramValues[1];
data/postgresql-12-12.4/src/bin/pg_rewind/libpq_fetch.c:400:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(result, PQgetvalue(res, 0, 0), len);
data/postgresql-12-12.4/src/bin/pg_rewind/libpq_fetch.c:422:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		linebuf[MAXPGPATH + 23];
data/postgresql-12-12.4/src/bin/pg_rewind/parsexlog.c:34:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *RmgrNames[RM_MAX_ID + 1] = {
data/postgresql-12-12.4/src/bin/pg_rewind/parsexlog.c:42:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char xlogfpath[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_rewind/parsexlog.c:218:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&checkPoint, XLogRecGetData(xlogreader), sizeof(CheckPoint));
data/postgresql-12-12.4/src/bin/pg_rewind/parsexlog.c:268:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		xlogfname[MAXFNAMELEN];
data/postgresql-12-12.4/src/bin/pg_rewind/parsexlog.c:288:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		xlogreadfd = open(xlogfpath, O_RDONLY | PG_BINARY, 0);
data/postgresql-12-12.4/src/bin/pg_rewind/pg_rewind.c:376:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&ControlFile_new, &ControlFile_source, sizeof(ControlFileData));
data/postgresql-12-12.4/src/bin/pg_rewind/pg_rewind.c:463:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fetch_done_str[32];
data/postgresql-12-12.4/src/bin/pg_rewind/pg_rewind.c:464:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fetch_size_str[32];
data/postgresql-12-12.4/src/bin/pg_rewind/pg_rewind.c:548:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		path[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_rewind/pg_rewind.c:657:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		strfbuf[128];
data/postgresql-12-12.4/src/bin/pg_rewind/pg_rewind.c:658:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		xlogfilename[MAXFNAMELEN];
data/postgresql-12-12.4/src/bin/pg_rewind/pg_rewind.c:660:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[1000];
data/postgresql-12-12.4/src/bin/pg_rewind/pg_rewind.c:720:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ControlFile, src, sizeof(ControlFileData));
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:68:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char full_buf[DEFAULT_XLOG_SEG_SIZE],
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:177:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				secs_per_test = atoi(optarg);
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:223:8:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	int			tmpfile;
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:228:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((tmpfile = open(filename, O_RDWR | O_CREAT | PG_BINARY, S_IRUSR | S_IWUSR)) == -1)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:231:12:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	if (write(tmpfile, full_buf, DEFAULT_XLOG_SEG_SIZE) !=
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:236:12:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	if (fsync(tmpfile) != 0)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:239:8:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	close(tmpfile);
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:245:8:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	int			tmpfile,
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:263:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((tmpfile = open(filename, O_RDWR | O_DSYNC | PG_O_DIRECT | PG_BINARY, 0)) == -1)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:274:15:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
				if (write(tmpfile, buf, XLOG_BLCKSZ) != XLOG_BLCKSZ)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:276:14:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
			if (lseek(tmpfile, 0, SEEK_SET) == -1)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:280:9:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		close(tmpfile);
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:293:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((tmpfile = open(filename, O_RDWR | PG_BINARY, 0)) == -1)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:299:14:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
			if (write(tmpfile, buf, XLOG_BLCKSZ) != XLOG_BLCKSZ)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:301:13:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		fdatasync(tmpfile);
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:302:13:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		if (lseek(tmpfile, 0, SEEK_SET) == -1)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:306:8:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	close(tmpfile);
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:317:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((tmpfile = open(filename, O_RDWR | PG_BINARY, 0)) == -1)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:323:14:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
			if (write(tmpfile, buf, XLOG_BLCKSZ) != XLOG_BLCKSZ)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:325:13:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		if (fsync(tmpfile) != 0)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:327:13:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		if (lseek(tmpfile, 0, SEEK_SET) == -1)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:331:8:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	close(tmpfile);
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:340:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((tmpfile = open(filename, O_RDWR | PG_BINARY, 0)) == -1)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:346:14:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
			if (write(tmpfile, buf, XLOG_BLCKSZ) != XLOG_BLCKSZ)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:348:29:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		if (pg_fsync_writethrough(tmpfile) != 0)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:350:13:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		if (lseek(tmpfile, 0, SEEK_SET) == -1)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:354:8:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	close(tmpfile);
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:366:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((tmpfile = open(filename, O_RDWR | OPEN_SYNC_FLAG | PG_O_DIRECT | PG_BINARY, 0)) == -1)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:377:15:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
				if (write(tmpfile, buf, XLOG_BLCKSZ) != XLOG_BLCKSZ)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:386:14:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
			if (lseek(tmpfile, 0, SEEK_SET) == -1)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:390:9:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		close(tmpfile);
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:424:8:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	int			tmpfile,
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:433:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((tmpfile = open(filename, O_RDWR | OPEN_SYNC_FLAG | PG_O_DIRECT | PG_BINARY, 0)) == -1)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:441:15:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
				if (write(tmpfile, buf, writes_size * 1024) !=
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:444:14:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
			if (lseek(tmpfile, 0, SEEK_SET) == -1)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:448:9:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		close(tmpfile);
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:458:8:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	int			tmpfile,
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:481:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((tmpfile = open(filename, O_RDWR | PG_BINARY, 0)) == -1)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:483:13:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		if (write(tmpfile, buf, XLOG_BLCKSZ) != XLOG_BLCKSZ)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:485:13:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		if (fsync(tmpfile) != 0)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:487:9:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		close(tmpfile);
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:493:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((tmpfile = open(filename, O_RDWR | PG_BINARY, 0)) == -1)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:495:9:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		close(tmpfile);
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:509:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((tmpfile = open(filename, O_RDWR | PG_BINARY, 0)) == -1)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:511:13:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		if (write(tmpfile, buf, XLOG_BLCKSZ) != XLOG_BLCKSZ)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:513:9:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		close(tmpfile);
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:515:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((tmpfile = open(filename, O_RDWR | PG_BINARY, 0)) == -1)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:517:13:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		if (fsync(tmpfile) != 0)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:519:9:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		close(tmpfile);
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:527:8:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	int			tmpfile,
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:540:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((tmpfile = open(filename, O_RDWR | PG_BINARY, 0)) == -1)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:542:13:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		if (write(tmpfile, buf, XLOG_BLCKSZ) != XLOG_BLCKSZ)
data/postgresql-12-12.4/src/bin/pg_test_fsync/pg_test_fsync.c:544:9:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		close(tmpfile);
data/postgresql-12-12.4/src/bin/pg_test_timing/pg_test_timing.c:71:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				test_duration = atoi(optarg);
data/postgresql-12-12.4/src/bin/pg_test_timing/pg_test_timing.c:194:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		buf[100];
data/postgresql-12-12.4/src/bin/pg_upgrade/check.c:548:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		old_cluster_pgdata[MAXPGPATH],
data/postgresql-12-12.4/src/bin/pg_upgrade/check.c:580:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		old_tablespace_dir[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_upgrade/check.c:824:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		output_path[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_upgrade/check.c:910:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		output_path[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_upgrade/check.c:995:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		output_path[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_upgrade/check.c:1100:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		output_path[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:36:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		cmd[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:37:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		bufin[MAX_STRING];
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:678:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		old_path[MAXPGPATH],
data/postgresql-12-12.4/src/bin/pg_upgrade/dump.c:38:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sql_file_name[MAXPGPATH],
data/postgresql-12-12.4/src/bin/pg_upgrade/exec.c:34:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		cmd[MAXPGPATH],
data/postgresql-12-12.4/src/bin/pg_upgrade/exec.c:87:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		cmd[MAXCMDLEN];
data/postgresql-12-12.4/src/bin/pg_upgrade/exec.c:127:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	log = fopen(log_file, "a");
data/postgresql-12-12.4/src/bin/pg_upgrade/exec.c:143:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			log = fopen(log_file, "a");
data/postgresql-12-12.4/src/bin/pg_upgrade/exec.c:203:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((log = fopen(log_file, "a")) == NULL)
data/postgresql-12-12.4/src/bin/pg_upgrade/exec.c:221:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_upgrade/exec.c:226:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = open(path, O_RDONLY, 0)) < 0)
data/postgresql-12-12.4/src/bin/pg_upgrade/exec.c:283:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = open(GLOBALS_DUMP_FILE, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR)) < 0)
data/postgresql-12-12.4/src/bin/pg_upgrade/exec.c:302:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		subDirName[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_upgrade/exec.c:411:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_upgrade/file.c:54:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((src_fd = open(src, O_RDONLY | PG_BINARY, 0)) < 0)
data/postgresql-12-12.4/src/bin/pg_upgrade/file.c:58:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((dest_fd = open(dst, O_RDWR | O_CREAT | O_EXCL | PG_BINARY,
data/postgresql-12-12.4/src/bin/pg_upgrade/file.c:91:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((src_fd = open(src, O_RDONLY | PG_BINARY, 0)) < 0)
data/postgresql-12-12.4/src/bin/pg_upgrade/file.c:95:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((dest_fd = open(dst, O_RDWR | O_CREAT | O_EXCL | PG_BINARY,
data/postgresql-12-12.4/src/bin/pg_upgrade/file.c:194:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((src_fd = open(fromfile, O_RDONLY | PG_BINARY, 0)) < 0)
data/postgresql-12-12.4/src/bin/pg_upgrade/file.c:202:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((dst_fd = open(tofile, O_RDWR | O_CREAT | O_EXCL | PG_BINARY,
data/postgresql-12-12.4/src/bin/pg_upgrade/file.c:239:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&pageheader, buffer.data, SizeOfPageHeaderData);
data/postgresql-12-12.4/src/bin/pg_upgrade/file.c:258:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(new_vmbuf.data, &pageheader, SizeOfPageHeaderData);
data/postgresql-12-12.4/src/bin/pg_upgrade/file.c:324:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		existing_file[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_upgrade/file.c:325:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		new_link_file[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_upgrade/file.c:340:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((src_fd = open(existing_file, O_RDONLY | PG_BINARY, 0)) < 0)
data/postgresql-12-12.4/src/bin/pg_upgrade/file.c:344:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((dest_fd = open(new_link_file, O_RDWR | O_CREAT | O_EXCL | PG_BINARY,
data/postgresql-12-12.4/src/bin/pg_upgrade/file.c:366:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		existing_file[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_upgrade/file.c:367:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		new_link_file[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_upgrade/function.c:189:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		output_path[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_upgrade/function.c:208:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		cmd[7 + 2 * MAXPGPATH + 1];
data/postgresql-12-12.4/src/bin/pg_upgrade/function.c:234:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(cmd, "LOAD '");
data/postgresql-12-12.4/src/bin/pg_upgrade/info.c:227:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		reldesc[1000];
data/postgresql-12-12.4/src/bin/pg_upgrade/info.c:353:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		query[QUERY_ALLOC];
data/postgresql-12-12.4/src/bin/pg_upgrade/info.c:384:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		dbinfos[tupnum].db_encoding = atoi(PQgetvalue(res, tupnum, i_encoding));
data/postgresql-12-12.4/src/bin/pg_upgrade/info.c:429:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		query[QUERY_ALLOC];
data/postgresql-12-12.4/src/bin/pg_upgrade/option.c:74:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	old_cluster.port = getenv("PGPORTOLD") ? atoi(getenv("PGPORTOLD")) : DEF_PGUPORT;
data/postgresql-12-12.4/src/bin/pg_upgrade/option.c:75:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	new_cluster.port = getenv("PGPORTNEW") ? atoi(getenv("PGPORTNEW")) : DEF_PGUPORT;
data/postgresql-12-12.4/src/bin/pg_upgrade/option.c:130:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				user_opts.jobs = atoi(optarg);
data/postgresql-12-12.4/src/bin/pg_upgrade/option.c:169:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				if ((old_cluster.port = atoi(optarg)) <= 0)
data/postgresql-12-12.4/src/bin/pg_upgrade/option.c:177:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				if ((new_cluster.port = atoi(optarg)) <= 0)
data/postgresql-12-12.4/src/bin/pg_upgrade/option.c:272:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		cwd[MAXPGPATH],
data/postgresql-12-12.4/src/bin/pg_upgrade/option.c:370:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		cwd[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_upgrade/option.c:403:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		filename[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_upgrade/option.c:404:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		cmd[MAXPGPATH],
data/postgresql-12-12.4/src/bin/pg_upgrade/option.c:414:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen(filename, "r")) == NULL)
data/postgresql-12-12.4/src/bin/pg_upgrade/option.c:420:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen(filename, "r")) != NULL)
data/postgresql-12-12.4/src/bin/pg_upgrade/option.c:487:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		filename[MAXPGPATH],
data/postgresql-12-12.4/src/bin/pg_upgrade/option.c:494:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			if ((fp = fopen(filename, "r")) == NULL)
data/postgresql-12-12.4/src/bin/pg_upgrade/parallel.c:67:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		cmd[MAX_STRING];
data/postgresql-12-12.4/src/bin/pg_upgrade/pg_upgrade.c:207:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		exec_path[MAXPGPATH];	/* full path to my executable */
data/postgresql-12-12.4/src/bin/pg_upgrade/pg_upgrade.c:327:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sql_file_name[MAXPGPATH],
data/postgresql-12-12.4/src/bin/pg_upgrade/pg_upgrade.c:364:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sql_file_name[MAXPGPATH],
data/postgresql-12-12.4/src/bin/pg_upgrade/pg_upgrade.c:422:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		new_path[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_upgrade/pg_upgrade.c:439:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		old_path[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_upgrade/pg_upgrade.c:440:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		new_path[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_upgrade/pg_upgrade.c:697:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char		sql_file_name[MAXPGPATH],
data/postgresql-12-12.4/src/bin/pg_upgrade/pg_upgrade.h:188:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		db_tablespace[MAXPGPATH];	/* database default tablespace
data/postgresql-12-12.4/src/bin/pg_upgrade/pg_upgrade.h:211:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		nextxlogfile[25];
data/postgresql-12-12.4/src/bin/pg_upgrade/pg_upgrade.h:276:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		major_version_str[64];	/* string PG_VERSION of cluster */
data/postgresql-12-12.4/src/bin/pg_upgrade/pg_upgrade.h:389:32:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define fopen_priv(path, mode)	fopen(path, mode)
data/postgresql-12-12.4/src/bin/pg_upgrade/relfilenode.c:196:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		old_file[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_upgrade/relfilenode.c:197:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		new_file[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_upgrade/relfilenode.c:199:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		extent_suffix[65];
data/postgresql-12-12.4/src/bin/pg_upgrade/server.c:123:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char query[QUERY_ALLOC];
data/postgresql-12-12.4/src/bin/pg_upgrade/server.c:161:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		ver_filename[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_upgrade/server.c:167:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((version_fd = fopen(ver_filename, "r")) == NULL)
data/postgresql-12-12.4/src/bin/pg_upgrade/server.c:199:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		cmd[MAXPGPATH * 4 + 1000];
data/postgresql-12-12.4/src/bin/pg_upgrade/server.c:202:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		socket_string[MAXPGPATH + 200];
data/postgresql-12-12.4/src/bin/pg_upgrade/server.c:216:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(socket_string,
data/postgresql-12-12.4/src/bin/pg_upgrade/tablespace.c:46:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		query[QUERY_ALLOC];
data/postgresql-12-12.4/src/bin/pg_upgrade/util.c:32:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		message[MAX_STRING];
data/postgresql-12-12.4/src/bin/pg_upgrade/util.c:73:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		message[MAX_STRING];
data/postgresql-12-12.4/src/bin/pg_upgrade/util.c:90:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		message[QUERY_ALLOC];
data/postgresql-12-12.4/src/bin/pg_upgrade/version.c:30:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		output_path[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_upgrade/version.c:49:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (atoi(PQgetvalue(res, 0, i_count)) != 0)
data/postgresql-12-12.4/src/bin/pg_upgrade/version.c:240:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		output_path[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_upgrade/version.c:277:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		output_path[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_upgrade/version.c:419:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		output_path[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_waldump/compat.c:52:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[MAXDATELEN + 1];
data/postgresql-12-12.4/src/bin/pg_waldump/compat.c:53:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		ts[MAXDATELEN + 1];
data/postgresql-12-12.4/src/bin/pg_waldump/compat.c:54:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		zone[MAXDATELEN + 1];
data/postgresql-12-12.4/src/bin/pg_waldump/pg_waldump.c:140:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fpath[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_waldump/pg_waldump.c:145:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(fpath, O_RDONLY | PG_BINARY, 0);
data/postgresql-12-12.4/src/bin/pg_waldump/pg_waldump.c:244:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fpath[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_waldump/pg_waldump.c:330:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		fname[MAXFNAMELEN];
data/postgresql-12-12.4/src/bin/pg_waldump/pg_waldump.c:378:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char		fname[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pg_waldump/pg_waldump.c:398:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		fname[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pgbench/exprparse.c:988:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/postgresql-12-12.4/src/bin/pgbench/exprparse.c:1182:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char yymsgbuf[128];
data/postgresql-12-12.4/src/bin/pgbench/exprscan.c:2811:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(result, scanptr, slen);
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:506:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *argv[MAX_ARGS];
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:1155:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char password[100];
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:1165:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		const char *keywords[PARAMS_ARRAY_SIZE];
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:1166:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		const char *values[PARAMS_ARRAY_SIZE];
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:1257:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		stringform[64];
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:1509:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(name, &sql[1], i - 1);
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:1531:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(param, value, valueln);
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:2494:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		command[SHELL_COMMAND_SIZE];
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:2498:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		res[64];
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:2539:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(command + len, arg, arglen);
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:2599:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buffer, "P%d_%d", file, state);
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:2650:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		const char *params[MAX_ARGS];
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:2661:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		name[MAX_PREPARE_NAME];
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:2662:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		const char *params[MAX_ARGS];
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:2672:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char		name[MAX_PREPARE_NAME];
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:2840:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		usec = atoi(var);
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:2843:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		usec = atoi(argv[1]);
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:3659:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		opts[256];
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:3660:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		buffer[256];
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:3696:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sql[256];
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:3857:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		buffer[256];
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:3991:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		var[13];
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:4017:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(var, "$%d", cmd->argc);
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:4160:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buffer[128];
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:4612:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	else if ((fd = fopen(filename, "r")) == NULL)
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:4777:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tbuf[315];
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:5197:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				nclients = atoi(optarg);
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:5225:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				nthreads = atoi(optarg);
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:5250:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				scale = atoi(optarg);
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:5259:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				nxacts = atoi(optarg);
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:5269:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				duration = atoi(optarg);
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:5333:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				fillfactor = atoi(optarg);
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:5354:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				progress = atoi(optarg);
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:5415:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				agg_interval = atoi(optarg);
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:5691:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		scale = atoi(PQgetvalue(res, 0, 0));
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:5926:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		logpath[MAXPGPATH];
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:5934:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		thread->logfile = fopen(logpath, "w");
data/postgresql-12-12.4/src/bin/pgevent/pgevent.c:25:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char		event_source[256] = DEFAULT_EVENT_SOURCE;
data/postgresql-12-12.4/src/bin/pgevent/pgevent.c:69:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buffer[_MAX_PATH];
data/postgresql-12-12.4/src/bin/pgevent/pgevent.c:70:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		key_name[400];
data/postgresql-12-12.4/src/bin/pgevent/pgevent.c:129:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		key_name[400];
data/postgresql-12-12.4/src/bin/psql/command.c:960:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				lineno = atoi(ln);
data/postgresql-12-12.4/src/bin/psql/command.c:1012:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		sverbuf[32];
data/postgresql-12-12.4/src/bin/psql/command.c:1828:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		pw1[100];
data/postgresql-12-12.4/src/bin/psql/command.c:1829:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		pw2[100];
data/postgresql-12-12.4/src/bin/psql/command.c:2203:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		sverbuf[32];
data/postgresql-12-12.4/src/bin/psql/command.c:2433:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
					fd = fopen(fname, "w");
data/postgresql-12-12.4/src/bin/psql/command.c:2846:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[100];
data/postgresql-12-12.4/src/bin/psql/command.c:3204:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		cverbuf[32];
data/postgresql-12-12.4/src/bin/psql/command.c:3205:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sverbuf[32];
data/postgresql-12-12.4/src/bin/psql/command.c:3324:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		vbuf[32];
data/postgresql-12-12.4/src/bin/psql/command.c:3453:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fnametmp[MAXPGPATH];
data/postgresql-12-12.4/src/bin/psql/command.c:3473:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		tmpdir[MAXPGPATH];
data/postgresql-12-12.4/src/bin/psql/command.c:3500:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fd = open(fname, O_WRONLY | O_CREAT | O_EXCL, 0600);
data/postgresql-12-12.4/src/bin/psql/command.c:3559:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		stream = fopen(fname, PG_BINARY_R);
data/postgresql-12-12.4/src/bin/psql/command.c:3568:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		line[1024];
data/postgresql-12-12.4/src/bin/psql/command.c:3619:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		relpath[MAXPGPATH];
data/postgresql-12-12.4/src/bin/psql/command.c:3647:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fd = fopen(filename, PG_BINARY_R);
data/postgresql-12-12.4/src/bin/psql/command.c:3892:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			popt->topt.border = atoi(value);
data/postgresql-12-12.4/src/bin/psql/command.c:4048:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			popt->topt.pager_min_lines = atoi(value);
data/postgresql-12-12.4/src/bin/psql/command.c:4064:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			popt->topt.columns = atoi(value);
data/postgresql-12-12.4/src/bin/psql/command.c:4464:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		timebuf[128];
data/postgresql-12-12.4/src/bin/psql/command.c:4834:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	lineno = atoi(c);
data/postgresql-12-12.4/src/bin/psql/common.c:65:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		*fout = fopen(fname, "w");
data/postgresql-12-12.4/src/bin/psql/common.c:283:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		errbuf[256];
data/postgresql-12-12.4/src/bin/psql/common.c:320:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		errbuf[256];
data/postgresql-12-12.4/src/bin/psql/common.c:1213:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[16];
data/postgresql-12-12.4/src/bin/psql/common.c:1336:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		buf[3];
data/postgresql-12-12.4/src/bin/psql/common.c:1392:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		sverbuf[32];
data/postgresql-12-12.4/src/bin/psql/common.c:1721:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fetch_cmd[64];
data/postgresql-12-12.4/src/bin/psql/common.c:1920:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		buf[32];
data/postgresql-12-12.4/src/bin/psql/common.c:2376:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		home[MAXPGPATH];
data/postgresql-12-12.4/src/bin/psql/copy.c:299:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				copystream = fopen(options->file, PG_BINARY_R);
data/postgresql-12-12.4/src/bin/psql/copy.c:319:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				copystream = fopen(options->file, PG_BINARY_W);
data/postgresql-12-12.4/src/bin/psql/copy.c:518:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[COPYBUFSIZ];
data/postgresql-12-12.4/src/bin/psql/crosstabview.c:605:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			hmap[i * 2] = atoi(val);
data/postgresql-12-12.4/src/bin/psql/crosstabview.c:643:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		idx = atoi(arg) - 1;
data/postgresql-12-12.4/src/bin/psql/describe.c:160:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sverbuf[32];
data/postgresql-12-12.4/src/bin/psql/describe.c:229:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sverbuf[32];
data/postgresql-12-12.4/src/bin/psql/describe.c:340:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sverbuf[32];
data/postgresql-12-12.4/src/bin/psql/describe.c:351:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sverbuf[32];
data/postgresql-12-12.4/src/bin/psql/describe.c:1100:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sverbuf[32];
data/postgresql-12-12.4/src/bin/psql/describe.c:1459:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *headers[11];
data/postgresql-12-12.4/src/bin/psql/describe.c:1665:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	tableinfo.checks = atoi(PQgetvalue(res, 0, 0));
data/postgresql-12-12.4/src/bin/psql/describe.c:1700:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char	   *footers[2] = {NULL, NULL};
data/postgresql-12-12.4/src/bin/psql/describe.c:3482:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		conns = atoi(PQgetvalue(res, i, 6));
data/postgresql-12-12.4/src/bin/psql/describe.c:3549:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sverbuf[32];
data/postgresql-12-12.4/src/bin/psql/describe.c:3817:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sverbuf[32];
data/postgresql-12-12.4/src/bin/psql/describe.c:4433:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sverbuf[32];
data/postgresql-12-12.4/src/bin/psql/describe.c:4588:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sverbuf[32];
data/postgresql-12-12.4/src/bin/psql/describe.c:4835:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sverbuf[32];
data/postgresql-12-12.4/src/bin/psql/describe.c:4906:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sverbuf[32];
data/postgresql-12-12.4/src/bin/psql/describe.c:4977:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sverbuf[32];
data/postgresql-12-12.4/src/bin/psql/describe.c:5183:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sverbuf[32];
data/postgresql-12-12.4/src/bin/psql/describe.c:5266:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sverbuf[32];
data/postgresql-12-12.4/src/bin/psql/describe.c:5348:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sverbuf[32];
data/postgresql-12-12.4/src/bin/psql/describe.c:5409:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sverbuf[32];
data/postgresql-12-12.4/src/bin/psql/describe.c:5487:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sverbuf[32];
data/postgresql-12-12.4/src/bin/psql/describe.c:5544:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sverbuf[32];
data/postgresql-12-12.4/src/bin/psql/describe.c:5658:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sverbuf[32];
data/postgresql-12-12.4/src/bin/psql/describe.c:5729:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sverbuf[32];
data/postgresql-12-12.4/src/bin/psql/describe.c:5885:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sverbuf[32];
data/postgresql-12-12.4/src/bin/psql/input.c:193:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		line[1024];
data/postgresql-12-12.4/src/bin/psql/input.c:353:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		home[MAXPGPATH];
data/postgresql-12-12.4/src/bin/psql/input.c:448:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			fd = open(fname, O_CREAT | O_WRONLY | PG_BINARY, 0600);
data/postgresql-12-12.4/src/bin/psql/input.c:507:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		output = fopen(fname, "w");
data/postgresql-12-12.4/src/bin/psql/large_obj.c:180:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		oidbuf[32];
data/postgresql-12-12.4/src/bin/psql/large_obj.c:206:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(cmdbuf, "COMMENT ON LARGE OBJECT %u IS '", loid);
data/postgresql-12-12.4/src/bin/psql/large_obj.c:226:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(oidbuf, "%u", loid);
data/postgresql-12-12.4/src/bin/psql/large_obj.c:277:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[1024];
data/postgresql-12-12.4/src/bin/psql/prompt.c:72:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char destination[MAX_PROMPT_SIZE + 1];
data/postgresql-12-12.4/src/bin/psql/prompt.c:73:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[MAX_PROMPT_SIZE + 1];
data/postgresql-12-12.4/src/bin/psql/psqlscanslash.c:3430:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[512];
data/postgresql-12-12.4/src/bin/psql/settings.h:100:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *ctv_args[4];	/* \crosstabview arguments */
data/postgresql-12-12.4/src/bin/psql/startup.c:127:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		password[100];
data/postgresql-12-12.4/src/bin/psql/startup.c:180:51:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	pset.popt.topt.env_columns = getenv("COLUMNS") ? atoi(getenv("COLUMNS")) : 0;
data/postgresql-12-12.4/src/bin/psql/startup.c:328:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		pset.logfile = fopen(options.logfilename, "a");
data/postgresql-12-12.4/src/bin/psql/startup.c:759:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		home[MAXPGPATH];
data/postgresql-12-12.4/src/bin/psql/startup.c:760:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		rc_file[MAXPGPATH];
data/postgresql-12-12.4/src/bin/psql/startup.c:761:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		my_exec_path[MAXPGPATH];
data/postgresql-12-12.4/src/bin/psql/startup.c:762:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		etc_path[MAXPGPATH];
data/postgresql-12-12.4/src/bin/psql/tab-complete.c:3401:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char		querybuf[1024];
data/postgresql-12-12.4/src/bin/psql/tab-complete.c:4448:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buf, tab_completion_query_buf->data, i);
data/postgresql-12-12.4/src/bin/psql/tab-complete.c:4450:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buf + i, rl_line_buffer, point);
data/postgresql-12-12.4/src/bin/psql/tab-complete.c:4535:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(outptr, &buf[start], i);
data/postgresql-12-12.4/src/bin/scripts/common.c:77:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char password[100];
data/postgresql-12-12.4/src/bin/scripts/common.c:94:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		const char *keywords[7];
data/postgresql-12-12.4/src/bin/scripts/common.c:95:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		const char *values[7];
data/postgresql-12-12.4/src/bin/scripts/common.c:371:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		prompt[256];
data/postgresql-12-12.4/src/bin/scripts/common.c:381:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		resp[10];
data/postgresql-12-12.4/src/bin/scripts/common.c:461:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		errbuf[256];
data/postgresql-12-12.4/src/bin/scripts/common.c:495:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		errbuf[256];
data/postgresql-12-12.4/src/bin/scripts/createuser.c:69:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		newuser_buf[128];
data/postgresql-12-12.4/src/bin/scripts/createuser.c:70:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		newpassword_buf[100];
data/postgresql-12-12.4/src/bin/scripts/createuser.c:214:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		pw2[100];
data/postgresql-12-12.4/src/bin/scripts/dropuser.c:50:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		dropuser_buf[128];
data/postgresql-12-12.4/src/bin/scripts/pg_isready.c:40:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *keywords[PARAMS_ARRAY_SIZE];
data/postgresql-12-12.4/src/bin/scripts/pg_isready.c:41:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *values[PARAMS_ARRAY_SIZE];
data/postgresql-12-12.4/src/bin/scripts/vacuumdb.c:208:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				concurrentCons = atoi(optarg);
data/postgresql-12-12.4/src/bin/scripts/vacuumdb.c:228:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				vacopts.min_xid_age = atoi(optarg);
data/postgresql-12-12.4/src/bin/scripts/vacuumdb.c:236:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				vacopts.min_mxid_age = atoi(optarg);
data/postgresql-12-12.4/src/bin/scripts/vacuumdb.c:1133:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		errbuf[256];
data/postgresql-12-12.4/src/common/config_info.c:36:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/common/controldata_utils.c:55:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		ControlFilePath[MAXPGPATH];
data/postgresql-12-12.4/src/common/controldata_utils.c:71:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = open(ControlFilePath, O_RDONLY | PG_BINARY, 0)) == -1)
data/postgresql-12-12.4/src/common/controldata_utils.c:160:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buffer[PG_CONTROL_FILE_SIZE];
data/postgresql-12-12.4/src/common/controldata_utils.c:161:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		ControlFilePath[MAXPGPATH];
data/postgresql-12-12.4/src/common/controldata_utils.c:184:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffer, ControlFile, sizeof(ControlFileData));
data/postgresql-12-12.4/src/common/controldata_utils.c:200:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = open(ControlFilePath, O_WRONLY | PG_BINARY,
data/postgresql-12-12.4/src/common/d2s.c:662:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result, "0.000000", 8);
data/postgresql-12-12.4/src/common/d2s.c:703:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result + index + olength - i - 2, DIGIT_TABLE + c0, 2);
data/postgresql-12-12.4/src/common/d2s.c:704:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result + index + olength - i - 4, DIGIT_TABLE + c1, 2);
data/postgresql-12-12.4/src/common/d2s.c:705:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result + index + olength - i - 6, DIGIT_TABLE + d0, 2);
data/postgresql-12-12.4/src/common/d2s.c:706:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result + index + olength - i - 8, DIGIT_TABLE + d1, 2);
data/postgresql-12-12.4/src/common/d2s.c:719:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result + index + olength - i - 2, DIGIT_TABLE + c0, 2);
data/postgresql-12-12.4/src/common/d2s.c:720:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result + index + olength - i - 4, DIGIT_TABLE + c1, 2);
data/postgresql-12-12.4/src/common/d2s.c:728:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result + index + olength - i - 2, DIGIT_TABLE + c, 2);
data/postgresql-12-12.4/src/common/d2s.c:735:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result + index + olength - i - 2, DIGIT_TABLE + c, 2);
data/postgresql-12-12.4/src/common/d2s.c:877:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result + index + olength - i - 1, DIGIT_TABLE + c0, 2);
data/postgresql-12-12.4/src/common/d2s.c:878:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result + index + olength - i - 3, DIGIT_TABLE + c1, 2);
data/postgresql-12-12.4/src/common/d2s.c:879:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result + index + olength - i - 5, DIGIT_TABLE + d0, 2);
data/postgresql-12-12.4/src/common/d2s.c:880:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result + index + olength - i - 7, DIGIT_TABLE + d1, 2);
data/postgresql-12-12.4/src/common/d2s.c:895:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result + index + olength - i - 1, DIGIT_TABLE + c0, 2);
data/postgresql-12-12.4/src/common/d2s.c:896:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result + index + olength - i - 3, DIGIT_TABLE + c1, 2);
data/postgresql-12-12.4/src/common/d2s.c:904:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result + index + olength - i - 1, DIGIT_TABLE + c, 2);
data/postgresql-12-12.4/src/common/d2s.c:948:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result + index, DIGIT_TABLE + 2 * (exp / 10), 2);
data/postgresql-12-12.4/src/common/d2s.c:954:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result + index, DIGIT_TABLE + 2 * exp, 2);
data/postgresql-12-12.4/src/common/digit_table.h:8:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char DIGIT_TABLE[200] = {
data/postgresql-12-12.4/src/common/exec.c:75:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path_exe[MAXPGPATH + sizeof(".exe") - 1];
data/postgresql-12-12.4/src/common/exec.c:82:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(path_exe, ".exe");
data/postgresql-12-12.4/src/common/exec.c:131:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		cwd[MAXPGPATH],
data/postgresql-12-12.4/src/common/exec.c:236:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		orig_wd[MAXPGPATH],
data/postgresql-12-12.4/src/common/exec.c:327:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		cmd[MAXPGPATH];
data/postgresql-12-12.4/src/common/exec.c:328:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		line[MAXPGPATH];
data/postgresql-12-12.4/src/common/exec.c:567:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[MAXPGPATH];
data/postgresql-12-12.4/src/common/exec.c:568:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		my_exec_path[MAXPGPATH];
data/postgresql-12-12.4/src/common/exec.c:569:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		env_path[MAXPGPATH + sizeof("PGSYSCONFDIR=")];	/* longer than
data/postgresql-12-12.4/src/common/f2s.c:472:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result, "0.000000", 8);
data/postgresql-12-12.4/src/common/f2s.c:501:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result + index + olength - i - 2, DIGIT_TABLE + c0, 2);
data/postgresql-12-12.4/src/common/f2s.c:502:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result + index + olength - i - 4, DIGIT_TABLE + c1, 2);
data/postgresql-12-12.4/src/common/f2s.c:510:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result + index + olength - i - 2, DIGIT_TABLE + c, 2);
data/postgresql-12-12.4/src/common/f2s.c:517:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result + index + olength - i - 2, DIGIT_TABLE + c, 2);
data/postgresql-12-12.4/src/common/f2s.c:634:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result + index + olength - i - 1, DIGIT_TABLE + c0, 2);
data/postgresql-12-12.4/src/common/f2s.c:635:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result + index + olength - i - 3, DIGIT_TABLE + c1, 2);
data/postgresql-12-12.4/src/common/f2s.c:643:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result + index + olength - i - 1, DIGIT_TABLE + c, 2);
data/postgresql-12-12.4/src/common/f2s.c:683:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(result + index, DIGIT_TABLE + 2 * exp, 2);
data/postgresql-12-12.4/src/common/file_utils.c:62:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pg_wal[MAXPGPATH];
data/postgresql-12-12.4/src/common/file_utils.c:63:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pg_tblspc[MAXPGPATH];
data/postgresql-12-12.4/src/common/file_utils.c:166:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		subpath[MAXPGPATH * 2];
data/postgresql-12-12.4/src/common/file_utils.c:220:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(fname, O_RDONLY | PG_BINARY, 0);
data/postgresql-12-12.4/src/common/file_utils.c:280:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(fname, flags, 0);
data/postgresql-12-12.4/src/common/file_utils.c:315:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		parentpath[MAXPGPATH];
data/postgresql-12-12.4/src/common/file_utils.c:354:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(newfile, PG_BINARY | O_RDWR, 0);
data/postgresql-12-12.4/src/common/md5.c:58:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ret, b, sizeof(uint8) * len);
data/postgresql-12-12.4/src/common/md5.c:339:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(crypt_buf, passwd, passwd_len);
data/postgresql-12-12.4/src/common/md5.c:340:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(crypt_buf + passwd_len, salt, salt_len);
data/postgresql-12-12.4/src/common/md5.c:342:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(buf, "md5");
data/postgresql-12-12.4/src/common/rmtree.c:45:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pathbuf[MAXPGPATH];
data/postgresql-12-12.4/src/common/ryu_common.h:99:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result, "NaN", 3);
data/postgresql-12-12.4/src/common/ryu_common.h:108:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result + sign, "Infinity", 8);
data/postgresql-12-12.4/src/common/ryu_common.h:120:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&bits, &f, sizeof(float));
data/postgresql-12-12.4/src/common/ryu_common.h:129:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&bits, &d, sizeof(double));
data/postgresql-12-12.4/src/common/saslprep.c:1240:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		unsigned char buf[4];
data/postgresql-12-12.4/src/common/scram-common.c:127:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(result, Ui_prev, SCRAM_KEY_LEN);
data/postgresql-12-12.4/src/common/scram-common.c:137:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(Ui_prev, Ui, SCRAM_KEY_LEN);
data/postgresql-12-12.4/src/common/scram-common.c:232:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	p = result + sprintf(result, "SCRAM-SHA-256$%d:", iterations);
data/postgresql-12-12.4/src/common/sha2.c:272:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(context->state, sha256_initial_hash_value, PG_SHA256_DIGEST_LENGTH);
data/postgresql-12-12.4/src/common/sha2.c:483:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&context->buffer[usedspace], data, freespace);
data/postgresql-12-12.4/src/common/sha2.c:492:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&context->buffer[usedspace], data, len);
data/postgresql-12-12.4/src/common/sha2.c:510:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(context->buffer, data, len);
data/postgresql-12-12.4/src/common/sha2.c:584:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(digest, context->state, PG_SHA256_DIGEST_LENGTH);
data/postgresql-12-12.4/src/common/sha2.c:598:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(context->state, sha512_initial_hash_value, PG_SHA512_DIGEST_LENGTH);
data/postgresql-12-12.4/src/common/sha2.c:809:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&context->buffer[usedspace], data, freespace);
data/postgresql-12-12.4/src/common/sha2.c:818:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&context->buffer[usedspace], data, len);
data/postgresql-12-12.4/src/common/sha2.c:836:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(context->buffer, data, len);
data/postgresql-12-12.4/src/common/sha2.c:913:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(digest, context->state, PG_SHA512_DIGEST_LENGTH);
data/postgresql-12-12.4/src/common/sha2.c:927:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(context->state, sha384_initial_hash_value, PG_SHA512_DIGEST_LENGTH);
data/postgresql-12-12.4/src/common/sha2.c:958:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(digest, context->state, PG_SHA384_DIGEST_LENGTH);
data/postgresql-12-12.4/src/common/sha2.c:971:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(context->state, sha224_initial_hash_value, PG_SHA256_DIGEST_LENGTH);
data/postgresql-12-12.4/src/common/sha2.c:1001:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(digest, context->state, PG_SHA224_DIGEST_LENGTH);
data/postgresql-12-12.4/src/common/unicode/norm_test.c:26:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[BUF_DIGITS * 2 + 1];
data/postgresql-12-12.4/src/common/username.c:53:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char username[256 + 1];
data/postgresql-12-12.4/src/common/wait_error.c:34:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		str[512];
data/postgresql-12-12.4/src/fe_utils/mbprint.c:326:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy((char *) ptr, "\\r");
data/postgresql-12-12.4/src/fe_utils/mbprint.c:340:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf((char *) ptr, "\\x%02X", *pwcs);
data/postgresql-12-12.4/src/fe_utils/mbprint.c:353:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf((char *) ptr, "\\u%04X", utf8_to_unicode(pwcs));
data/postgresql-12-12.4/src/fe_utils/mbprint.c:361:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf((char *) ptr, "\\u????");
data/postgresql-12-12.4/src/fe_utils/print.c:55:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char default_footer[100];
data/postgresql-12-12.4/src/fe_utils/print.c:107:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *vertical_and_right[2];
data/postgresql-12-12.4/src/fe_utils/print.c:108:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *vertical_and_left[2];
data/postgresql-12-12.4/src/fe_utils/print.c:114:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *vertical_and_horizontal[2];
data/postgresql-12-12.4/src/fe_utils/print.c:115:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *up_and_horizontal[2];
data/postgresql-12-12.4/src/fe_utils/print.c:116:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *down_and_horizontal[2];
data/postgresql-12-12.4/src/fe_utils/print.c:981:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			pg_wcsformat((const unsigned char *) ptr[j], strlen(ptr[j]), encoding,
data/postgresql-12-12.4/src/fe_utils/print.c:1643:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				fputnbytes(fout, (char *) (dlineptr[dline].ptr + offset),
data/postgresql-12-12.4/src/fe_utils/psqlscan.c:6084:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(newtxt, txt, len);
data/postgresql-12-12.4/src/fe_utils/psqlscan.c:6151:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(result, txt, len);
data/postgresql-12-12.4/src/include/access/ginblock.h:343:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char bytes[FLEXIBLE_ARRAY_MEMBER]; /* varbyte encoded items */
data/postgresql-12-12.4/src/include/access/gist_private.h:51:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tupledata[FLEXIBLE_ARRAY_MEMBER];
data/postgresql-12-12.4/src/include/access/htup_details.h:630:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		mt_padding[MINIMAL_TUPLE_PADDING];
data/postgresql-12-12.4/src/include/access/relscan.h:160:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		ps_snapshot_data[FLEXIBLE_ARRAY_MEMBER];
data/postgresql-12-12.4/src/include/access/slru.h:103:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		lwlock_tranche_name[SLRU_MAX_NAME_LENGTH];
data/postgresql-12-12.4/src/include/access/slru.h:134:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		Dir[64];
data/postgresql-12-12.4/src/include/access/tuptoaster.h:126:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&(toast_pointer), VARDATA_EXTERNAL(attre), sizeof(toast_pointer)); \
data/postgresql-12-12.4/src/include/access/xact.h:318:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		twophase_gid[GIDSIZE];	/* only for 2PC */
data/postgresql-12-12.4/src/include/access/xact.h:343:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		twophase_gid[GIDSIZE];	/* only for 2PC */
data/postgresql-12-12.4/src/include/access/xlog_internal.h:241:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		rp_name[MAXFNAMELEN];
data/postgresql-12-12.4/src/include/c.h:551:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		vl_len_[4];		/* Do not touch this field directly! */
data/postgresql-12-12.4/src/include/c.h:552:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		vl_dat[FLEXIBLE_ARRAY_MEMBER];	/* Data content is here */
data/postgresql-12-12.4/src/include/c.h:605:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		data[NAMEDATALEN];
data/postgresql-12-12.4/src/include/c.h:1070:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		data[BLCKSZ];
data/postgresql-12-12.4/src/include/c.h:1078:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		data[XLOG_BLCKSZ];
data/postgresql-12-12.4/src/include/c.h:1248:27:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define memmove(d, s, c)		bcopy(s, d, c)
data/postgresql-12-12.4/src/include/catalog/pg_control.h:229:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		mock_authentication_nonce[MOCK_AUTH_NONCE_LEN];
data/postgresql-12-12.4/src/include/catalog/pg_proc.h:104:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		proargmodes[1] BKI_DEFAULT(_null_);
data/postgresql-12-12.4/src/include/catalog/pg_statistic_ext.h:52:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		stxkind[1] BKI_FORCE_NOT_NULL;	/* statistics kinds requested
data/postgresql-12-12.4/src/include/commands/prepare.h:30:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		stmt_name[NAMEDATALEN];
data/postgresql-12-12.4/src/include/commands/tablespace.h:29:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		ts_path[FLEXIBLE_ARRAY_MEMBER]; /* null-terminated string */
data/postgresql-12-12.4/src/include/commands/vacuum.h:125:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		statypalign[STATISTIC_NUM_SLOTS];
data/postgresql-12-12.4/src/include/fe_utils/print.h:116:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		csvFieldSep[2]; /* field separator for csv format */
data/postgresql-12-12.4/src/include/fe_utils/simple_list.h:37:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		val[FLEXIBLE_ARRAY_MEMBER]; /* null-terminated string here */
data/postgresql-12-12.4/src/include/fmgr.h:116:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char fcinfo_data[SizeForFunctionCallInfo(nargs)]; \
data/postgresql-12-12.4/src/include/jit/llvmjit_emit.h:139:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[512];
data/postgresql-12-12.4/src/include/jit/llvmjit_emit.h:159:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[512];
data/postgresql-12-12.4/src/include/lib/simplehash.h:480:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(newentry, oldentry, sizeof(SH_ELEMENT_TYPE));
data/postgresql-12-12.4/src/include/lib/simplehash.h:630:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(lastentry, moveentry, sizeof(SH_ELEMENT_TYPE));
data/postgresql-12-12.4/src/include/lib/simplehash.h:759:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(lastentry, curentry, sizeof(SH_ELEMENT_TYPE));
data/postgresql-12-12.4/src/include/libpq/pqcomm.h:50:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		ss_pad[128];	/* ensures struct has desired size */
data/postgresql-12-12.4/src/include/libpq/pqcomm.h:144:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		database[SM_DATABASE];	/* Database name */
data/postgresql-12-12.4/src/include/libpq/pqcomm.h:146:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		user[SM_USER];	/* User name */
data/postgresql-12-12.4/src/include/libpq/pqcomm.h:147:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		options[SM_OPTIONS];	/* Optional additional args */
data/postgresql-12-12.4/src/include/libpq/pqcomm.h:148:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		unused[SM_UNUSED];	/* Unused */
data/postgresql-12-12.4/src/include/libpq/pqcomm.h:149:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tty[SM_TTY];	/* Tty for debug output */
data/postgresql-12-12.4/src/include/libpq/pqformat.h:52:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((char *pg_restrict) (buf->data + buf->len), &ni, sizeof(uint8));
data/postgresql-12-12.4/src/include/libpq/pqformat.h:66:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((char *pg_restrict) (buf->data + buf->len), &ni, sizeof(uint16));
data/postgresql-12-12.4/src/include/libpq/pqformat.h:80:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((char *pg_restrict) (buf->data + buf->len), &ni, sizeof(uint32));
data/postgresql-12-12.4/src/include/libpq/pqformat.h:94:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((char *pg_restrict) (buf->data + buf->len), &ni, sizeof(uint64));
data/postgresql-12-12.4/src/include/libpq/pqformat.h:120:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(((char *pg_restrict) buf->data + buf->len), p, slen + 1);
data/postgresql-12-12.4/src/include/nodes/execnodes.h:1555:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		phs_snapshot_data[FLEXIBLE_ARRAY_MEMBER];
data/postgresql-12-12.4/src/include/pgstat.h:402:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		m_xlog[MAX_XFN_CHARS + 1];
data/postgresql-12-12.4/src/include/pgstat.h:686:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		last_archived_wal[MAX_XFN_CHARS + 1];	/* last WAL file
data/postgresql-12-12.4/src/include/pgstat.h:690:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		last_failed_wal[MAX_XFN_CHARS + 1]; /* WAL file involved in
data/postgresql-12-12.4/src/include/pgstat.h:984:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		ssl_version[NAMEDATALEN];
data/postgresql-12-12.4/src/include/pgstat.h:985:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		ssl_cipher[NAMEDATALEN];
data/postgresql-12-12.4/src/include/pgstat.h:986:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		ssl_client_dn[NAMEDATALEN];
data/postgresql-12-12.4/src/include/pgstat.h:992:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		ssl_client_serial[NAMEDATALEN];
data/postgresql-12-12.4/src/include/pgstat.h:994:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		ssl_issuer_dn[NAMEDATALEN];
data/postgresql-12-12.4/src/include/pgstat.h:1008:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		gss_princ[NAMEDATALEN]; /* GSSAPI Principal used to auth */
data/postgresql-12-12.4/src/include/port.h:275:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define		open(a,b,c) pgwin32_open(a,b,c)
data/postgresql-12-12.4/src/include/port.h:276:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define		fopen(a,b) pgwin32_fopen(a,b)
data/postgresql-12-12.4/src/include/port/win32_msvc/dirent.h:14:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		d_name[MAX_PATH];
data/postgresql-12-12.4/src/include/postgres.h:143:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		va_data[FLEXIBLE_ARRAY_MEMBER];
data/postgresql-12-12.4/src/include/postgres.h:149:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		va_data[FLEXIBLE_ARRAY_MEMBER]; /* Compressed data */
data/postgresql-12-12.4/src/include/postgres.h:156:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		va_data[FLEXIBLE_ARRAY_MEMBER]; /* Data begins here */
data/postgresql-12-12.4/src/include/postgres.h:164:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		va_data[FLEXIBLE_ARRAY_MEMBER]; /* Type-specific data */
data/postgresql-12-12.4/src/include/postmaster/bgworker.h:90:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		bgw_name[BGW_MAXLEN];
data/postgresql-12-12.4/src/include/postmaster/bgworker.h:91:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		bgw_type[BGW_MAXLEN];
data/postgresql-12-12.4/src/include/postmaster/bgworker.h:95:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		bgw_library_name[BGW_MAXLEN];
data/postgresql-12-12.4/src/include/postmaster/bgworker.h:96:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		bgw_function_name[BGW_MAXLEN];
data/postgresql-12-12.4/src/include/postmaster/bgworker.h:98:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		bgw_extra[BGW_EXTRALEN];
data/postgresql-12-12.4/src/include/postmaster/syslogger.h:46:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		nuls[2];		/* always \0\0 */
data/postgresql-12-12.4/src/include/postmaster/syslogger.h:51:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		data[FLEXIBLE_ARRAY_MEMBER];	/* data payload starts here */
data/postgresql-12-12.4/src/include/postmaster/syslogger.h:57:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		filler[PIPE_CHUNK_SIZE];
data/postgresql-12-12.4/src/include/replication/logicalproto.h:34:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *values[MaxTupleAttributeNumber];
data/postgresql-12-12.4/src/include/replication/message.h:26:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		message[FLEXIBLE_ARRAY_MEMBER]; /* message including the null
data/postgresql-12-12.4/src/include/replication/syncrep.h:72:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		member_names[FLEXIBLE_ARRAY_MEMBER];
data/postgresql-12-12.4/src/include/replication/walreceiver.h:110:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		conninfo[MAXCONNINFO];
data/postgresql-12-12.4/src/include/replication/walreceiver.h:116:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sender_host[NI_MAXHOST];
data/postgresql-12-12.4/src/include/replication/walreceiver.h:123:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		slotname[NAMEDATALEN];
data/postgresql-12-12.4/src/include/storage/buf_internals.h:217:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pad[BUFFERDESC_PAD_TO_SIZE];
data/postgresql-12-12.4/src/include/storage/checksum_impl.h:157:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(sums, checksumBaseOffsets, sizeof(checksumBaseOffsets));
data/postgresql-12-12.4/src/include/storage/lwlock.h:80:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pad[LWLOCK_PADDED_SIZE];
data/postgresql-12-12.4/src/include/storage/lwlock.h:87:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pad[LWLOCK_MINIMAL_SIZE];
data/postgresql-12-12.4/src/include/storage/shmem.h:60:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		key[SHMEM_INDEX_KEYSIZE];	/* string name */
data/postgresql-12-12.4/src/include/tsearch/dicts/regis.h:24:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char data[FLEXIBLE_ARRAY_MEMBER];
data/postgresql-12-12.4/src/include/tsearch/dicts/spell.h:79:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		word[FLEXIBLE_ARRAY_MEMBER];
data/postgresql-12-12.4/src/include/tsearch/ts_locale.h:47:23:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define COPYCHAR(d,s)	memcpy(d, s, pg_mblen(s))
data/postgresql-12-12.4/src/include/tsearch/ts_type.h:209:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		data[FLEXIBLE_ARRAY_MEMBER];	/* data starts here */
data/postgresql-12-12.4/src/include/utils/datetime.h:210:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		token[TOKMAXLEN + 1];	/* always NUL-terminated */
data/postgresql-12-12.4/src/include/utils/datetime.h:228:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		zone[FLEXIBLE_ARRAY_MEMBER];	/* NUL-terminated zone name */
data/postgresql-12-12.4/src/include/utils/expandeddatum.h:110:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		eoh_rw_ptr[EXPANDED_POINTER_SIZE];
data/postgresql-12-12.4/src/include/utils/expandeddatum.h:113:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		eoh_ro_ptr[EXPANDED_POINTER_SIZE];
data/postgresql-12-12.4/src/include/utils/inet.h:27:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char ipaddr[16];	/* up to 128 bits of address */
data/postgresql-12-12.4/src/include/utils/inet.h:54:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		vl_len_[4];		/* Do not touch this field directly! */
data/postgresql-12-12.4/src/include/utils/jsonpath.h:25:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		data[FLEXIBLE_ARRAY_MEMBER];
data/postgresql-12-12.4/src/include/utils/relmapper.h:32:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		data[FLEXIBLE_ARRAY_MEMBER];
data/postgresql-12-12.4/src/include/utils/uuid.h:22:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char data[UUID_LEN];
data/postgresql-12-12.4/src/interfaces/ecpg/compatlib/informix.c:175:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(target, src, sizeof(decimal));
data/postgresql-12-12.4/src/interfaces/ecpg/compatlib/informix.c:188:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(new, str, use_len);
data/postgresql-12-12.4/src/interfaces/ecpg/compatlib/informix.c:677:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(str, tmp, strlen(tmp));
data/postgresql-12-12.4/src/interfaces/ecpg/compatlib/informix.c:783:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tmp[2] = " ";
data/postgresql-12-12.4/src/interfaces/ecpg/compatlib/informix.c:1039:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((char *) sqlca, (char *) &sqlca_init, sizeof(struct sqlca_t));
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/data.c:336:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(var + offset * act_tuple, pval, size);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/data.c:339:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(var + offset * act_tuple, pval, varcharsize * offset);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/data.c:602:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
								memcpy(str, pval, size);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/descriptor.c:221:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(variable->arr, value, strlen(value));
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/descriptor.c:292:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		type_str[20];
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/descriptor.c:717:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char		type_str[20];
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/ecpglib_extern.h:41:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		arr[FLEXIBLE_ARRAY_MEMBER];
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/ecpglib_extern.h:48:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		arr[FLEXIBLE_ARRAY_MEMBER];
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:274:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(array_query, "select typlen from pg_type where oid=%d and typelem<>0", type);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:285:15:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			isarray = (atol((char *) PQgetvalue(query, 0, 0)) == -1) ? ECPG_ARRAY_ARRAY : ECPG_ARRAY_VECTOR;
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:502:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(to_data, "'\\x");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:581:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
						sprintf(mallocedval + strlen(mallocedval), "%hd,", ((short *) var->value)[element]);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:586:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(mallocedval, "%hd", *((short *) var->value));
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:600:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
						sprintf(mallocedval + strlen(mallocedval), "%d,", ((int *) var->value)[element]);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:605:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(mallocedval, "%d", *((int *) var->value));
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:619:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
						sprintf(mallocedval + strlen(mallocedval), "%hu,", ((unsigned short *) var->value)[element]);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:624:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(mallocedval, "%hu", *((unsigned short *) var->value));
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:638:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
						sprintf(mallocedval + strlen(mallocedval), "%u,", ((unsigned int *) var->value)[element]);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:643:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(mallocedval, "%u", *((unsigned int *) var->value));
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:657:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
						sprintf(mallocedval + strlen(mallocedval), "%ld,", ((long *) var->value)[element]);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:662:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(mallocedval, "%ld", *((long *) var->value));
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:676:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
						sprintf(mallocedval + strlen(mallocedval), "%lu,", ((unsigned long *) var->value)[element]);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:681:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(mallocedval, "%lu", *((unsigned long *) var->value));
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:695:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
						sprintf(mallocedval + strlen(mallocedval), "%lld,", ((long long int *) var->value)[element]);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:700:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(mallocedval, "%lld", *((long long int *) var->value));
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:714:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
						sprintf(mallocedval + strlen(mallocedval), "%llu,", ((unsigned long long int *) var->value)[element]);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:719:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(mallocedval, "%llu", *((unsigned long long int *) var->value));
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:771:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
						sprintf(mallocedval + strlen(mallocedval), "%c,", (((bool *) var->value)[element]) ? 't' : 'f');
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:778:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
						sprintf(mallocedval, "%c", (*((char *) var->value)) ? 't' : 'f');
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:780:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
						sprintf(mallocedval, "%c", (*((int *) var->value)) ? 't' : 'f');
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:834:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(mallocedval, variable->arr, variable->len);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:912:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
						memcpy(mallocedval + strlen(mallocedval), str, slen + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:959:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
						memcpy(mallocedval + strlen(mallocedval), str, slen + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:1006:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
						memcpy(mallocedval + strlen(mallocedval), str, slen + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:1053:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
						memcpy(mallocedval + strlen(mallocedval), str, slen + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:1179:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(*tobeinserted, desc_item->data, desc_item->data_len);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:1876:24:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			sqlca->sqlerrd[2] = atol(PQcmdTuples(stmt->results));
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/misc.c:101:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((char *) sqlca, (char *) &sqlca_init, sizeof(struct sqlca_t));
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/prepare.c:31:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		stmtID[STMTID_SIZE];
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/prepare.c:141:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(newcopy, *text, ptr);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/prepare.c:581:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		stmtID[STMTID_SIZE];
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/prepare.c:586:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(stmtID, "ecpg%d", nextStmtID++);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/sqlda.c:349:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(sqlda->sqlvar[i].sqldata, num, sizeof(numeric));
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/sqlda.c:354:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
						memcpy((char *) sqlda + offset, num->buf, num->digits - num->buf + num->ndigits);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/sqlda.c:426:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(sqlda->sqldaid, "SQLDA  ");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/sqlda.c:538:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(sqlda->sqlvar[i].sqldata, num, sizeof(numeric));
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/sqlda.c:543:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
						memcpy((char *) sqlda + offset, num->buf, num->digits - num->buf + num->ndigits);
data/postgresql-12-12.4/src/interfaces/ecpg/include/sqlca.h:21:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlcaid[8];
data/postgresql-12-12.4/src/interfaces/ecpg/include/sqlca.h:27:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sqlerrmc[SQLERRMC_LEN];
data/postgresql-12-12.4/src/interfaces/ecpg/include/sqlca.h:29:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlerrp[8];
data/postgresql-12-12.4/src/interfaces/ecpg/include/sqlca.h:39:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlwarn[8];
data/postgresql-12-12.4/src/interfaces/ecpg/include/sqlca.h:53:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlstate[5];
data/postgresql-12-12.4/src/interfaces/ecpg/include/sqlda-compat.h:41:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		desc_name[19];	/* descriptor name				*/
data/postgresql-12-12.4/src/interfaces/ecpg/include/sqlda-native.h:21:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		data[NAMEDATALEN];
data/postgresql-12-12.4/src/interfaces/ecpg/include/sqlda-native.h:35:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqldaid[8];
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/common.c:47:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(*output, replace_val.str_val, i + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/datetime.c:55:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *field[MAXDATEFIELDS];
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/datetime.c:57:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		lowstr[MAXDATELEN + MAXDATEFIELDS];
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/datetime.c:105:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[MAXDATELEN + 1];
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/datetime.c:261:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(start_pattern, replace_val.str_val,
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/datetime.c:274:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
						memcpy(start_pattern, t, strlen(t));
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/datetime.c:286:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
						memcpy(start_pattern, t, strlen(t));
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/datetime.c:298:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
						memcpy(start_pattern, t, strlen(t));
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt.h:203:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		token[TOKMAXLEN + 1];	/* always NUL-terminated */
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:679:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(str, "%04d-%02d-%02d",
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:689:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(str, "%02d/%02d", tm->tm_mday, tm->tm_mon);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:691:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(str, "%02d/%02d", tm->tm_mon, tm->tm_mday);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:693:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(str + 5, "/%04d", tm->tm_year);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:700:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(str, "%02d.%02d", tm->tm_mday, tm->tm_mon);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:702:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(str + 5, ".%04d", tm->tm_year);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:711:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(str, "%02d-%02d", tm->tm_mday, tm->tm_mon);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:713:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(str, "%02d-%02d", tm->tm_mon, tm->tm_mday);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:715:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(str + 5, "-%04d", tm->tm_year);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:771:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(str, "%04d-%02d-%02d %02d:%02d",
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:781:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(str + strlen(str), ":%02d.%06d", tm->tm_sec, fsec);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:785:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(str + strlen(str), ":%02d", tm->tm_sec);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:788:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(str + strlen(str), " BC");
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:795:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(str + strlen(str), "%+03d:%02d", hour, min);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:797:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(str + strlen(str), "%+03d", hour);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:805:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(str, "%02d/%02d", tm->tm_mday, tm->tm_mon);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:807:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(str, "%02d/%02d", tm->tm_mon, tm->tm_mday);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:809:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(str + 5, "/%04d %02d:%02d",
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:819:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(str + strlen(str), ":%02d.%06d", tm->tm_sec, fsec);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:823:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(str + strlen(str), ":%02d", tm->tm_sec);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:826:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(str + strlen(str), " BC");
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:837:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(str + strlen(str), " %.*s", MAXTZLEN, tzn);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:843:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
						sprintf(str + strlen(str), "%+03d:%02d", hour, min);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:845:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
						sprintf(str + strlen(str), "%+03d", hour);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:853:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(str, "%02d.%02d", tm->tm_mday, tm->tm_mon);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:855:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(str + 5, ".%04d %02d:%02d",
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:865:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(str + strlen(str), ":%02d.%06d", tm->tm_sec, fsec);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:869:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(str + strlen(str), ":%02d", tm->tm_sec);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:872:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(str + strlen(str), " BC");
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:877:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(str + strlen(str), " %.*s", MAXTZLEN, tzn);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:883:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
						sprintf(str + strlen(str), "%+03d:%02d", hour, min);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:885:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
						sprintf(str + strlen(str), "%+03d", hour);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:897:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(str, days[tm->tm_wday], 3);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:905:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(str + 10, " %02d:%02d", tm->tm_hour, tm->tm_min);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:913:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(str + strlen(str), ":%02d.%06d", tm->tm_sec, fsec);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:917:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(str + strlen(str), ":%02d", tm->tm_sec);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:919:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(str + strlen(str), " %04d",
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:922:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(str + strlen(str), " BC");
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:927:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(str + strlen(str), " %.*s", MAXTZLEN, tzn);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:939:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
						sprintf(str + strlen(str), " %+03d:%02d", hour, min);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:941:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
						sprintf(str + strlen(str), " %+03d", hour);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:1097:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		fstr[7];
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:1125:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			tm->tm_mday = atoi(str + 6);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:1127:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			tm->tm_mon = atoi(str + 4);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:1129:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			tm->tm_year = atoi(str + 0);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:1137:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			tm->tm_mday = atoi(str + 4);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:1139:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			tm->tm_mon = atoi(str + 2);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:1141:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			tm->tm_year = atoi(str + 0);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:1150:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			tm->tm_mday = atoi(str + 2);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:1153:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			tm->tm_year = atoi(str + 0);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:1167:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			tm->tm_sec = atoi(str + 4);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:1169:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			tm->tm_min = atoi(str + 2);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:1171:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			tm->tm_hour = atoi(str + 0);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:1180:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			tm->tm_min = atoi(str + 2);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:1182:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			tm->tm_hour = atoi(str + 0);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:1317:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *field[MAXDATEFIELDS];
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:1460:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		fstr[7];
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:2662:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(tmp, "%m/%d/%y");
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:2787:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(tmp, "%I:%M:%S %p");
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:2795:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(tmp, "%H:%M");
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:2840:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(tmp, "%H:%M:%S");
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:731:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(cp, "%d%c", value, units);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:742:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(cp, "%02d", abs(sec));
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:744:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(cp, "%d", abs(sec));
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:749:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(cp, "%02d.%0*d", abs(sec), precision, (int) Abs(fsec));
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:751:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(cp, "%d.%0*d", abs(sec), precision, (int) Abs(fsec));
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:831:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(cp, "%c%d-%d %c%d %c%d:%02d:",
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:840:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(cp, "%d-%d", year, mon);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:844:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(cp, "%d %d:%02d:", mday, hour, min);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:850:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(cp, "%d:%02d:", hour, min);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:863:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(cp, "PT0S");
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:933:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
				strcat(cp, " 0");
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:935:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
				strcat(cp, " ago");
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:1015:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *field[MAXDATEFIELDS];
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:1017:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		lowstr[MAXDATELEN + MAXDATEFIELDS];
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:1071:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[MAXDATELEN + 1];
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/numeric.c:323:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(str, "NaN");
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/numeric.c:1211:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&(divisor[1].digits[1]), var2->digits, ndigits_tmp - 1);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/numeric.c:1224:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dividend.digits, var1->digits, var1->ndigits);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/numeric.c:1272:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&divisor[guess], &divisor[1], sizeof(numeric));
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/numeric.c:1500:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buffer[DBL_DIG + 100];
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/numeric.c:1504:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	if (sprintf(buffer, "%.*g", DBL_DIG, d) <= 0)
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/timestamp.c:215:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *field[MAXDATEFIELDS];
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/timestamp.c:217:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		lowstr[MAXDATELEN + MAXDATEFIELDS];
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/timestamp.c:276:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[MAXDATELEN + 1];
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/timestamp.c:394:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
						char		tmp[4] = "%Ex";
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/descriptor.c:328:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char descriptor_names[2][MAX_DESCRIPTOR_NAMELEN];
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/ecpg.c:130:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		my_exec_path[MAXPGPATH];
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/ecpg.c:131:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		include_path[MAXPGPATH];
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/ecpg.c:170:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
					base_yyout = fopen(output_filename, PG_BINARY_W);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/ecpg.c:203:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char		pkginclude_path[MAXPGPATH];
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/ecpg.c:204:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char		informix_path[MAXPGPATH];
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/ecpg.c:286:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(input_filename, "stdin");
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/ecpg.c:311:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				base_yyin = fopen(input_filename, PG_BINARY_R);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/ecpg.c:328:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
					base_yyout = fopen(output_filename, PG_BINARY_W);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/output.c:108:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(line, "\n#line %d \"", base_yylineno);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/output.c:118:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(dest, "\"\n");
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/pgc.c:3452:25:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					base_yylval.ival = atol(yytext+1);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/pgc.c:5416:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(literalbuf+literallen, ytext, yleng);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/pgc.c:5464:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char inc_file[MAXPGPATH];
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/pgc.c:5501:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		yyin = fopen(inc_file, "r");
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/pgc.c:5506:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
				strcat(inc_file, ".h");
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/pgc.c:5507:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				yyin = fopen(inc_file, "r");
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/pgc.c:5528:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			yyin = fopen(inc_file, "r");
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/pgc.c:5533:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
					strcat(inc_file, ".h");
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/pgc.c:5534:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
					yyin = fopen( inc_file, "r" );
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:120:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char	pacounter_buffer[sizeof(int) * CHAR_BIT * 10 / 3]; /* a rough guess at the size we need */
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:122:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *actual_startline[STRUCT_DEPTH];
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:305:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(pacounter_buffer, "$%d", pacounter++);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:343:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char var_text[20];
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:350:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(var_text, "%d))", ecpg_internal_var);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:369:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					 && atoi(ptr->variable->type->size) > 1)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:386:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					 && atoi(ptr->variable->type->size) > 1)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:476:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(var_text, "%d))", ecpg_internal_var);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:523:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				else if (atoi(ptr->indicator->type->size) > 1)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:648:4:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			atoi(this->type->type_index) >= 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:33979:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:34185:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char yymsgbuf[128];
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:34967:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(length, "%d", (int) strlen(str));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:35070:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(length, "%d", (int) strlen(str));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:56448:8:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			if (atol(p->type->size) == 1)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57464:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					if (atoi(dimension) < 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57484:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					if (atoi(dimension) < 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57489:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					if (strcmp(dimension, "0") == 0 || abs(atoi(dimension)) == 1)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57494:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					if (atoi(length) < 0 || strcmp(length, "0") == 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57499:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(vcn, "%d", *varlen_type_counter);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57510:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					if (atoi(dimension) == -1)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57514:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
						if (atoi(length) == -1 && i > 0) /* char <var>[] = "string" */
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57530:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					if (atoi(dimension) < 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57747:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(length, "%d", (int) strlen((yyvsp[0].str)));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57938:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(length, "%d", (int) strlen((yyvsp[0].str)));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57990:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(length, "%d", (int) strlen((yyvsp[0].str)));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:58011:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(length, "%d", (int) strlen(var));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:58024:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(length, "%d", (int) strlen(var));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:58038:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(length, "%d", (int) strlen(var));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:58242:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
						if (atoi(dimension) < 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:58250:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
						if (atoi(dimension) == -1)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:58259:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
						if (atoi(dimension) == -1)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:58266:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
						if (atoi(length) >= 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:58269:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
						if (atoi(dimension) < 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:59127:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			(yyval.str) = (char *)mm_alloc(strlen((yyvsp[0].str)) + 3);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:59140:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			(yyval.str) = (char *)mm_alloc(strlen((yyvsp[0].str)) + 4);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:59154:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			(yyval.str) = (char *)mm_alloc(strlen((yyvsp[0].str)) + 4);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:445:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				if (((atoi(arrsize) > 0) ||
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:446:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					 (atoi(arrsize) == 0 && strcmp(arrsize, "0") != 0)) &&
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:477:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					if ((atoi(varcharsize) > 1 ||
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:478:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
						 (atoi(arrsize) > 0) ||
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:479:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
						 (atoi(varcharsize) == 0 && strcmp(varcharsize, "0") != 0) ||
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:480:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
						 (atoi(arrsize) == 0 && strcmp(arrsize, "0") != 0))
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:506:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(offset, "sizeof(numeric)");
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:514:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(offset, "sizeof(interval)");
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:522:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(offset, "sizeof(date)");
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:530:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(offset, "sizeof(timestamp)");
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:546:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				if (((atoi(arrsize) > 0) ||
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:547:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					 (atoi(arrsize) == 0 && strcmp(arrsize, "0") != 0)) &&
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:561:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (atoi(arrsize) < 0 && !size)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:592:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (atoi(arrsize) == 1)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:603:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (atoi(arrsize) == 1)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/variable.c:514:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (atoi(type_index) >= 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/variable.c:516:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (atoi(*length) >= 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/variable.c:522:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (atoi(type_dimension) >= 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/variable.c:524:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (atoi(*dimension) >= 0 && atoi(*length) >= 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/variable.c:524:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (atoi(*dimension) >= 0 && atoi(*length) >= 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/variable.c:527:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (atoi(*dimension) >= 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/variable.c:541:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (pointer_len > 1 && (atoi(*length) >= 0 || atoi(*dimension) >= 0))
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/variable.c:541:48:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (pointer_len > 1 && (atoi(*length) >= 0 || atoi(*dimension) >= 0))
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/variable.c:544:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (atoi(*length) >= 0 && atoi(*dimension) >= 0 && pointer_len)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/variable.c:544:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (atoi(*length) >= 0 && atoi(*dimension) >= 0 && pointer_len)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/variable.c:558:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			if (atoi(*length) >= 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/variable.c:569:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			if (atoi(*length) < 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/variable.c:591:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			if (atoi(*length) < 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/variable.c:597:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				if (atoi(*dimension) < 0 && !type_definition)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/variable.c:620:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			if (atoi(*length) >= 0)
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/charfuncs.pgc:9:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[50];
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/dec_test.pgc:40:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/dec_test.pgc:125:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	rsetnull(CDECIMALTYPE, (char *) decarr[count-1]);
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/dec_test.pgc:127:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		risnull(CDECIMALTYPE, (char *) decarr[count-1]) ? "" : "NOT ");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/dec_test.pgc:129:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		risnull(CDECIMALTYPE, (char *) decarr[0]) ? "" : "NOT ");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/describe.pgc:18:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	field_name1[30] = "not set";
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/describe.pgc:19:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	field_name2[30] = "not set";
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/describe.pgc:22:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg[128];
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/describe.pgc:26:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "connect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/describe.pgc:29:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "set");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/describe.pgc:32:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "create");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/describe.pgc:35:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "insert");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/describe.pgc:41:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/describe.pgc:50:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "allocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/describe.pgc:54:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/describe.pgc:59:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "describe");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/describe.pgc:85:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "get descriptor");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/describe.pgc:125:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "deallocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/describe.pgc:136:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "allocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/describe.pgc:140:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/describe.pgc:145:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "describe");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/describe.pgc:156:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "get descriptor");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/describe.pgc:178:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "deallocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/describe.pgc:189:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "drop");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/describe.pgc:192:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/describe.pgc:195:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "disconnect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/rfmtdate.pgc:21:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dbuf[11];
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/rfmtdate.pgc:44:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dbuf[11];
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/rfmtdate.pgc:69:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[200];
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/rfmtdate.pgc:85:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dbuf[11];
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/rfmtlong.pgc:20:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[30];
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:44:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char    val[64];
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:63:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg[128];
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:67:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "connect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:70:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "set");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:73:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "create");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:81:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "insert");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:87:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:94:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:97:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "declare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:100:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "open");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:101:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	exec sql open mycur1;
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:108:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(msg, "fetch");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:117:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "close");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:120:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "deallocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:131:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:134:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "declare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:137:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "open");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:138:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	exec sql open mycur2;
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:145:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(msg, "fetch");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:154:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "close");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:157:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "deallocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:180:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:183:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "execute");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:188:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "deallocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:217:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:220:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "execute");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:225:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:228:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "deallocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:235:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "disconnect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:240:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "drop");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:243:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:246:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "disconnect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/test_informix.pgc:94:3:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	$open c;
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/test_informix2.pgc:12:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char errorstring[255];
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/test_informix2.pgc:31:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(errorstring, "Rollback successful.\n");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/test_informix2.pgc:33:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(errorstring, "Rollback failed with code %ld.\n", SQLCODE);
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/test_informix2.pgc:51:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char dbname[30];
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/test_informix2.pgc:60:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(dbname, "ecpg1_regression");
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_oracle/char_array.pgc:24:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char shortstr[5];
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_oracle/char_array.pgc:25:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char bigstr[11];
data/postgresql-12-12.4/src/interfaces/ecpg/test/connect/test1.pgc:16:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char db[200];
data/postgresql-12-12.4/src/interfaces/ecpg/test/connect/test1.pgc:17:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pw[200];
data/postgresql-12-12.4/src/interfaces/ecpg/test/connect/test1.pgc:41:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(pw, "connectpw");
data/postgresql-12-12.4/src/interfaces/ecpg/test/connect/test1.pgc:42:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(db, "tcp:postgresql://localhost/ecpg2_regression");
data/postgresql-12-12.4/src/interfaces/ecpg/test/connect/test2.pgc:17:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id[200];
data/postgresql-12-12.4/src/interfaces/ecpg/test/connect/test2.pgc:18:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char res[200];
data/postgresql-12-12.4/src/interfaces/ecpg/test/connect/test2.pgc:23:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(id, "first");
data/postgresql-12-12.4/src/interfaces/ecpg/test/connect/test3.pgc:16:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id[200];
data/postgresql-12-12.4/src/interfaces/ecpg/test/connect/test3.pgc:17:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char res[200];
data/postgresql-12-12.4/src/interfaces/ecpg/test/connect/test3.pgc:22:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(id, "first");
data/postgresql-12-12.4/src/interfaces/ecpg/test/connect/test5.pgc:16:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char db[200];
data/postgresql-12-12.4/src/interfaces/ecpg/test/connect/test5.pgc:17:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id[200];
data/postgresql-12-12.4/src/interfaces/ecpg/test/connect/test5.pgc:29:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(db, "ecpg2_regression");
data/postgresql-12-12.4/src/interfaces/ecpg/test/connect/test5.pgc:30:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(id, "main");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-charfuncs.c:20:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[50];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-dec_test.c:41:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		convert[128];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-dec_test.c:44:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(convert, "%g", x);
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-dec_test.c:93:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-dec_test.c:178:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	rsetnull(CDECIMALTYPE, (char *) decarr[count-1]);
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-dec_test.c:180:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		risnull(CDECIMALTYPE, (char *) decarr[count-1]) ? "" : "NOT ");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-dec_test.c:182:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		risnull(CDECIMALTYPE, (char *) decarr[0]) ? "" : "NOT ");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-describe.c:75:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char field_name1 [ 30 ] = "not set" ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-describe.c:78:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char field_name2 [ 30 ] = "not set" ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-describe.c:83:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg[128];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-describe.c:87:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "connect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-describe.c:95:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "set");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-describe.c:103:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "create");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-describe.c:111:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "insert");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-describe.c:137:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-describe.c:151:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "allocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-describe.c:165:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-describe.c:175:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "describe");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-describe.c:221:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "get descriptor");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-describe.c:287:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "deallocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-describe.c:313:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "allocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-describe.c:327:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-describe.c:337:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "describe");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-describe.c:368:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "get descriptor");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-describe.c:416:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "deallocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-describe.c:442:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "drop");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-describe.c:450:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-describe.c:458:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "disconnect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-rfmtdate.c:32:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dbuf[11];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-rfmtdate.c:55:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dbuf[11];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-rfmtdate.c:80:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[200];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-rfmtdate.c:96:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dbuf[11];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-rfmtlong.c:31:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[30];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:149:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char    val[64];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:182:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg[128];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:186:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "connect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:194:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "set");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:202:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "create");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:210:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "insert");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:218:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:230:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:238:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "declare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:243:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "open");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:260:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(msg, "fetch");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:281:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "close");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:289:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "deallocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:305:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:313:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "declare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:318:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "open");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:335:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(msg, "fetch");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:356:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "close");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:364:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "deallocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:392:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:400:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "execute");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:414:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "deallocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:453:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:461:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "execute");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:475:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:483:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "deallocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:495:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "disconnect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:505:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "drop");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:513:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:521:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "disconnect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-test_informix.c:48:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char c [ 10 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-test_informix2.c:38:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlcaid[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-test_informix2.c:44:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sqlerrmc[SQLERRMC_LEN];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-test_informix2.c:46:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlerrp[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-test_informix2.c:56:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlwarn[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-test_informix2.c:70:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlstate[5];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-test_informix2.c:102:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char errorstring[255];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-test_informix2.c:123:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(errorstring, "Rollback successful.\n");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-test_informix2.c:125:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(errorstring, "Rollback failed with code %ld.\n", SQLCODE);
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-test_informix2.c:158:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char dbname [ 30 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-test_informix2.c:171:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(dbname, "ecpg1_regression");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_oracle-char_array.c:52:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char shortstr [ 5 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_oracle-char_array.c:55:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char bigstr [ 11 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/connect-test1.c:29:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char db [ 200 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/connect-test1.c:32:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char pw [ 200 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/connect-test1.c:80:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(pw, "connectpw");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/connect-test1.c:81:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(db, "tcp:postgresql://localhost/ecpg2_regression");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/connect-test2.c:39:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char id [ 200 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/connect-test2.c:42:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char res [ 200 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/connect-test2.c:49:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(id, "first");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/connect-test3.c:38:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char id [ 200 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/connect-test3.c:41:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char res [ 200 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/connect-test3.c:48:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(id, "first");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/connect-test5.c:30:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char db [ 200 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/connect-test5.c:33:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char id [ 200 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/connect-test5.c:59:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(db, "ecpg2_regression");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/connect-test5.c:60:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(id, "main");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/pgtypeslib-nan_test.c:54:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char val [ 16 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/pgtypeslib-num_test.c:37:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		convert[128];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/pgtypeslib-num_test.c:40:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(convert, "%g", x);
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/pgtypeslib-num_test2.c:38:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		convert[128];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/pgtypeslib-num_test2.c:41:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(convert, "%g", x);
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-array_of_struct.c:35:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  struct varchar_1  { int len; char arr[ 50 ]; }  name ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-array_of_struct.c:64:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  struct varchar_2  { int len; char arr[ 50 ]; }  name ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-array_of_struct.c:98:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  struct varchar_3  { int len; char arr[ 50 ]; }  name ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-array_of_struct.c:107:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  struct varchar_4  { int len; char arr[ 50 ]; }  name ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-array_of_struct.c:117:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  struct varchar_5  { int len; char arr[ 50 ]; }  onlyname [ 2 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-autoprep.c:39:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char sqlstr [ 64 ] = "SELECT item2 FROM T ORDER BY item2 NULLS LAST" ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:78:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  struct varchar_1  { int len; char arr[ 50 ]; }  curname4 ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:90:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char t [ 64 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:95:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg[128];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:99:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "connect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:113:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "set");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:121:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "create");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:135:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "insert");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:167:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:183:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "declare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:194:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "open");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:204:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch from");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:219:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:234:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch 1 from");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:249:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch :count from");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:267:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "move in");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:277:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch 1");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:292:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch :count");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:310:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "close");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:322:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "declare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:335:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "open");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:349:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch from");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:364:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:379:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch 1 from");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:394:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch :count from");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:412:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "move");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:426:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch 1");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:441:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch :count");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:459:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "close");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:471:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:485:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "declare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:505:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "open");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:527:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:542:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch from");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:557:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch 1 from");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:572:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch :count from");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:590:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "move");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:600:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch 1");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:615:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch :count");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:633:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "close");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:651:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "deallocate prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:671:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:679:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "declare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:690:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "open");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:702:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch from");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:717:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:732:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch 1 from");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:747:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch :count from");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:765:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "move");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:775:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch 1");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:790:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch :count");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:808:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "close");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:818:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "deallocate prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:828:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "drop");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:842:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:850:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "disconnect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-define.c:43:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	   typedef char  string [ 8 ];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-define.c:55:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char name [ 6 ] [ 8 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-define.c:58:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char letter [ 6 ] [ 1 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-describe.c:50:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char field_name1 [ 30 ] = "not set" ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-describe.c:53:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char field_name2 [ 30 ] = "not set" ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-describe.c:56:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char field_name3 [ 30 ] = "not set" ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-describe.c:59:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char field_name4 [ 30 ] = "not set" ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-describe.c:64:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg[128];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-describe.c:68:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "connect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-describe.c:76:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "set");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-describe.c:84:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "create");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-describe.c:92:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "insert");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-describe.c:118:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-describe.c:131:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "allocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-describe.c:157:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-describe.c:165:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "describe");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-describe.c:187:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "get descriptor");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-describe.c:258:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "deallocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-describe.c:293:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "allocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-describe.c:319:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-describe.c:327:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "describe");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-describe.c:349:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "get descriptor");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-describe.c:420:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "deallocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-describe.c:456:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "drop");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-describe.c:464:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-describe.c:472:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "disconnect"); 
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-init.c:32:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlcaid[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-init.c:38:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sqlerrmc[SQLERRMC_LEN];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-init.c:40:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlerrp[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-init.c:50:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlwarn[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-init.c:64:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlstate[5];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-outofscope.c:137:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char t [ 64 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-outofscope.c:146:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char c [ 30 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-outofscope.c:267:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg[128];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-outofscope.c:271:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "connect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-outofscope.c:279:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "set");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-outofscope.c:287:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "create");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-outofscope.c:295:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "insert");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-outofscope.c:315:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-outofscope.c:347:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "drop");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-outofscope.c:355:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-outofscope.c:363:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "disconnect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-pointer_to_struct.c:36:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  struct varchar_1  { int len; char arr[ 50 ]; }  name ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-pointer_to_struct.c:65:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  struct varchar_2  { int len; char arr[ 50 ]; }  name ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-pointer_to_struct.c:102:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char name [ 50 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-pointer_to_struct.c:111:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  struct varchar_3  { int len; char arr[ 50 ]; }  name ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-pointer_to_struct.c:121:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  struct varchar_4  { int len; char arr[ 50 ]; }  onlyname [ 2 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-type.c:46:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef char string[11];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-type.c:101:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char text [ 10 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-variable.c:78:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  struct varchar_1  { int len; char arr[ BUFFERSIZ ]; }  name ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-variable.c:97:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  struct varchar_2  { int len; char arr[ BUFFERSIZ ]; }  name ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-variable.c:100:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  struct varchar_3  { int len; char arr[ BUFFERSIZ ]; }  name ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-variable.c:124:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg[128];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-variable.c:128:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "connect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-variable.c:136:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "set");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-variable.c:144:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "create");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-variable.c:152:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "insert");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-variable.c:184:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-variable.c:192:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "open");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-variable.c:208:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(msg, "fetch");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-variable.c:243:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "close");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-variable.c:251:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "drop");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-variable.c:259:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-variable.c:267:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "disconnect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-whenever.c:54:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char c [ 6 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-whenever_do_continue.c:42:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char ename [ 12 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-whenever_do_continue.c:55:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char msg [ 128 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-whenever_do_continue.c:62:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "connect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-whenever_do_continue.c:70:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "create");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-whenever_do_continue.c:78:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "insert");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-whenever_do_continue.c:158:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "drop");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-array.c:45:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlcaid[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-array.c:51:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sqlerrmc[SQLERRMC_LEN];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-array.c:53:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlerrp[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-array.c:63:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlwarn[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-array.c:77:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlstate[5];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-array.c:142:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char text [ 25 ] = "klmnopqrst" ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-array.c:153:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(t, "0123456789");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-array.c:159:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char str[20];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-array.c:163:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(str, "2000-1-1 0%d:00:00", j);
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-array.c:165:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(str, "2000-1-1%d\n", j);
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-array.c:167:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(str, "%d hours", j+10);
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-binary.c:37:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char name [ 21 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-binary.c:43:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char byte [ 20 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-bytea.c:54:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  struct bytea_1  { int len; char arr[ 512 ]; }  send_buf [ 2 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-bytea.c:57:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  struct bytea_2  { int len; char arr[ DATA_SIZE ]; }  recv_buf [ 2 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-bytea.c:60:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  struct bytea_3  { int len; char arr[ DATA_SIZE ]; } * recv_vlen_buf ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-bytea.c:63:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  struct bytea_4  { int len; char arr[ DATA_SIZE - LACK_SIZE ]; }  recv_short_buf ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-code100.c:32:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlcaid[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-code100.c:38:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sqlerrmc[SQLERRMC_LEN];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-code100.c:40:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlerrp[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-code100.c:50:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlwarn[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-code100.c:64:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlstate[5];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-copystdout.c:34:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlcaid[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-copystdout.c:40:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sqlerrmc[SQLERRMC_LEN];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-copystdout.c:42:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlerrp[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-copystdout.c:52:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlwarn[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-copystdout.c:66:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlstate[5];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-define.c:32:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlcaid[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-define.c:38:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sqlerrmc[SQLERRMC_LEN];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-define.c:40:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlerrp[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-define.c:50:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlwarn[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-define.c:64:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlstate[5];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-define.c:105:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char s [ 200 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-desc.c:52:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char val2 [ 4 ] = "one" , val2output [] = "AAA" ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-desc.c:64:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char desc1 [ 8 ] = "outdesc" ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-describe.c:73:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char field_name1 [ 30 ] = "not set" ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-describe.c:76:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char field_name2 [ 30 ] = "not set" ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-describe.c:81:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg[128];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-describe.c:85:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "connect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-describe.c:93:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "set");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-describe.c:101:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "create");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-describe.c:109:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "insert");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-describe.c:135:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-describe.c:149:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "allocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-describe.c:163:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-describe.c:173:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "describe");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-describe.c:219:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "get descriptor");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-describe.c:285:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "deallocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-describe.c:311:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "allocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-describe.c:325:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-describe.c:335:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "describe");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-describe.c:366:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "get descriptor");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-describe.c:414:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "deallocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-describe.c:440:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "drop");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-describe.c:448:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-describe.c:456:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "disconnect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-dynalloc.c:33:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlcaid[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-dynalloc.c:39:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sqlerrmc[SQLERRMC_LEN];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-dynalloc.c:41:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlerrp[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-dynalloc.c:51:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlwarn[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-dynalloc.c:65:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlstate[5];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-dynalloc2.c:33:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlcaid[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-dynalloc2.c:39:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sqlerrmc[SQLERRMC_LEN];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-dynalloc2.c:41:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlerrp[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-dynalloc2.c:51:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlwarn[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-dynalloc2.c:65:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlstate[5];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-dyntest.c:86:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlcaid[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-dyntest.c:92:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sqlerrmc[SQLERRMC_LEN];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-dyntest.c:94:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlerrp[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-dyntest.c:104:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlwarn[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-dyntest.c:118:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlstate[5];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-dyntest.c:187:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char NAME [ 120 ] , BOOLVAR ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-dyntest.c:190:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char STRINGVAR [ 1024 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-execute.c:47:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char name [ 8 ] [ 8 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-execute.c:50:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char letter [ 8 ] [ 1 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-execute.c:53:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char command [ 128 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-execute.c:80:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(command, "insert into test (name, amount, letter) values ('db: ''r1''', 1, 'f')");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-execute.c:88:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(command, "insert into test (name, amount, letter) values ('db: ''r1''', 2, 't')");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-execute.c:96:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(command, "insert into test (name, amount, letter) select name, amount+10, letter from test");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-execute.c:106:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(command, "insert into test (name, amount, letter) select name, amount+$1, letter from test");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-execute.c:131:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf (command, "select * from test");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-execute.c:171:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char n [ 8 ] , l = letter [ i ] [ 0 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-execute.c:196:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf (command, "select * from test where amount = $1");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-execute.c:238:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char n [ 8 ] , l = letter [ i ] [ 0 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-execute.c:263:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf (command, "select * from test where amount = $1");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-execute.c:293:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char n [ 8 ] , l = letter [ i ] [ 0 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-fetch.c:31:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char str [ 25 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-func.c:28:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char text [ 25 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-indicators.c:34:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlcaid[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-indicators.c:40:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sqlerrmc[SQLERRMC_LEN];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-indicators.c:42:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlerrp[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-indicators.c:52:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlwarn[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-indicators.c:66:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlstate[5];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-oldexec.c:47:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char name [ 8 ] [ 8 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-oldexec.c:50:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char letter [ 8 ] [ 1 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-oldexec.c:53:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char command [ 128 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-oldexec.c:81:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(command, "insert into test (name, amount, letter) values ('db: ''r1''', 1, 'f')");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-oldexec.c:89:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(command, "insert into test (name, amount, letter) values ('db: ''r1''', 2, 't')");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-oldexec.c:97:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(command, "insert into test (name, amount, letter) select name, amount+10, letter from test");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-oldexec.c:107:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(command, "insert into test (name, amount, letter) select name, amount+$1, letter from test");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-oldexec.c:132:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf (command, "select * from test");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-oldexec.c:167:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char n[8], l = letter[i][0];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-oldexec.c:181:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf (command, "select * from test where ? = amount");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-oldexec.c:218:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char n[8], l = letter[i][0];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-prepareas.c:63:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char v_include_dq_name [ 16 ] , v_include_ws_name [ 16 ] , v_normal_name [ 16 ] , v_query [ 64 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-prepareas.c:68:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(v_normal_name, "normal_name");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-prepareas.c:69:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(v_include_dq_name, "include_\"_name");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-prepareas.c:70:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(v_include_ws_name, "include_ _name");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-prepareas.c:71:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(v_query, "insert into test values(?,?)");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-quote.c:31:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char var [ 25 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-show.c:30:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char var [ 25 ] = "public" ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-sqlda.c:202:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg[128];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-sqlda.c:206:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "connect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-sqlda.c:214:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "set");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-sqlda.c:222:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "create");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-sqlda.c:230:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "insert");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-sqlda.c:238:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-sqlda.c:250:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-sqlda.c:258:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "declare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-sqlda.c:263:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "open");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-sqlda.c:280:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(msg, "fetch");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-sqlda.c:301:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "close");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-sqlda.c:309:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "deallocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-sqlda.c:323:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-sqlda.c:331:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "declare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-sqlda.c:336:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "open");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-sqlda.c:346:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-sqlda.c:369:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "close");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-sqlda.c:377:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "deallocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-sqlda.c:404:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-sqlda.c:412:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "execute");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-sqlda.c:426:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "deallocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-sqlda.c:465:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-sqlda.c:473:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "execute");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-sqlda.c:487:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-sqlda.c:495:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "deallocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-sqlda.c:506:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "disconnect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-sqlda.c:516:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "drop");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-sqlda.c:524:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-sqlda.c:532:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "disconnect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-twophase.c:31:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg[128];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-twophase.c:35:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "connect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-twophase.c:49:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "create");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-twophase.c:57:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-twophase.c:65:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "begin");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-twophase.c:73:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "insert");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-twophase.c:81:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare transaction");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-twophase.c:89:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit prepared");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-twophase.c:97:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "drop");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-twophase.c:105:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "disconnect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/thread-alloc.c:56:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlcaid[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/thread-alloc.c:62:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sqlerrmc[SQLERRMC_LEN];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/thread-alloc.c:64:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlerrp[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/thread-alloc.c:74:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlwarn[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/thread-alloc.c:88:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlstate[5];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/thread-alloc.c:140:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char name [ 100 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/thread-alloc.c:149:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(name, "Connection: %d", value);
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/thread-descriptor.c:47:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlcaid[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/thread-descriptor.c:53:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sqlerrmc[SQLERRMC_LEN];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/thread-descriptor.c:55:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlerrp[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/thread-descriptor.c:65:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlwarn[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/thread-descriptor.c:79:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlstate[5];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/thread-prep.c:56:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlcaid[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/thread-prep.c:62:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sqlerrmc[SQLERRMC_LEN];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/thread-prep.c:64:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlerrp[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/thread-prep.c:74:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlwarn[8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/thread-prep.c:88:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sqlstate[5];
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/thread-prep.c:140:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char name [ 100 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/thread-prep.c:143:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char query [ 256 ] = "INSERT INTO T VALUES ( ? )" ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/thread-prep.c:149:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(name, "Connection: %d", value);
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/thread-thread.c:151:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char l_connection [ 128 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/thread-thread_implicit.c:152:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char l_connection [ 128 ] ;
data/postgresql-12-12.4/src/interfaces/ecpg/test/performance/perftest.pgc:53:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char text[16];
data/postgresql-12-12.4/src/interfaces/ecpg/test/performance/perftest.pgc:56:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(text, "%ld", i);
data/postgresql-12-12.4/src/interfaces/ecpg/test/performance/perftest.pgc:74:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char text[16];
data/postgresql-12-12.4/src/interfaces/ecpg/test/performance/perftest.pgc:93:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char text[16];
data/postgresql-12-12.4/src/interfaces/ecpg/test/pg_regress_ecpg.c:34:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		linebuf[LINEBUFSIZE];
data/postgresql-12-12.4/src/interfaces/ecpg/test/pg_regress_ecpg.c:36:6:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	s = fopen(sourcefile, "r");
data/postgresql-12-12.4/src/interfaces/ecpg/test/pg_regress_ecpg.c:42:6:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	t = fopen(outfile, "w");
data/postgresql-12-12.4/src/interfaces/ecpg/test/pg_regress_ecpg.c:88:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		inprg[MAXPGPATH];
data/postgresql-12-12.4/src/interfaces/ecpg/test/pg_regress_ecpg.c:89:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		insource[MAXPGPATH];
data/postgresql-12-12.4/src/interfaces/ecpg/test/pg_regress_ecpg.c:90:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *outfile_stdout,
data/postgresql-12-12.4/src/interfaces/ecpg/test/pg_regress_ecpg.c:92:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *outfile_stderr,
data/postgresql-12-12.4/src/interfaces/ecpg/test/pg_regress_ecpg.c:94:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *outfile_source,
data/postgresql-12-12.4/src/interfaces/ecpg/test/pg_regress_ecpg.c:96:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		cmd[MAXPGPATH * 3];
data/postgresql-12-12.4/src/interfaces/ecpg/test/pgtypeslib/nan_test.pgc:24:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	val[16];
data/postgresql-12-12.4/src/interfaces/ecpg/test/pgtypeslib/nan_test.pgc:36:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	exec sql open cur;
data/postgresql-12-12.4/src/interfaces/ecpg/test/pgtypeslib/nan_test.pgc:52:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	exec sql open cur;
data/postgresql-12-12.4/src/interfaces/ecpg/test/pgtypeslib/nan_test.pgc:78:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	exec sql open cur1;
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/autoprep.pgc:12:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sqlstr[64] = "SELECT item2 FROM T ORDER BY item2 NULLS LAST";
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:31:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	t[64];
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:34:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg[128];
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:38:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "connect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:42:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "set");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:45:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "create");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:49:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "insert");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:56:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:62:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "declare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:66:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "open");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:67:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	exec sql at test1 open :curname1;
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:69:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch from");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:73:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:77:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch 1 from");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:81:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch :count from");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:86:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "move in");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:89:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch 1");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:93:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch :count");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:98:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "close");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:103:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "declare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:107:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "open");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:108:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	exec sql at test1 open :curname2;
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:110:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch from");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:114:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:118:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch 1 from");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:122:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch :count from");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:127:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "move");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:130:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch 1");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:134:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch :count");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:139:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "close");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:144:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:148:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "declare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:152:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "open");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:153:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	exec sql at test1 open :curname3;
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:154:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	exec sql at test2 open :curname5;
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:156:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:160:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch from");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:164:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch 1 from");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:168:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch :count from");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:173:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "move");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:176:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch 1");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:180:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch :count");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:185:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "close");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:189:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "deallocate prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:199:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:202:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "declare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:205:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "open");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:206:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	exec sql at test1 open :curname4;
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:208:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch from");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:212:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:216:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch 1 from");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:220:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch :count from");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:225:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "move");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:228:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch 1");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:232:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch :count");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:237:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "close");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:240:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "deallocate prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:245:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "drop");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:249:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:252:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "disconnect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/define.pgc:21:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	typedef char string[NAMELEN];
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/define.pgc:23:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[AMOUNT][NAMELEN];
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/define.pgc:24:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char letter[AMOUNT][1];
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/outofscope.pgc:40:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	exec sql open mycur;
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/outofscope.pgc:61:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg[128];
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/outofscope.pgc:65:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "connect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/outofscope.pgc:68:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "set");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/outofscope.pgc:71:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "create");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/outofscope.pgc:74:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "insert");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/outofscope.pgc:79:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/outofscope.pgc:106:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "drop");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/outofscope.pgc:109:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/outofscope.pgc:112:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "disconnect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/pointer_to_struct.pgc:38:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char name[50];
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/struct.h:4:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		t[64];
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/struct.h:7:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		c[30];
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/type.pgc:11:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef char string[11];
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/type.pgc:35:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char text[10];
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/variable.pgc:39:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg[128];
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/variable.pgc:43:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "connect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/variable.pgc:46:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "set");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/variable.pgc:49:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "create");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/variable.pgc:52:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "insert");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/variable.pgc:59:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/variable.pgc:62:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "open");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/variable.pgc:63:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	exec sql open cur;
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/variable.pgc:71:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(msg, "fetch");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/variable.pgc:88:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "close");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/variable.pgc:91:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "drop");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/variable.pgc:94:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/variable.pgc:97:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "disconnect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/whenever.pgc:27:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	exec sql char c[6];
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/whenever_do_continue.pgc:12:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char ename[12];
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/whenever_do_continue.pgc:17:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg[128];
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/whenever_do_continue.pgc:22:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "connect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/whenever_do_continue.pgc:25:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "create");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/whenever_do_continue.pgc:28:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "insert");
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/whenever_do_continue.pgc:36:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	exec sql open c;
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/whenever_do_continue.pgc:59:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "drop");
data/postgresql-12-12.4/src/interfaces/ecpg/test/printf_hack.h:10:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		convert[128];
data/postgresql-12-12.4/src/interfaces/ecpg/test/printf_hack.h:13:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(convert, "%g", x);
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/array.pgc:26:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char text[25] = "klmnopqrst";
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/array.pgc:31:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(t, "0123456789");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/array.pgc:37:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char str[20];
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/array.pgc:41:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(str, "2000-1-1 0%d:00:00", j);
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/array.pgc:43:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(str, "2000-1-1%d\n", j);
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/array.pgc:45:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(str, "%d hours", j+10);
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/binary.pgc:10:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[21];
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/binary.pgc:12:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char byte[20];
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/bytea.pgc:79:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	exec sql open cursor1;
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/define.pgc:11:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
     char s[200];
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/desc.pgc:13:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char val2[4] = "one", val2output[] = "AAA";
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/desc.pgc:17:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char desc1[8] = "outdesc";
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/describe.pgc:18:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	field_name1[30] = "not set";
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/describe.pgc:19:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	field_name2[30] = "not set";
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/describe.pgc:22:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg[128];
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/describe.pgc:26:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "connect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/describe.pgc:29:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "set");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/describe.pgc:32:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "create");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/describe.pgc:35:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "insert");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/describe.pgc:41:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/describe.pgc:50:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "allocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/describe.pgc:54:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/describe.pgc:59:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "describe");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/describe.pgc:85:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "get descriptor");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/describe.pgc:125:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "deallocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/describe.pgc:136:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "allocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/describe.pgc:140:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/describe.pgc:145:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "describe");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/describe.pgc:156:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "get descriptor");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/describe.pgc:178:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "deallocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/describe.pgc:189:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "drop");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/describe.pgc:192:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/describe.pgc:195:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "disconnect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/dyntest.pgc:28:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char NAME[120], BOOLVAR;
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/dyntest.pgc:29:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char STRINGVAR[1024];
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/dyntest.pgc:60:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  exec sql open MYCURS;
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/execute.pgc:16:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[8][8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/execute.pgc:17:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char letter[8][1];
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/execute.pgc:18:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char command[128];
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/execute.pgc:28:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(command, "insert into test (name, amount, letter) values ('db: ''r1''', 1, 'f')");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/execute.pgc:31:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(command, "insert into test (name, amount, letter) values ('db: ''r1''', 2, 't')");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/execute.pgc:34:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(command, "insert into test (name, amount, letter) select name, amount+10, letter from test");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/execute.pgc:39:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(command, "insert into test (name, amount, letter) select name, amount+$1, letter from test");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/execute.pgc:47:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf (command, "select * from test");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/execute.pgc:52:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	exec sql open CUR;
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/execute.pgc:58:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char n[8], l = letter[i][0];
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/execute.pgc:69:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf (command, "select * from test where amount = $1");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/execute.pgc:74:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	exec sql open CUR2 using 1;
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/execute.pgc:80:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char n[8], l = letter[i][0];
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/execute.pgc:91:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf (command, "select * from test where amount = $1");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/execute.pgc:99:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char n[8], l = letter[i][0];
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/fetch.pgc:9:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char str[25];
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/func.pgc:8:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  EXEC SQL char text[25];
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/oldexec.pgc:16:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[8][8];
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/oldexec.pgc:17:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char letter[8][1];
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/oldexec.pgc:18:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char command[128];
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/oldexec.pgc:29:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(command, "insert into test (name, amount, letter) values ('db: ''r1''', 1, 'f')");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/oldexec.pgc:32:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(command, "insert into test (name, amount, letter) values ('db: ''r1''', 2, 't')");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/oldexec.pgc:35:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(command, "insert into test (name, amount, letter) select name, amount+10, letter from test");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/oldexec.pgc:40:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(command, "insert into test (name, amount, letter) select name, amount+$1, letter from test");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/oldexec.pgc:48:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf (command, "select * from test");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/oldexec.pgc:53:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	exec sql open CUR;
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/oldexec.pgc:58:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char n[8], l = letter[i][0];
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/oldexec.pgc:67:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf (command, "select * from test where ? = amount");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/oldexec.pgc:72:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	exec sql open CUR3 using 1;
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/oldexec.pgc:77:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char n[8], l = letter[i][0];
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/prepareas.pgc:23:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char v_include_dq_name[16], v_include_ws_name[16], v_normal_name[16], v_query[64];
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/prepareas.pgc:26:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(v_normal_name, "normal_name");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/prepareas.pgc:27:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(v_include_dq_name, "include_\"_name");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/prepareas.pgc:28:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(v_include_ws_name, "include_ _name");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/prepareas.pgc:29:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(v_query, "insert into test values(?,?)");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/quote.pgc:9:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char var[25];
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/show.pgc:9:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char var[25] = "public";
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:73:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg[128];
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:77:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "connect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:80:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "set");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:83:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "create");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:93:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "insert");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:101:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:108:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:111:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "declare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:114:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "open");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:115:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	exec sql open mycur1;
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:122:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(msg, "fetch");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:131:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "close");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:134:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "deallocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:143:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:146:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "declare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:149:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "open");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:150:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	exec sql open mycur2;
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:152:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "fetch");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:168:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "close");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:171:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "deallocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:193:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:196:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "execute");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:201:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "deallocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:230:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:233:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "execute");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:238:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:241:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "deallocate");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:247:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "disconnect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:252:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "drop");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:255:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/sqlda.pgc:258:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "disconnect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/twophase.pgc:11:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg[128];
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/twophase.pgc:15:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "connect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/twophase.pgc:19:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "create");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/twophase.pgc:22:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/twophase.pgc:25:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "begin");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/twophase.pgc:28:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "insert");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/twophase.pgc:31:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "prepare transaction");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/twophase.pgc:34:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "commit prepared");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/twophase.pgc:37:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "drop");
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/twophase.pgc:40:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "disconnect");
data/postgresql-12-12.4/src/interfaces/ecpg/test/thread/alloc.pgc:41:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[100];
data/postgresql-12-12.4/src/interfaces/ecpg/test/thread/alloc.pgc:46:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(name, "Connection: %d", value);
data/postgresql-12-12.4/src/interfaces/ecpg/test/thread/prep.pgc:41:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[100];
data/postgresql-12-12.4/src/interfaces/ecpg/test/thread/prep.pgc:42:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char query[256] = "INSERT INTO T VALUES ( ? )";
data/postgresql-12-12.4/src/interfaces/ecpg/test/thread/prep.pgc:46:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(name, "Connection: %d", value);
data/postgresql-12-12.4/src/interfaces/ecpg/test/thread/thread.pgc:104:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char l_connection[128];
data/postgresql-12-12.4/src/interfaces/ecpg/test/thread/thread_implicit.pgc:105:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char l_connection[128];
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth-scram.c:59:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		ServerSignature[SCRAM_KEY_LEN];
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth-scram.c:307:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		raw_nonce[SCRAM_RAW_NONCE_LEN + 1];
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth-scram.c:451:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(cbind_input, "p=tls-server-end-point,,", cbind_header_len);
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth-scram.c:452:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(cbind_input + cbind_header_len, cbind_data, cbind_data_len);
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth-scram.c:674:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(state->ServerSignature, decoded_server_signature, SCRAM_KEY_LEN);
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth-scram.c:765:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		saltbuf[SCRAM_DEFAULT_SALT_LEN];
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth.c:193:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sysmsg[256];
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth.c:293:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(conn->sspictx, &newContext, sizeof(CtxtHandle));
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth.c:671:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		unsigned char buf[CMSG_SPACE(sizeof(struct cmsgcred))];
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth.c:697:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sebuf[PG_STRERROR_R_BUFLEN];
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth.c:718:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		md5Salt[4];
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth.c:1003:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		username[256 + 1];
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth.c:1007:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pwdbuf[BUFSIZ];
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth.c:1116:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		algobuf[MAX_ALGORITHM_NAME_LEN + 1];
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:973:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(p, s, len);
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:1173:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		homedir[MAXPGPATH];
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:1529:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sebuf[PG_STRERROR_R_BUFLEN];
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:1581:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sebuf[PG_STRERROR_R_BUFLEN];
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:1586:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		service[NI_MAXHOST];
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:1602:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		host_addr[NI_MAXHOST];
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:1735:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sebuf[PG_STRERROR_R_BUFLEN];
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:1769:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sebuf[PG_STRERROR_R_BUFLEN];
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:1804:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sebuf[PG_STRERROR_R_BUFLEN];
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:1891:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sebuf[256];
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:2173:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sebuf[PG_STRERROR_R_BUFLEN];
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:2257:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		portstr[MAXPGPATH];
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:2427:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char		host_addr[NI_MAXHOST];
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:2440:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(&conn->raddr.addr, addr_cur->ai_addr,
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:2720:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char		pwdbuf[BUFSIZ];
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:4220:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&cancel->raddr, &conn->raddr, sizeof(SockAddr));
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:4262:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sebuf[PG_STRERROR_R_BUFLEN];
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:4508:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *attrs[2] = {NULL, NULL};
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:4777:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(p, values[i]->bv_val, values[i]->bv_len);
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:4941:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		serviceFile[MAXPGPATH];
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:4967:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		homedir[MAXPGPATH];
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:5016:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[MAXBUFSIZE],
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:5019:6:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	f = fopen(serviceFile, "r");
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:5230:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(opt_dest, cur_opt, sizeof(PQconninfoOption));
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:6654:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		qbuf[128];
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:6854:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[LINELEN];
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:6906:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fp = fopen(pgpassfile, "r");
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:7016:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pwdbuf[BUFSIZ];
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:7026:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tmppath[MAX_PATH];
data/postgresql-12-12.4/src/interfaces/libpq/fe-exec.c:249:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(res->attDescs, attDescs, numAttributes * sizeof(PGresAttDesc));
data/postgresql-12-12.4/src/interfaces/libpq/fe-exec.c:494:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(attval->value, value, len);
data/postgresql-12-12.4/src/interfaces/libpq/fe-exec.c:874:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		msgBuf[1024];
data/postgresql-12-12.4/src/interfaces/libpq/fe-exec.c:1190:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(val, columns[i].value, clen);
data/postgresql-12-12.4/src/interfaces/libpq/fe-exec.c:3060:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[24];
data/postgresql-12-12.4/src/interfaces/libpq/fe-exec.c:3070:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buf, res->cmdStatus + 7, len);
data/postgresql-12-12.4/src/interfaces/libpq/fe-exec.c:3528:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(rp, str, input_len);
data/postgresql-12-12.4/src/interfaces/libpq/fe-lobj.c:694:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[LO_BUFSIZE];
data/postgresql-12-12.4/src/interfaces/libpq/fe-lobj.c:697:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sebuf[PG_STRERROR_R_BUFLEN];
data/postgresql-12-12.4/src/interfaces/libpq/fe-lobj.c:702:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(filename, O_RDONLY | PG_BINARY, 0666);
data/postgresql-12-12.4/src/interfaces/libpq/fe-lobj.c:790:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[LO_BUFSIZE];
data/postgresql-12-12.4/src/interfaces/libpq/fe-lobj.c:792:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sebuf[PG_STRERROR_R_BUFLEN];
data/postgresql-12-12.4/src/interfaces/libpq/fe-lobj.c:807:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(filename, O_CREAT | O_WRONLY | O_TRUNC | PG_BINARY, 0666);
data/postgresql-12-12.4/src/interfaces/libpq/fe-lobj.c:956:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		foid = (Oid) atoi(PQgetvalue(res, n, 1));
data/postgresql-12-12.4/src/interfaces/libpq/fe-misc.c:200:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(s, conn->inBuffer + conn->inCursor, len);
data/postgresql-12-12.4/src/interfaces/libpq/fe-misc.c:277:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&tmp2, conn->inBuffer + conn->inCursor, 2);
data/postgresql-12-12.4/src/interfaces/libpq/fe-misc.c:284:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&tmp4, conn->inBuffer + conn->inCursor, 4);
data/postgresql-12-12.4/src/interfaces/libpq/fe-misc.c:570:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(conn->outBuffer + conn->outMsgEnd, buf, len);
data/postgresql-12-12.4/src/interfaces/libpq/fe-misc.c:599:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(conn->outBuffer + conn->outMsgStart, &msgLen, 4);
data/postgresql-12-12.4/src/interfaces/libpq/fe-misc.c:1130:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		sebuf[PG_STRERROR_R_BUFLEN];
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:687:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		formatString[80];
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol2.c:109:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char		setQuery[100];	/* note length limit in
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol2.c:116:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
							sprintf(setQuery, "SET client_encoding = DEFAULT");
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol2.c:118:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
							sprintf(setQuery, "SET client_encoding = '%.60s'",
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol2.c:143:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char		setQuery[100];	/* note length limit in
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol2.c:797:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		std_bitmap[64]; /* used unless it doesn't fit */
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol2.c:1216:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(*buffer, &conn->inBuffer[conn->inStart], msgLength);
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol2.c:1469:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			if (pqPutnchar((char *) args[i].u.ptr, args[i].len, conn))
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol3.c:1054:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			querypos = atoi(val);
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol3.c:1073:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				querypos = atoi(val);
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol3.c:1706:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(*buffer, &conn->inBuffer[conn->inCursor], msgLength);
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol3.c:1755:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(s, "\\.");
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol3.c:1810:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buffer, &conn->inBuffer[conn->inCursor], avail);
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol3.c:1820:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buffer, &conn->inBuffer[conn->inCursor], bufsize);
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol3.c:1965:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			if (pqPutnchar((char *) args[i].u.ptr, args[i].len, conn))
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol3.c:2163:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(packet + packet_len, &pv, sizeof(ProtocolVersion));
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-common.c:113:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(name, namedata, namelen);
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-gssapi.c:230:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(PqGSSSendBuffer + PqGSSSendLength, &netlen, sizeof(uint32));
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-gssapi.c:233:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(PqGSSSendBuffer + PqGSSSendLength, output.value, output.length);
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-gssapi.c:295:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy((char *) ptr + bytes_returned, PqGSSResultBuffer + PqGSSResultNext, bytes_to_copy);
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-gssapi.c:409:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(PqGSSResultBuffer, output.value, output.length);
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-gssapi.c:693:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(PqGSSSendBuffer, (char *) &netlen, sizeof(uint32));
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-gssapi.c:696:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(PqGSSSendBuffer + PqGSSSendLength, output.value, output.length);
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-openssl.c:145:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sebuf[PG_STRERROR_R_BUFLEN];
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-openssl.c:275:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sebuf[PG_STRERROR_R_BUFLEN];
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-openssl.c:378:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char hash[EVP_MAX_MD_SIZE];	/* size for SHA-512 */
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-openssl.c:441:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(cert_hash, hash, hash_size);
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-openssl.c:781:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		homedir[MAXPGPATH];
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-openssl.c:782:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fnbuf[MAXPGPATH];
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-openssl.c:783:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sebuf[PG_STRERROR_R_BUFLEN];
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-openssl.c:1215:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char		sebuf[PG_STRERROR_R_BUFLEN];
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-openssl.c:1424:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		static char sslbits_str[12];
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-openssl.c:1559:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(my_bio_methods, biom, sizeof(BIO_METHOD));
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure.c:243:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sebuf[PG_STRERROR_R_BUFLEN];
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure.c:328:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sebuf[PG_STRERROR_R_BUFLEN];
data/postgresql-12-12.4/src/interfaces/libpq/libpq-int.h:106:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		space[1];		/* dummy for accessing block as bytes */
data/postgresql-12-12.4/src/interfaces/libpq/libpq-int.h:146:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		contents[FLEXIBLE_ARRAY_MEMBER];	/* value, nul-terminated */
data/postgresql-12-12.4/src/interfaces/libpq/libpq-int.h:178:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		cmdStatus[CMDSTATUS_LEN];	/* cmd status from the query */
data/postgresql-12-12.4/src/interfaces/libpq/libpq-int.h:201:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		null_field[1];
data/postgresql-12-12.4/src/interfaces/libpq/libpq-int.h:387:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		last_sqlstate[6];	/* last reported SQLSTATE */
data/postgresql-12-12.4/src/interfaces/libpq/pqexpbuffer.c:38:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char oom_buffer[1] = "";
data/postgresql-12-12.4/src/interfaces/libpq/pqexpbuffer.c:406:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(str->data + str->len, data, datalen);
data/postgresql-12-12.4/src/interfaces/libpq/win32.c:324:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(strerrbuf + offs, " (0x%08X/%d)", err, err);
data/postgresql-12-12.4/src/pl/plperl/plperl.c:191:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		qname[24];
data/postgresql-12-12.4/src/pl/plperl/plperl.c:204:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		query_name[NAMEDATALEN];
data/postgresql-12-12.4/src/pl/plperl/plperl.c:241:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char plperl_opmask[MAXO];
data/postgresql-12-12.4/src/pl/plperl/plperl.c:713:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char *embedding[3 + 2] = {
data/postgresql-12-12.4/src/pl/plperl/plperl.c:786:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char	   *dummy_env[1] = {NULL};
data/postgresql-12-12.4/src/pl/plperl/plperl.c:2102:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		subname[NAMEDATALEN + 40];
data/postgresql-12-12.4/src/pl/plperl/plperl.h:94:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#undef fopen
data/postgresql-12-12.4/src/pl/plperl/plperl.h:99:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#undef open
data/postgresql-12-12.4/src/pl/plperl/ppport.h:3667:42:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#  define CopyD(s,d,n,t)                 memcpy((char*)(d),(char*)(s), (n) * sizeof(t))
data/postgresql-12-12.4/src/pl/plperl/ppport.h:6550:24:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		&& (xdigit = strchr((char *) PL_hexdigit, s[1])))
data/postgresql-12-12.4/src/pl/plperl/ppport.h:6772:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dst + used, src, copy);
data/postgresql-12-12.4/src/pl/plperl/ppport.h:6801:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dst, src, copy);
data/postgresql-12-12.4/src/pl/plperl/ppport.h:6893:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char octbuf[32] = "%123456789ABCDF";
data/postgresql-12-12.4/src/pl/plperl/ppport.h:6963:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char tmp[2];
data/postgresql-12-12.4/src/pl/plpgsql/src/pl_comp.c:416:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char		buf[32];
data/postgresql-12-12.4/src/pl/plpgsql/src/pl_comp.c:1148:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pname[32];
data/postgresql-12-12.4/src/pl/plpgsql/src/pl_comp.c:2450:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(hashkey->argtypes, procStruct->proargtypes.values,
data/postgresql-12-12.4/src/pl/plpgsql/src/pl_exec.c:1302:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(outdatum, indatum, sizeof(PLpgSQL_var));
data/postgresql-12-12.4/src/pl/plpgsql/src/pl_exec.c:1308:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(outdatum, indatum, sizeof(PLpgSQL_rec));
data/postgresql-12-12.4/src/pl/plpgsql/src/pl_gram.c:1741:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/postgresql-12-12.4/src/pl/plpgsql/src/pl_gram.c:1947:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char yymsgbuf[128];
data/postgresql-12-12.4/src/pl/plpgsql/src/pl_gram.c:2385:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
						char		buf[1024];
data/postgresql-12-12.4/src/pl/plpgsql/src/pl_gram.c:2402:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
						strcpy(buf, "SELECT ");
data/postgresql-12-12.4/src/pl/plpgsql/src/pl_gram.c:2418:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
						strcpy(cp2, "'::pg_catalog.refcursor");
data/postgresql-12-12.4/src/pl/plpgsql/src/pl_gram.c:5902:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char			*fieldnames[1024];
data/postgresql-12-12.4/src/pl/plpgsql/src/pl_gram.c:6451:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char	varname[32];
data/postgresql-12-12.4/src/pl/plpgsql/src/plpgsql.h:451:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		name[FLEXIBLE_ARRAY_MEMBER];	/* nul-terminated string */
data/postgresql-12-12.4/src/pl/plpython/plpy_elog.c:504:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[1024];
data/postgresql-12-12.4/src/pl/plpython/plpy_elog.c:520:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[1024];
data/postgresql-12-12.4/src/pl/plpython/plpy_procedure.c:140:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		procName[NAMEDATALEN + 256];
data/postgresql-12-12.4/src/pl/plpython/plpy_procedure.c:386:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		call[NAMEDATALEN + 256];
data/postgresql-12-12.4/src/pl/plpython/plpy_typeio.c:925:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(VARDATA(result), plrv_sc, len);
data/postgresql-12-12.4/src/pl/tcl/pltcl.c:165:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		qname[20];
data/postgresql-12-12.4/src/pl/tcl/pltcl.c:488:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		interpname[32];
data/postgresql-12-12.4/src/pl/tcl/pltcl.c:1455:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		internal_proname[128];
data/postgresql-12-12.4/src/pl/tcl/pltcl.c:1458:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		proc_internal_args[33 * FUNC_MAX_ARGS];
data/postgresql-12-12.4/src/pl/tcl/pltcl.c:1462:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		buf[48];
data/postgresql-12-12.4/src/pl/tcl/pltcl.c:1614:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(proc_internal_args,
data/postgresql-12-12.4/src/pl/tcl/pltcl.c:1620:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(proc_internal_args, "TG_event TG_tag");
data/postgresql-12-12.4/src/pl/tcl/pltcl.c:2228:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
									   utf_u2e((char *) Tcl_GetString(objv[1])),
data/postgresql-12-12.4/src/port/chklocale.c:223:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(r, "CP%u", loct->locinfo->lc_codepage);
data/postgresql-12-12.4/src/port/chklocale.c:234:2:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
	MultiByteToWideChar(CP_ACP, 0, ctype, -1, wctype, LOCALE_NAME_MAX_LENGTH);
data/postgresql-12-12.4/src/port/chklocale.c:248:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(r, "utf8");
data/postgresql-12-12.4/src/port/chklocale.c:250:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(r, "CP%u", cp);
data/postgresql-12-12.4/src/port/chklocale.c:296:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		sys[16];
data/postgresql-12-12.4/src/port/chklocale.c:299:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(sys, "CP%u", cp);
data/postgresql-12-12.4/src/port/crypt.c:230:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char b[8];
data/postgresql-12-12.4/src/port/crypt.c:382:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char S[8][64] = { /* 48->32 bit substitution tables */
data/postgresql-12-12.4/src/port/crypt.c:455:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char a64toi[128];	/* ascii-64 => 0..63 */
data/postgresql-12-12.4/src/port/crypt.c:477:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char cryptresult[1 + 4 + 4 + 11 + 1];	/* encrypted result */
data/postgresql-12-12.4/src/port/crypt.c:805:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static unsigned char perm[64],
data/postgresql-12-12.4/src/port/crypt.c:847:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		unsigned char pc2inv[64];
data/postgresql-12-12.4/src/port/crypt.c:965:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		  unsigned char p[64],
data/postgresql-12-12.4/src/port/dirmod.c:163:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buffer[MAX_PATH * sizeof(WCHAR) + offsetof(REPARSE_JUNCTION_DATA_BUFFER, PathBuffer)];
data/postgresql-12-12.4/src/port/dirmod.c:164:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		nativeTarget[MAX_PATH];
data/postgresql-12-12.4/src/port/dirmod.c:193:2:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
	MultiByteToWideChar(CP_ACP, 0, nativeTarget, -1,
data/postgresql-12-12.4/src/port/dirmod.c:244:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buffer[MAX_PATH * sizeof(WCHAR) + offsetof(REPARSE_JUNCTION_DATA_BUFFER, PathBuffer)];
data/postgresql-12-12.4/src/port/dlopen.c:68:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char last_dyn_error[512];
data/postgresql-12-12.4/src/port/getaddrinfo.c:194:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		buf[BUFSIZ];
data/postgresql-12-12.4/src/port/getaddrinfo.c:219:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&(sin.sin_addr), hp->h_addr, hp->h_length);
data/postgresql-12-12.4/src/port/getaddrinfo.c:231:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		sin.sin_port = pg_hton16((unsigned short) atoi(service));
data/postgresql-12-12.4/src/port/getaddrinfo.c:248:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(psin, &sin, sizeof(*psin));
data/postgresql-12-12.4/src/port/getrusage.c:61:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&li, &kerneltime, sizeof(FILETIME));
data/postgresql-12-12.4/src/port/getrusage.c:66:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&li, &usertime, sizeof(FILETIME));
data/postgresql-12-12.4/src/port/inet_net_ntop.c:188:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255/128"];
data/postgresql-12-12.4/src/port/kill.c:24:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pipename[128];
data/postgresql-12-12.4/src/port/mkdtemp.c:106:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char xtra[2] = "aa";
data/postgresql-12-12.4/src/port/mkdtemp.c:183:6:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				 open(path, O_CREAT | O_EXCL | O_RDWR, 0600)) >= 0)
data/postgresql-12-12.4/src/port/path.c:362:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(path, "../");
data/postgresql-12-12.4/src/port/path.c:363:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(path, "..");
data/postgresql-12-12.4/src/port/path.c:810:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		pwdbuf[BUFSIZ];
data/postgresql-12-12.4/src/port/pg_strong_random.c:53:6:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	f = open(filename, O_RDONLY, 0);
data/postgresql-12-12.4/src/port/snprintf.c:177:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		onebyte[1];
data/postgresql-12-12.4/src/port/snprintf.c:245:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buffer[1024];	/* size is arbitrary */
data/postgresql-12-12.4/src/port/snprintf.c:709:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char		errbuf[PG_STRERROR_R_BUFLEN];
data/postgresql-12-12.4/src/port/snprintf.c:1001:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		convert[64];
data/postgresql-12-12.4/src/port/snprintf.c:1004:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	vallen = sprintf(convert, "%p", value);
data/postgresql-12-12.4/src/port/snprintf.c:1021:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		convert[64];
data/postgresql-12-12.4/src/port/snprintf.c:1124:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fmt[8];
data/postgresql-12-12.4/src/port/snprintf.c:1125:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		convert[1024];
data/postgresql-12-12.4/src/port/snprintf.c:1152:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(convert, "NaN");
data/postgresql-12-12.4/src/port/snprintf.c:1174:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(convert, "Infinity");
data/postgresql-12-12.4/src/port/snprintf.c:1270:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fmt[8];
data/postgresql-12-12.4/src/port/snprintf.c:1271:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		convert[64];
data/postgresql-12-12.4/src/port/snprintf.c:1297:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(convert, "NaN");
data/postgresql-12-12.4/src/port/snprintf.c:1314:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(convert, "Infinity");
data/postgresql-12-12.4/src/port/sprompt.c:71:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	termin = fopen("CONIN$", "w+");
data/postgresql-12-12.4/src/port/sprompt.c:72:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	termout = fopen("CONOUT$", "w+");
data/postgresql-12-12.4/src/port/sprompt.c:79:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	termin = fopen("/dev/tty", "r");
data/postgresql-12-12.4/src/port/sprompt.c:80:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	termout = fopen("/dev/tty", "w");
data/postgresql-12-12.4/src/port/sprompt.c:136:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		buf[128];
data/postgresql-12-12.4/src/port/strerror.c:37:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char errorstr_buf[PG_STRERROR_R_BUFLEN];
data/postgresql-12-12.4/src/port/system.c:71:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&buf[1], command, cmdlen);
data/postgresql-12-12.4/src/port/system.c:104:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&buf[1], command, cmdlen);
data/postgresql-12-12.4/src/port/tar.c:179:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(&h[257], "ustar");
data/postgresql-12-12.4/src/port/tar.c:182:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&h[263], "00", 2);
data/postgresql-12-12.4/src/port/win32setlocale.c:113:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char aliasbuf[MAX_LOCALE_NAME_LEN];
data/postgresql-12-12.4/src/port/win32setlocale.c:158:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&aliasbuf[0], &locale[0], matchpos);
data/postgresql-12-12.4/src/port/win32setlocale.c:159:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&aliasbuf[matchpos], replacement, replacementlen);
data/postgresql-12-12.4/src/port/win32setlocale.c:161:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&aliasbuf[matchpos + replacementlen], rest, restlen + 1);
data/postgresql-12-12.4/src/test/examples/testlibpq3.c:119:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *paramValues[1];
data/postgresql-12-12.4/src/test/examples/testlo.c:38:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[BUFSIZE];
data/postgresql-12-12.4/src/test/examples/testlo.c:46:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(filename, O_RDONLY, 0666);
data/postgresql-12-12.4/src/test/examples/testlo.c:153:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[BUFSIZE];
data/postgresql-12-12.4/src/test/examples/testlo.c:168:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(filename, O_CREAT | O_WRONLY | O_TRUNC, 0666);
data/postgresql-12-12.4/src/test/examples/testlo64.c:38:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[BUFSIZE];
data/postgresql-12-12.4/src/test/examples/testlo64.c:46:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(filename, O_RDONLY, 0666);
data/postgresql-12-12.4/src/test/examples/testlo64.c:175:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[BUFSIZE];
data/postgresql-12-12.4/src/test/examples/testlo64.c:190:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(filename, O_CREAT | O_WRONLY | O_TRUNC, 0666);
data/postgresql-12-12.4/src/test/isolation/isolation_main.c:17:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char		saved_argv0[MAXPGPATH];
data/postgresql-12-12.4/src/test/isolation/isolation_main.c:18:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char		isolation_exec[MAXPGPATH];
data/postgresql-12-12.4/src/test/isolation/isolation_main.c:34:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		infile[MAXPGPATH];
data/postgresql-12-12.4/src/test/isolation/isolation_main.c:35:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		outfile[MAXPGPATH];
data/postgresql-12-12.4/src/test/isolation/isolation_main.c:36:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		expectfile[MAXPGPATH];
data/postgresql-12-12.4/src/test/isolation/isolation_main.c:37:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		psql_cmd[MAXPGPATH * 3];
data/postgresql-12-12.4/src/test/isolation/isolationtester.c:124:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		max_step_wait = ((int64) atoi(env_wait)) * USECS_PER_SEC;
data/postgresql-12-12.4/src/test/isolation/isolationtester.c:809:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char		buf[256];
data/postgresql-12-12.4/src/test/isolation/isolationtester.c:900:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		pidstring[32];
data/postgresql-12-12.4/src/test/isolation/specparse.c:874:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/postgresql-12-12.4/src/test/isolation/specparse.c:1063:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char yymsgbuf[128];
data/postgresql-12-12.4/src/test/isolation/specparse.c:1269:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				parseresult.setupsqls = (char **) (yyvsp[-3].ptr_list).elements;
data/postgresql-12-12.4/src/test/isolation/specparse.c:1438:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				(yyval.permutation)->stepnames = (char **) (yyvsp[0].ptr_list).elements;
data/postgresql-12-12.4/src/test/modules/test_bloomfilter/test_bloomfilter.c:33:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		element[MAX_ELEMENT_BYTES];
data/postgresql-12-12.4/src/test/modules/test_bloomfilter/test_bloomfilter.c:53:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		element[MAX_ELEMENT_BYTES];
data/postgresql-12-12.4/src/test/modules/test_shm_mq/setup.c:220:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(worker.bgw_library_name, "test_shm_mq");
data/postgresql-12-12.4/src/test/modules/test_shm_mq/setup.c:221:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(worker.bgw_function_name, "test_shm_mq_main");
data/postgresql-12-12.4/src/test/modules/worker_spi/worker_spi.c:168:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		name[20];
data/postgresql-12-12.4/src/test/modules/worker_spi/worker_spi.c:171:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(name, "schema%d", index);
data/postgresql-12-12.4/src/test/modules/worker_spi/worker_spi.c:358:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(worker.bgw_library_name, "worker_spi");
data/postgresql-12-12.4/src/test/modules/worker_spi/worker_spi.c:359:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(worker.bgw_function_name, "worker_spi_main");
data/postgresql-12-12.4/src/test/modules/worker_spi/worker_spi.c:392:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(worker.bgw_library_name, "worker_spi");
data/postgresql-12-12.4/src/test/modules/worker_spi/worker_spi.c:393:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(worker.bgw_function_name, "worker_spi_main");
data/postgresql-12-12.4/src/test/regress/pg_regress.c:107:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char sockself[MAXPGPATH];
data/postgresql-12-12.4/src/test/regress/pg_regress.c:108:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char socklock[MAXPGPATH];
data/postgresql-12-12.4/src/test/regress/pg_regress.c:212:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tmp[64];
data/postgresql-12-12.4/src/test/regress/pg_regress.c:265:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		buf[MAXPGPATH * 2];
data/postgresql-12-12.4/src/test/regress/pg_regress.c:467:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		testtablespace[MAXPGPATH];
data/postgresql-12-12.4/src/test/regress/pg_regress.c:468:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		indir[MAXPGPATH];
data/postgresql-12-12.4/src/test/regress/pg_regress.c:520:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		srcfile[MAXPGPATH];
data/postgresql-12-12.4/src/test/regress/pg_regress.c:521:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		destfile[MAXPGPATH];
data/postgresql-12-12.4/src/test/regress/pg_regress.c:522:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		prefix[MAXPGPATH];
data/postgresql-12-12.4/src/test/regress/pg_regress.c:525:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		line[1024];
data/postgresql-12-12.4/src/test/regress/pg_regress.c:541:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		infile = fopen(srcfile, "r");
data/postgresql-12-12.4/src/test/regress/pg_regress.c:548:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		outfile = fopen(destfile, "w");
data/postgresql-12-12.4/src/test/regress/pg_regress.c:606:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[MAXPGPATH];
data/postgresql-12-12.4/src/test/regress/pg_regress.c:611:6:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	f = fopen(buf, "r");
data/postgresql-12-12.4/src/test/regress/pg_regress.c:830:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		s[16];
data/postgresql-12-12.4/src/test/regress/pg_regress.c:832:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(s, "%d", port);
data/postgresql-12-12.4/src/test/regress/pg_regress.c:852:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		s[16];
data/postgresql-12-12.4/src/test/regress/pg_regress.c:854:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(s, "%d", port);
data/postgresql-12-12.4/src/test/regress/pg_regress.c:916:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char accountname[MAXPGPATH];
data/postgresql-12-12.4/src/test/regress/pg_regress.c:917:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char domainname[MAXPGPATH];
data/postgresql-12-12.4/src/test/regress/pg_regress.c:979:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fname[MAXPGPATH];
data/postgresql-12-12.4/src/test/regress/pg_regress.c:1049:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	hba = fopen(fname, "w");
data/postgresql-12-12.4/src/test/regress/pg_regress.c:1065:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	ident = fopen(fname, "w");
data/postgresql-12-12.4/src/test/regress/pg_regress.c:1097:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		query_formatted[1024];
data/postgresql-12-12.4/src/test/regress/pg_regress.c:1098:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		query_escaped[2048];
data/postgresql-12-12.4/src/test/regress/pg_regress.c:1099:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		psql_cmd[MAXPGPATH + 2048];
data/postgresql-12-12.4/src/test/regress/pg_regress.c:1205:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE	   *f = fopen(file, "r");
data/postgresql-12-12.4/src/test/regress/pg_regress.c:1227:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE	   *f = fopen(file, "r");
data/postgresql-12-12.4/src/test/regress/pg_regress.c:1247:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE	   *f = fopen(file, "r");
data/postgresql-12-12.4/src/test/regress/pg_regress.c:1352:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		expectfile[MAXPGPATH];
data/postgresql-12-12.4/src/test/regress/pg_regress.c:1353:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		diff[MAXPGPATH];
data/postgresql-12-12.4/src/test/regress/pg_regress.c:1354:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		cmd[MAXPGPATH * 3];
data/postgresql-12-12.4/src/test/regress/pg_regress.c:1355:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		best_expect_file[MAXPGPATH];
data/postgresql-12-12.4/src/test/regress/pg_regress.c:1472:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	difffile = fopen(difffilename, "a");
data/postgresql-12-12.4/src/test/regress/pg_regress.c:1509:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(active_pids, pids, num_tests * sizeof(PID_TYPE));
data/postgresql-12-12.4/src/test/regress/pg_regress.c:1599:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *tests[MAX_PARALLEL_TESTS];
data/postgresql-12-12.4/src/test/regress/pg_regress.c:1608:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		scbuf[1024];
data/postgresql-12-12.4/src/test/regress/pg_regress.c:1617:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	scf = fopen(schedule, "r");
data/postgresql-12-12.4/src/test/regress/pg_regress.c:1914:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		file[MAXPGPATH];
data/postgresql-12-12.4/src/test/regress/pg_regress.c:1924:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	logfile = fopen(logfilename, "w");
data/postgresql-12-12.4/src/test/regress/pg_regress.c:1935:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	difffile = fopen(difffilename, "w");
data/postgresql-12-12.4/src/test/regress/pg_regress.c:2108:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[MAXPGPATH * 4];
data/postgresql-12-12.4/src/test/regress/pg_regress.c:2109:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf2[MAXPGPATH * 4];
data/postgresql-12-12.4/src/test/regress/pg_regress.c:2162:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				max_connections = atoi(optarg);
data/postgresql-12-12.4/src/test/regress/pg_regress.c:2183:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				port = atoi(optarg);
data/postgresql-12-12.4/src/test/regress/pg_regress.c:2218:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				max_concurrent_tests = atoi(optarg);
data/postgresql-12-12.4/src/test/regress/pg_regress.c:2327:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		pg_conf = fopen(buf, "a");
data/postgresql-12-12.4/src/test/regress/pg_regress.c:2345:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		line_buf[1024];
data/postgresql-12-12.4/src/test/regress/pg_regress.c:2347:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			extra_conf = fopen(temp_config, "r");
data/postgresql-12-12.4/src/test/regress/pg_regress.c:2385:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char		s[16];
data/postgresql-12-12.4/src/test/regress/pg_regress.c:2398:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(s, "%d", port);
data/postgresql-12-12.4/src/test/regress/pg_regress.c:2436:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			wait_seconds = atoi(env_wait);
data/postgresql-12-12.4/src/test/regress/pg_regress_main.c:34:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		infile[MAXPGPATH];
data/postgresql-12-12.4/src/test/regress/pg_regress_main.c:35:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		outfile[MAXPGPATH];
data/postgresql-12-12.4/src/test/regress/pg_regress_main.c:36:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		expectfile[MAXPGPATH];
data/postgresql-12-12.4/src/test/regress/pg_regress_main.c:37:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		psql_cmd[MAXPGPATH * 3];
data/postgresql-12-12.4/src/test/regress/regress.c:170:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *p,
data/postgresql-12-12.4/src/test/regress/regress.c:596:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(attr, oldattr, VARSIZE_ANY(oldattr));
data/postgresql-12-12.4/src/test/regress/regress.c:603:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(VARDATA_EXTERNAL(new_attr), &redirect_pointer,
data/postgresql-12-12.4/src/test/regress/regress.c:817:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		data_before[4];
data/postgresql-12-12.4/src/test/regress/regress.c:819:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char		data_after[4];
data/postgresql-12-12.4/src/test/regress/regress.c:822:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(struct_w_lock.data_before, "abcd", 4);
data/postgresql-12-12.4/src/test/regress/regress.c:823:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(struct_w_lock.data_after, "ef12", 4);
data/postgresql-12-12.4/src/test/thread/thread_test.c:98:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char myhostname[MAXHOSTNAMELEN];
data/postgresql-12-12.4/src/test/thread/thread_test.c:290:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = open(TEMP_FILENAME_1, O_RDWR | O_CREAT, 0600)) < 0)
data/postgresql-12-12.4/src/test/thread/thread_test.c:302:6:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (open(TEMP_FILENAME_1, O_RDWR | O_CREAT | O_EXCL, 0600) >= 0)
data/postgresql-12-12.4/src/timezone/localtime.c:189:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[2 * sizeof(struct tzhead) + 2 * sizeof(struct state)
data/postgresql-12-12.4/src/timezone/localtime.c:1055:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(sp, tzdefrules_s, sizeof(struct state));
data/postgresql-12-12.4/src/timezone/localtime.c:1267:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(cp, stdname, stdlen);
data/postgresql-12-12.4/src/timezone/localtime.c:1272:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(cp, dstname, dstlen);
data/postgresql-12-12.4/src/timezone/pgtz.c:48:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char tzdir[MAXPGPATH];
data/postgresql-12-12.4/src/timezone/pgtz.c:79:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		fullname[MAXPGPATH];
data/postgresql-12-12.4/src/timezone/pgtz.c:104:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		result = open(fullname, O_RDONLY | PG_BINARY, 0);
data/postgresql-12-12.4/src/timezone/pgtz.c:141:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	return open(fullname, O_RDONLY | PG_BINARY, 0);
data/postgresql-12-12.4/src/timezone/pgtz.c:194:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tznameupper[TZ_STRLEN_MAX + 1];
data/postgresql-12-12.4/src/timezone/pgtz.c:240:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		uppername[TZ_STRLEN_MAX + 1];
data/postgresql-12-12.4/src/timezone/pgtz.c:241:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		canonname[TZ_STRLEN_MAX + 1];
data/postgresql-12-12.4/src/timezone/pgtz.c:304:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&tzp->tz.state, &tzstate, sizeof(tzstate));
data/postgresql-12-12.4/src/timezone/pgtz.c:325:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		offsetstr[64];
data/postgresql-12-12.4/src/timezone/pgtz.c:326:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tzname[128];
data/postgresql-12-12.4/src/timezone/pgtz.c:392:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	   *dirname[MAX_TZDIR_DEPTH];
data/postgresql-12-12.4/src/timezone/pgtz.c:433:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		fullname[MAXPGPATH * 2];
data/postgresql-12-12.4/src/timezone/pgtz.h:50:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char types[TZ_MAX_TIMES];
data/postgresql-12-12.4/src/timezone/pgtz.h:52:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		chars[BIGGEST(BIGGEST(TZ_MAX_CHARS + 1, 4 /* sizeof gmt */ ),
data/postgresql-12-12.4/src/timezone/pgtz.h:68:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		TZname[TZ_STRLEN_MAX + 1];
data/postgresql-12-12.4/src/timezone/strftime.c:50:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *mon[MONSPERYEAR];
data/postgresql-12-12.4/src/timezone/strftime.c:51:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *month[MONSPERYEAR];
data/postgresql-12-12.4/src/timezone/strftime.c:52:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *wday[DAYSPERWEEK];
data/postgresql-12-12.4/src/timezone/strftime.c:53:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *weekday[DAYSPERWEEK];
data/postgresql-12-12.4/src/timezone/strftime.c:508:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[INT_STRLEN_MAXIMUM(int) + 1];
data/postgresql-12-12.4/src/timezone/tzfile.h:41:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tzh_magic[4];	/* TZ_MAGIC */
data/postgresql-12-12.4/src/timezone/tzfile.h:42:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tzh_version[1]; /* '\0' or '2' or '3' as of 2013 */
data/postgresql-12-12.4/src/timezone/tzfile.h:43:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tzh_reserved[15];	/* reserved; must be zero */
data/postgresql-12-12.4/src/timezone/tzfile.h:44:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tzh_ttisutcnt[4];	/* coded number of trans. time flags */
data/postgresql-12-12.4/src/timezone/tzfile.h:45:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tzh_ttisstdcnt[4];	/* coded number of trans. time flags */
data/postgresql-12-12.4/src/timezone/tzfile.h:46:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tzh_leapcnt[4]; /* coded number of leap seconds */
data/postgresql-12-12.4/src/timezone/tzfile.h:47:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tzh_timecnt[4]; /* coded number of transition times */
data/postgresql-12-12.4/src/timezone/tzfile.h:48:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tzh_typecnt[4]; /* coded number of local time types */
data/postgresql-12-12.4/src/timezone/tzfile.h:49:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		tzh_charcnt[4]; /* coded number of abbr. chars */
data/postgresql-12-12.4/src/timezone/zic.c:397:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char isdsts[TZ_MAX_TYPES];
data/postgresql-12-12.4/src/timezone/zic.c:398:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char desigidx[TZ_MAX_TYPES];
data/postgresql-12-12.4/src/timezone/zic.c:401:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char chars[TZ_MAX_CHARS];
data/postgresql-12-12.4/src/timezone/zic.c:404:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char roll[TZ_MAX_LEAPS];
data/postgresql-12-12.4/src/timezone/zic.c:991:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(result + 3 * i, "../", 3);
data/postgresql-12-12.4/src/timezone/zic.c:1072:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			fp = fopen(fromfield, "rb");
data/postgresql-12-12.4/src/timezone/zic.c:1081:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			tp = fopen(tofield, "wb");
data/postgresql-12-12.4/src/timezone/zic.c:1122:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(nameslashdot, name, n);
data/postgresql-12-12.4/src/timezone/zic.c:1254:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[BUFSIZ];
data/postgresql-12-12.4/src/timezone/zic.c:1261:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	else if ((fp = fopen(name, "r")) == NULL)
data/postgresql-12-12.4/src/timezone/zic.c:2025:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buf[4];
data/postgresql-12-12.4/src/timezone/zic.c:2038:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		buf[8];
data/postgresql-12-12.4/src/timezone/zic.c:2228:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fp = fopen(name, "wb");
data/postgresql-12-12.4/src/timezone/zic.c:2236:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			fp = fopen(name, "wb");
data/postgresql-12-12.4/src/timezone/zic.c:2260:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		omittype[TZ_MAX_TYPES];
data/postgresql-12-12.4/src/timezone/zic.c:2265:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		thischars[TZ_MAX_CHARS];
data/postgresql-12-12.4/src/timezone/zic.c:2449:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
data/postgresql-12-12.4/src/timezone/zic.c:2650:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		letterbuf[PERCENT_Z_LEN_BOUND + 1];
data/postgresql-12-12.4/src/timezone/zic.c:2664:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(abbr, format, slashp - format);
data/postgresql-12-12.4/src/timezone/zic.c:2714:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	len += sprintf(result + len, "%d", hours);
data/postgresql-12-12.4/src/timezone/zic.c:2717:10:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		len += sprintf(result + len, ":%02d", minutes);
data/postgresql-12-12.4/src/timezone/zic.c:2719:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			len += sprintf(result + len, ":%02d", seconds);
data/postgresql-12-12.4/src/timezone/zic.c:2742:14:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			result += sprintf(result, "%d", total + rp->r_dayofmonth - 1);
data/postgresql-12-12.4/src/timezone/zic.c:2744:14:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			result += sprintf(result, "J%d", total + rp->r_dayofmonth);
data/postgresql-12-12.4/src/timezone/zic.c:2779:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		result += sprintf(result, "M%d.%d.%d",
data/postgresql-12-12.4/src/tools/ifaddrs/test_ifaddrs.c:20:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		buffer[256];
data/postgresql-12-12.4/src/tutorial/funcs.c:78:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((void *) VARDATA(new_t), /* destination */
data/postgresql-12-12.4/src/tutorial/funcs.c:93:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(VARDATA(new_text), VARDATA(arg1), arg1_size);
data/postgresql-12-12.4/src/tutorial/funcs.c:94:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(VARDATA(new_text) + arg1_size, VARDATA(arg2), arg2_size);
data/postgresql-12-12.4/src/tutorial/funcs_new.c:84:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((void *) VARDATA(new_t), /* destination */
data/postgresql-12-12.4/src/tutorial/funcs_new.c:103:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(VARDATA(new_text), VARDATA_ANY(arg1), arg1_size);
data/postgresql-12-12.4/src/tutorial/funcs_new.c:104:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(VARDATA(new_text) + arg1_size, VARDATA_ANY(arg2), arg2_size);
data/postgresql-12-12.4/contrib/adminpack/adminpack.c:542:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(de->d_name) != 32
data/postgresql-12-12.4/contrib/citext/citext.c:52:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	result = varstr_cmp(lcstr, strlen(lcstr),
data/postgresql-12-12.4/contrib/citext/citext.c:53:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						rcstr, strlen(rcstr),
data/postgresql-12-12.4/contrib/citext/citext.c:79:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	llen = strlen(lcstr);
data/postgresql-12-12.4/contrib/citext/citext.c:80:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	rlen = strlen(rcstr);
data/postgresql-12-12.4/contrib/citext/citext.c:147:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	result = hash_any((unsigned char *) str, strlen(str));
data/postgresql-12-12.4/contrib/citext/citext.c:167:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	result = hash_any_extended((unsigned char *) str, strlen(str), seed);
data/postgresql-12-12.4/contrib/cube/cubeparse.c:744:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#   define yystrlen strlen
data/postgresql-12-12.4/contrib/cube/cubeparse.c:1372:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(yyval, ",");
data/postgresql-12-12.4/contrib/cube/cubescan.c:863:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			     (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/postgresql-12-12.4/contrib/cube/cubescan.c:1804:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return yy_scan_bytes( yystr, (int) strlen(yystr) );
data/postgresql-12-12.4/contrib/cube/cubescan.c:2085:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	Size	slen = strlen(str);
data/postgresql-12-12.4/contrib/dblink/dblink.c:2553:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	truncate_identifier(key, strlen(key), false);
data/postgresql-12-12.4/contrib/dblink/dblink.c:2585:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	truncate_identifier(key, strlen(key), true);
data/postgresql-12-12.4/contrib/dblink/dblink.c:2614:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	truncate_identifier(key, strlen(key), false);
data/postgresql-12-12.4/contrib/dblink/dblink.c:2809:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	truncate_identifier(srvname, strlen(srvname), false);
data/postgresql-12-12.4/contrib/fuzzystrmatch/dmetaphone.c:245:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	s->length = strlen(init_str);
data/postgresql-12-12.4/contrib/fuzzystrmatch/dmetaphone.c:385:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	add_length = strlen(new_str);
data/postgresql-12-12.4/contrib/fuzzystrmatch/dmetaphone.c:406:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	length = strlen(str);
data/postgresql-12-12.4/contrib/fuzzystrmatch/fuzzystrmatch.c:260:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t		str_i_len = strlen(str_i);
data/postgresql-12-12.4/contrib/fuzzystrmatch/fuzzystrmatch.c:363:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((word == NULL) || !(strlen(word) > 0))
data/postgresql-12-12.4/contrib/fuzzystrmatch/fuzzystrmatch.c:370:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		*phoned_word = palloc(sizeof(char) * strlen(word) + 1);
data/postgresql-12-12.4/contrib/hstore/hstore_io.c:875:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pairs[j].keylen = hstoreCheckKeyLen(strlen(NameStr(att->attname)));
data/postgresql-12-12.4/contrib/hstore/hstore_io.c:905:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pairs[j].vallen = hstoreCheckValLen(strlen(value));
data/postgresql-12-12.4/contrib/hstore/hstore_io.c:1069:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							strlen(NameStr(att->attname)));
data/postgresql-12-12.4/contrib/hstore_plperl/hstore_plperl.c:89:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(void) hv_store(hv, key, strlen(key), value, 0);
data/postgresql-12-12.4/contrib/hstore_plperl/hstore_plperl.c:133:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pairs[i].keylen = hstoreCheckKeyLen(strlen(pairs[i].key));
data/postgresql-12-12.4/contrib/hstore_plperl/hstore_plperl.c:145:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			pairs[i].vallen = hstoreCheckValLen(strlen(pairs[i].val));
data/postgresql-12-12.4/contrib/hstore_plpython/hstore_plpython.c:163:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			pairs[i].keylen = hstoreCheckKeyLen(strlen(pairs[i].key));
data/postgresql-12-12.4/contrib/hstore_plpython/hstore_plpython.c:175:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				pairs[i].vallen = hstoreCheckValLen(strlen(pairs[i].val));
data/postgresql-12-12.4/contrib/jsonb_plperl/jsonb_plperl.c:253:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				out.val.string.len = strlen(out.val.string.val);
data/postgresql-12-12.4/contrib/jsonb_plpython/jsonb_plpython.c:90:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	jbvElem->val.string.len = strlen(jbvElem->val.string.val);
data/postgresql-12-12.4/contrib/ltree/crc32.h:10:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define crc32(buf) ltree_crc32_sz((buf),strlen(buf))
data/postgresql-12-12.4/contrib/oid2name/oid2name.c:265:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		length += strlen(eary->array[i]);
data/postgresql-12-12.4/contrib/oid2name/oid2name.c:273:4:  [1] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source is a constant character.
			sprintf(ptr++, ",");
data/postgresql-12-12.4/contrib/oid2name/oid2name.c:274:3:  [1] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source is a constant character.
		sprintf(ptr++, "'");
data/postgresql-12-12.4/contrib/oid2name/oid2name.c:275:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ptr += PQescapeString(ptr, eary->array[i], strlen(eary->array[i]));
data/postgresql-12-12.4/contrib/oid2name/oid2name.c:276:3:  [1] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source is a constant character.
		sprintf(ptr++, "'");
data/postgresql-12-12.4/contrib/oid2name/oid2name.c:400:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		length[j] = strlen(PQfname(res, j));
data/postgresql-12-12.4/contrib/oid2name/oid2name.c:406:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			l = strlen(PQgetvalue(res, i, j));
data/postgresql-12-12.4/contrib/oid2name/oid2name.c:408:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				length[j] = strlen(PQgetvalue(res, i, j));
data/postgresql-12-12.4/contrib/oid2name/oid2name.c:513:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	qualifiers = (char *) pg_malloc(strlen(comma_oids) + strlen(comma_tables) +
data/postgresql-12-12.4/contrib/oid2name/oid2name.c:513:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	qualifiers = (char *) pg_malloc(strlen(comma_oids) + strlen(comma_tables) +
data/postgresql-12-12.4/contrib/oid2name/oid2name.c:514:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
									strlen(comma_filenodes) + 80);
data/postgresql-12-12.4/contrib/pageinspect/heapfuncs.c:467:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		bits_str_len = strlen(t_bits_str);
data/postgresql-12-12.4/contrib/pageinspect/heapfuncs.c:483:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							strlen(t_bits_str))));
data/postgresql-12-12.4/contrib/passwordcheck/passwordcheck.c:90:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int			pwdlen = strlen(password);
data/postgresql-12-12.4/contrib/pg_standby/pg_standby.c:416:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if (read(fd, buf.data, XLOG_BLCKSZ) == XLOG_BLCKSZ)
data/postgresql-12-12.4/contrib/pg_standby/pg_standby.c:505:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if ((len = read(fd, buf, sizeof(buf) - 1)) < 0)
data/postgresql-12-12.4/contrib/pg_stat_statements/pg_stat_statements.c:1124:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		Assert(query_location <= strlen(query));
data/postgresql-12-12.4/contrib/pg_stat_statements/pg_stat_statements.c:1128:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			query_len = strlen(query);
data/postgresql-12-12.4/contrib/pg_stat_statements/pg_stat_statements.c:1130:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			Assert(query_len <= strlen(query));
data/postgresql-12-12.4/contrib/pg_stat_statements/pg_stat_statements.c:1136:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		query_len = strlen(query);
data/postgresql-12-12.4/contrib/pg_stat_statements/pg_stat_statements.c:1983:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if (read(fd, buf, stat.st_size) != stat.st_size)
data/postgresql-12-12.4/contrib/pg_stat_statements/pg_stat_statements.c:2400:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	AppendJumble(jstate, (const unsigned char *) (str), strlen(str) + 1)
data/postgresql-12-12.4/contrib/pg_stat_statements/pg_stat_statements.c:3215:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				locs[i].length = strlen(yyextra.scanbuf + loc);
data/postgresql-12-12.4/contrib/pg_trgm/trgm_op.c:324:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		bytelen = strlen(bword);
data/postgresql-12-12.4/contrib/pg_trgm/trgm_op.c:920:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		bytelen = strlen(buf2);
data/postgresql-12-12.4/contrib/pg_trgm/trgm_op.c:988:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			SET_VARSIZE(item, VARHDRSZ + strlen(VARDATA(item)));
data/postgresql-12-12.4/contrib/pgcrypto/crypt-blowfish.c:614:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(setting) < 29)
data/postgresql-12-12.4/contrib/pgcrypto/crypt-des.c:694:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(setting) < 9)
data/postgresql-12-12.4/contrib/pgcrypto/crypt-des.c:731:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		p = output + strlen(output);
data/postgresql-12-12.4/contrib/pgcrypto/crypt-des.c:742:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(setting) < 2)
data/postgresql-12-12.4/contrib/pgcrypto/crypt-md5.c:58:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strncmp(sp, magic, strlen(magic)) == 0)
data/postgresql-12-12.4/contrib/pgcrypto/crypt-md5.c:59:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		sp += strlen(magic);
data/postgresql-12-12.4/contrib/pgcrypto/crypt-md5.c:75:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	px_md_update(ctx, (const uint8 *) pw, strlen(pw));
data/postgresql-12-12.4/contrib/pgcrypto/crypt-md5.c:78:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	px_md_update(ctx, (uint8 *) magic, strlen(magic));
data/postgresql-12-12.4/contrib/pgcrypto/crypt-md5.c:84:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	px_md_update(ctx1, (const uint8 *) pw, strlen(pw));
data/postgresql-12-12.4/contrib/pgcrypto/crypt-md5.c:86:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	px_md_update(ctx1, (const uint8 *) pw, strlen(pw));
data/postgresql-12-12.4/contrib/pgcrypto/crypt-md5.c:88:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (pl = strlen(pw); pl > 0; pl -= MD5_SIZE)
data/postgresql-12-12.4/contrib/pgcrypto/crypt-md5.c:95:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (i = strlen(pw); i; i >>= 1)
data/postgresql-12-12.4/contrib/pgcrypto/crypt-md5.c:103:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(passwd, sp, sl);
data/postgresql-12-12.4/contrib/pgcrypto/crypt-md5.c:104:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(passwd, "$");
data/postgresql-12-12.4/contrib/pgcrypto/crypt-md5.c:117:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			px_md_update(ctx1, (const uint8 *) pw, strlen(pw));
data/postgresql-12-12.4/contrib/pgcrypto/crypt-md5.c:125:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			px_md_update(ctx1, (const uint8 *) pw, strlen(pw));
data/postgresql-12-12.4/contrib/pgcrypto/crypt-md5.c:130:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			px_md_update(ctx1, (const uint8 *) pw, strlen(pw));
data/postgresql-12-12.4/contrib/pgcrypto/crypt-md5.c:134:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	p = passwd + strlen(passwd);
data/postgresql-12-12.4/contrib/pgcrypto/imath.c:2001:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!s_pad(z, s_inlen(strlen(str), radix)))
data/postgresql-12-12.4/contrib/pgcrypto/pgp-armor.c:243:73:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
find_str(const uint8 *data, const uint8 *data_end, const char *str, int strlen)
data/postgresql-12-12.4/contrib/pgcrypto/pgp-armor.c:247:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!strlen)
data/postgresql-12-12.4/contrib/pgcrypto/pgp-armor.c:249:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (data_end - data < strlen)
data/postgresql-12-12.4/contrib/pgcrypto/pgp-armor.c:256:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (p + strlen > data_end)
data/postgresql-12-12.4/contrib/pgcrypto/pgp-armor.c:258:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (memcmp(p, str, strlen) == 0)
data/postgresql-12-12.4/contrib/pgcrypto/pgp-armor.c:277:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		p = find_str(p, datend, sep, strlen(sep));
data/postgresql-12-12.4/contrib/pgcrypto/pgp-armor.c:283:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		p += strlen(sep);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-armor.c:286:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	p += strlen(sep);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-pgsql.c:984:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		values[0] = pg_any_to_server(utf8key, strlen(utf8key), PG_UTF8);
data/postgresql-12-12.4/contrib/pgcrypto/pgp-pgsql.c:985:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		values[1] = pg_any_to_server(utf8val, strlen(utf8val), PG_UTF8);
data/postgresql-12-12.4/contrib/pgcrypto/px-crypt.c:45:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (res == NULL || strlen(res) > len - 1)
data/postgresql-12-12.4/contrib/pgcrypto/px-crypt.c:164:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return strlen(p);
data/postgresql-12-12.4/contrib/pgcrypto/px.c:414:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	buf = px_alloc(strlen(name) + 1);
data/postgresql-12-12.4/contrib/pgrowlocks/pgrowlocks.c:198:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
					strcpy(values[Atnum_xids], "{");
data/postgresql-12-12.4/contrib/pgrowlocks/pgrowlocks.c:199:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
					strcpy(values[Atnum_modes], "{");
data/postgresql-12-12.4/contrib/pgrowlocks/pgrowlocks.c:200:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
					strcpy(values[Atnum_pids], "{");
data/postgresql-12-12.4/contrib/pgrowlocks/pgrowlocks.c:208:8:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
							strcat(values[Atnum_xids], ",");
data/postgresql-12-12.4/contrib/pgrowlocks/pgrowlocks.c:209:8:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
							strcat(values[Atnum_modes], ",");
data/postgresql-12-12.4/contrib/pgrowlocks/pgrowlocks.c:210:8:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
							strcat(values[Atnum_pids], ",");
data/postgresql-12-12.4/contrib/pgrowlocks/pgrowlocks.c:243:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
					strcat(values[Atnum_xids], "}");
data/postgresql-12-12.4/contrib/pgrowlocks/pgrowlocks.c:244:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
					strcat(values[Atnum_modes], "}");
data/postgresql-12-12.4/contrib/pgrowlocks/pgrowlocks.c:245:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
					strcat(values[Atnum_pids], "}");
data/postgresql-12-12.4/contrib/postgres_fdw/deparse.c:2429:9:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
				if (equal(node, (Node *) lfirst(lc)))
data/postgresql-12-12.4/contrib/postgres_fdw/deparse.c:2494:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (strspn(extval, "0123456789+-eE.") == strlen(extval))
data/postgresql-12-12.4/contrib/postgres_fdw/deparse.c:2500:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if (strcspn(extval, "eE.") != strlen(extval))
data/postgresql-12-12.4/contrib/postgres_fdw/deparse.c:2574:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			if (equal(node, (Node *) lfirst(lc)))
data/postgresql-12-12.4/contrib/postgres_fdw/deparse.c:3422:7:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (equal(lfirst(lc), (Node *) node))
data/postgresql-12-12.4/contrib/postgres_fdw/postgres_fdw.c:3243:10:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		return equal(expr, state->current);
data/postgresql-12-12.4/contrib/postgres_fdw/postgres_fdw.c:6554:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			if (equal(em_expr, expr))
data/postgresql-12-12.4/contrib/seg/seg.c:143:9:  [1] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source is a constant character.
			p += sprintf(p, " ");
data/postgresql-12-12.4/contrib/seg/seg.c:149:9:  [1] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source is a constant character.
			p += sprintf(p, " ");
data/postgresql-12-12.4/contrib/seg/seg.c:941:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		return strlen(result);
data/postgresql-12-12.4/contrib/seg/seg.c:1043:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return strlen(result);
data/postgresql-12-12.4/contrib/seg/segparse.c:757:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#   define yystrlen strlen
data/postgresql-12-12.4/contrib/seg/segscan.c:854:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			     (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/postgresql-12-12.4/contrib/seg/segscan.c:1785:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return yy_scan_bytes( yystr, (int) strlen(yystr) );
data/postgresql-12-12.4/contrib/seg/segscan.c:2065:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	Size	slen = strlen(str);
data/postgresql-12-12.4/contrib/sepgsql/uavc.c:70:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return hash_any((const unsigned char *) scontext, strlen(scontext))
data/postgresql-12-12.4/contrib/sepgsql/uavc.c:71:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		^ hash_any((const unsigned char *) tcontext, strlen(tcontext))
data/postgresql-12-12.4/contrib/spi/refint.c:177:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), "%s = $%d %s",
data/postgresql-12-12.4/contrib/spi/refint.c:177:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), "%s = $%d %s",
data/postgresql-12-12.4/contrib/spi/refint.c:491:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql),
data/postgresql-12-12.4/contrib/spi/refint.c:491:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql),
data/postgresql-12-12.4/contrib/spi/refint.c:516:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql),
data/postgresql-12-12.4/contrib/spi/refint.c:516:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql),
data/postgresql-12-12.4/contrib/spi/refint.c:526:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), "%s = $%d %s",
data/postgresql-12-12.4/contrib/spi/refint.c:526:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), "%s = $%d %s",
data/postgresql-12-12.4/contrib/uuid-ossp/uuid-ossp.c:54:20:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
#error UUID length mismatch
data/postgresql-12-12.4/contrib/vacuumlo/vacuumlo.c:235:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		schema = PQescapeIdentifier(conn, schema, strlen(schema));
data/postgresql-12-12.4/contrib/vacuumlo/vacuumlo.c:236:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		table = PQescapeIdentifier(conn, table, strlen(table));
data/postgresql-12-12.4/contrib/vacuumlo/vacuumlo.c:237:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		field = PQescapeIdentifier(conn, field, strlen(field));
data/postgresql-12-12.4/contrib/xml2/xpath.c:722:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				doctree = xmlParseMemory(xmldoc, strlen(xmldoc));
data/postgresql-12-12.4/src/backend/access/common/heaptuple.c:278:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		data_length = strlen(DatumGetCString(datum)) + 1;
data/postgresql-12-12.4/src/backend/access/common/printsimple.c:109:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					pq_sendcountedtext(&buf, str, strlen(str), false);
data/postgresql-12-12.4/src/backend/access/common/printsimple.c:119:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					pq_sendcountedtext(&buf, str, strlen(str), false);
data/postgresql-12-12.4/src/backend/access/common/printtup.c:435:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			pq_sendcountedtext(buf, outputstr, strlen(outputstr), false);
data/postgresql-12-12.4/src/backend/access/common/printtup.c:524:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pq_sendcountedtext(buf, outputstr, strlen(outputstr), true);
data/postgresql-12-12.4/src/backend/access/common/reloptions.c:526:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		relOpts[j]->namelen = strlen(relOpts[j]->name);
data/postgresql-12-12.4/src/backend/access/common/reloptions.c:534:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		relOpts[j]->namelen = strlen(relOpts[j]->name);
data/postgresql-12-12.4/src/backend/access/common/reloptions.c:542:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		relOpts[j]->namelen = strlen(relOpts[j]->name);
data/postgresql-12-12.4/src/backend/access/common/reloptions.c:550:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		relOpts[j]->namelen = strlen(relOpts[j]->name);
data/postgresql-12-12.4/src/backend/access/common/reloptions.c:659:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	newoption->namelen = strlen(name);
data/postgresql-12-12.4/src/backend/access/common/reloptions.c:754:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		newoption->default_len = strlen(default_val);
data/postgresql-12-12.4/src/backend/access/common/reloptions.c:838:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				kw_len = strlen(def->defname);
data/postgresql-12-12.4/src/backend/access/common/reloptions.c:941:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = VARHDRSZ + strlen(def->defname) + 1 + strlen(value);
data/postgresql-12-12.4/src/backend/access/common/reloptions.c:941:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = VARHDRSZ + strlen(def->defname) + 1 + strlen(value);
data/postgresql-12-12.4/src/backend/access/common/reloptions.c:1352:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							offset += strlen(string_val) + 1;
data/postgresql-12-12.4/src/backend/access/hash/hashfunc.c:232:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return hash_any((unsigned char *) key, strlen(key));
data/postgresql-12-12.4/src/backend/access/hash/hashfunc.c:240:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return hash_any_extended((unsigned char *) key, strlen(key),
data/postgresql-12-12.4/src/backend/access/nbtree/nbtsort.c:1407:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	querylen = strlen(debug_query_string);
data/postgresql-12-12.4/src/backend/access/rmgrdesc/xactdesc.c:108:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			data += strlen(data) + 1;
data/postgresql-12-12.4/src/backend/access/rmgrdesc/xactdesc.c:192:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			data += strlen(data) + 1;
data/postgresql-12-12.4/src/backend/access/table/tableamapi.c:120:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(*newval) >= NAMEDATALEN)
data/postgresql-12-12.4/src/backend/access/transam/parallel.c:276:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		shm_toc_estimate_chunk(&pcxt->estimator, strlen(pcxt->library_name) +
data/postgresql-12-12.4/src/backend/access/transam/parallel.c:277:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							   strlen(pcxt->function_name) + 2);
data/postgresql-12-12.4/src/backend/access/transam/parallel.c:430:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		lnamelen = strlen(pcxt->library_name);
data/postgresql-12-12.4/src/backend/access/transam/parallel.c:432:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
										   strlen(pcxt->function_name) + 2);
data/postgresql-12-12.4/src/backend/access/transam/parallel.c:1334:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	function_name = entrypointstate + strlen(library_name) + 1;
data/postgresql-12-12.4/src/backend/access/transam/slru.c:218:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		Assert(strlen(name) + 1 < SLRU_MAX_NAME_LENGTH);
data/postgresql-12-12.4/src/backend/access/transam/slru.c:690:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if (read(fd, shared->page_buffer[slotno], BLCKSZ) != BLCKSZ)
data/postgresql-12-12.4/src/backend/access/transam/slru.c:1406:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(clde->d_name);
data/postgresql-12-12.4/src/backend/access/transam/timeline.c:356:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			nbytes = (int) read(srcfd, buffer, sizeof(buffer));
data/postgresql-12-12.4/src/backend/access/transam/timeline.c:407:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	nbytes = strlen(buffer);
data/postgresql-12-12.4/src/backend/access/transam/twophase.c:379:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(gid) >= GIDSIZE)
data/postgresql-12-12.4/src/backend/access/transam/twophase.c:1040:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	hdr.gidlen = strlen(gxact->gid) + 1;	/* Include '\0' */
data/postgresql-12-12.4/src/backend/access/transam/twophase.c:1287:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	r = read(fd, buf, stat.st_size);
data/postgresql-12-12.4/src/backend/access/transam/twophase.c:1356:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(parsed->twophase_gid, bufptr, hdr->gidlen);
data/postgresql-12-12.4/src/backend/access/transam/twophase.c:1842:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(clde->d_name) == 8 &&
data/postgresql-12-12.4/src/backend/access/transam/xact.c:5588:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			XLogRegisterData(unconstify(char *, twophase_gid), strlen(twophase_gid) + 1);
data/postgresql-12-12.4/src/backend/access/transam/xact.c:5716:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			XLogRegisterData(unconstify(char *, twophase_gid), strlen(twophase_gid) + 1);
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:3453:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			r = read(srcfd, buffer.data, nread);
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:4635:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	r = read(fd, ControlFile, sizeof(ControlFileData));
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:10310:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(backupidstr) > MAXPGPATH)
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:10493:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		datadirpathlen = strlen(DataDir);
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:10960:6:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	if (sscanf(labelfile, "START WAL LOCATION: %X/%X (file %24s)%c",
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:10975:14:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	if (!ptr || sscanf(ptr, "BACKUP FROM: %19s\n", backupfrom) != 1)
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:11361:6:  [1] (buffer) fscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	if (fscanf(lfp, "START WAL LOCATION: %X/%X (file %08X%16s)%c",
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:11379:6:  [1] (buffer) fscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	if (fscanf(lfp, "BACKUP METHOD: %19s\n", backuptype) == 1)
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:11385:6:  [1] (buffer) fscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	if (fscanf(lfp, "BACKUP FROM: %19s\n", backupfrom) == 1)
data/postgresql-12-12.4/src/backend/access/transam/xlog.c:11484:15:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	while ((ch = fgetc(lfp)) != EOF)
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:170:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					dp += strlen(dp);
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:176:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					dp += strlen(dp);
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:182:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					dp += strlen(dp);
data/postgresql-12-12.4/src/backend/access/transam/xlogarchive.c:372:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					dp += strlen(dp);
data/postgresql-12-12.4/src/backend/access/transam/xlogfuncs.c:314:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(restore_name_str) >= MAXFNAMELEN)
data/postgresql-12-12.4/src/backend/access/transam/xlogfuncs.c:677:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(backup_start_time) == 0)
data/postgresql-12-12.4/src/backend/access/transam/xlogutils.c:740:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		readbytes = read(sendFile, p, segbytes);
data/postgresql-12-12.4/src/backend/bootstrap/bootparse.c:934:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#   define yystrlen strlen
data/postgresql-12-12.4/src/backend/bootstrap/bootscanner.c:964:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			     (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/postgresql-12-12.4/src/backend/bootstrap/bootscanner.c:1281:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					yytext[strlen(yytext) - 1] = '\0';
data/postgresql-12-12.4/src/backend/bootstrap/bootscanner.c:1283:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					yytext[strlen(yytext)] = '"';	/* restore yytext */
data/postgresql-12-12.4/src/backend/bootstrap/bootscanner.c:2024:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return yy_scan_bytes( yystr, (int) strlen(yystr) );
data/postgresql-12-12.4/src/backend/bootstrap/bootstrap.c:605:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(relname) >= NAMEDATALEN)
data/postgresql-12-12.4/src/backend/catalog/heap.c:2823:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			if (equal(expr, stringToNode(TextDatumGetCString(val))))
data/postgresql-12-12.4/src/backend/catalog/index.c:2501:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (!equal(info1->ii_Expressions, mapped))
data/postgresql-12-12.4/src/backend/catalog/index.c:2524:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (!equal(info1->ii_Predicate, mapped))
data/postgresql-12-12.4/src/backend/catalog/pg_enum.c:125:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(lab) > (NAMEDATALEN - 1))
data/postgresql-12-12.4/src/backend/catalog/pg_enum.c:228:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(newVal) > (NAMEDATALEN - 1))
data/postgresql-12-12.4/src/backend/catalog/pg_enum.c:523:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(newVal) > (NAMEDATALEN - 1))
data/postgresql-12-12.4/src/backend/catalog/pg_operator.c:76:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t		len = strlen(name);
data/postgresql-12-12.4/src/backend/catalog/pg_proc.c:1055:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			prosrclen = strlen(prosrc);
data/postgresql-12-12.4/src/backend/catalog/pg_proc.c:1056:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			querylen = strlen(queryText);
data/postgresql-12-12.4/src/backend/catalog/pg_type.c:787:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			namelen = strlen(typeName);
data/postgresql-12-12.4/src/backend/commands/analyze.c:1773:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			total_width += strlen(DatumGetCString(value)) + 1;
data/postgresql-12-12.4/src/backend/commands/analyze.c:1903:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			total_width += strlen(DatumGetCString(value)) + 1;
data/postgresql-12-12.4/src/backend/commands/analyze.c:2250:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			total_width += strlen(DatumGetCString(value)) + 1;
data/postgresql-12-12.4/src/backend/commands/async.c:554:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!channel || !strlen(channel))
data/postgresql-12-12.4/src/backend/commands/async.c:559:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(channel) >= NAMEDATALEN)
data/postgresql-12-12.4/src/backend/commands/async.c:566:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(payload) >= NOTIFY_PAYLOAD_MAX_LENGTH)
data/postgresql-12-12.4/src/backend/commands/async.c:622:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
									 strlen(channel) + 1);
data/postgresql-12-12.4/src/backend/commands/async.c:1287:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t		channellen = strlen(n->channel);
data/postgresql-12-12.4/src/backend/commands/async.c:1288:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t		payloadlen = strlen(n->payload);
data/postgresql-12-12.4/src/backend/commands/async.c:1979:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					char	   *payload = qe->data + strlen(channel) + 1;
data/postgresql-12-12.4/src/backend/commands/collationcmds.c:562:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = strlen(localebuf);
data/postgresql-12-12.4/src/backend/commands/comment.c:155:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (comment != NULL && strlen(comment) == 0)
data/postgresql-12-12.4/src/backend/commands/comment.c:250:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (comment != NULL && strlen(comment) == 0)
data/postgresql-12-12.4/src/backend/commands/copy.c:509:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	appendBinaryStringInfo(cstate->fe_msgbuf, str, strlen(str));
data/postgresql-12-12.4/src/backend/commands/copy.c:1322:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	cstate->null_print_len = strlen(cstate->null_print);
data/postgresql-12-12.4/src/backend/commands/copy.c:1333:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(cstate->delim) != 1)
data/postgresql-12-12.4/src/backend/commands/copy.c:1380:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (cstate->csv_mode && strlen(cstate->quote) != 1)
data/postgresql-12-12.4/src/backend/commands/copy.c:1396:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (cstate->csv_mode && strlen(cstate->escape) != 1)
data/postgresql-12-12.4/src/backend/commands/copy.c:1915:13:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
			oumask = umask(S_IWGRP | S_IWOTH);
data/postgresql-12-12.4/src/backend/commands/copy.c:1922:5:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
				umask(oumask);
data/postgresql-12-12.4/src/backend/commands/copy.c:1926:4:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
			umask(oumask);
data/postgresql-12-12.4/src/backend/commands/copy.c:2324:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			slen = strlen(str);
data/postgresql-12-12.4/src/backend/commands/copy.c:3967:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			appendBinaryStringInfo(&cstate->line_buf, cvt, strlen(cvt));
data/postgresql-12-12.4/src/backend/commands/copy.c:4838:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ptr = pg_server_to_any(string, strlen(string), cstate->file_encoding);
data/postgresql-12-12.4/src/backend/commands/copy.c:4998:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ptr = pg_server_to_any(string, strlen(string), cstate->file_encoding);
data/postgresql-12-12.4/src/backend/commands/extension.c:263:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			namelen = strlen(extensionname);
data/postgresql-12-12.4/src/backend/commands/extension.c:310:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			namelen = strlen(versionname);
data/postgresql-12-12.4/src/backend/commands/extension.c:1080:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			extnamelen = strlen(control->name);
data/postgresql-12-12.4/src/backend/commands/foreigncmds.c:79:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = VARHDRSZ + strlen(def->defname) + 1 + strlen(value);
data/postgresql-12-12.4/src/backend/commands/foreigncmds.c:79:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = VARHDRSZ + strlen(def->defname) + 1 + strlen(value);
data/postgresql-12-12.4/src/backend/commands/functioncmds.c:908:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(*prosrc_str_p) == 0)
data/postgresql-12-12.4/src/backend/commands/indexcmds.c:2129:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	name1chars = strlen(name1);
data/postgresql-12-12.4/src/backend/commands/indexcmds.c:2132:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		name2chars = strlen(name2);
data/postgresql-12-12.4/src/backend/commands/indexcmds.c:2138:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		overhead += strlen(label) + 1;
data/postgresql-12-12.4/src/backend/commands/indexcmds.c:2316:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		buflen += strlen(buf + buflen);
data/postgresql-12-12.4/src/backend/commands/indexcmds.c:2371:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			nlen = pg_mbcliplen(origname, strlen(origname),
data/postgresql-12-12.4/src/backend/commands/indexcmds.c:2372:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
								NAMEDATALEN - 1 - strlen(nbuf));
data/postgresql-12-12.4/src/backend/commands/statscmds.c:634:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		buflen += strlen(buf + buflen);
data/postgresql-12-12.4/src/backend/commands/tablecmds.c:2406:15:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
				else if (!equal(def->cooked_default, this_default))
data/postgresql-12-12.4/src/backend/commands/tablecmds.c:2762:7:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (equal(expr, ccon->expr))
data/postgresql-12-12.4/src/backend/commands/tablecmds.c:7613:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		buflen += strlen(buf + buflen);
data/postgresql-12-12.4/src/backend/commands/tablecmds.c:16349:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				p += strlen(p) + 1;
data/postgresql-12-12.4/src/backend/commands/tablespace.c:286:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(location) + 1 + strlen(TABLESPACE_VERSION_DIRECTORY) + 1 +
data/postgresql-12-12.4/src/backend/commands/tablespace.c:286:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(location) + 1 + strlen(TABLESPACE_VERSION_DIRECTORY) + 1 +
data/postgresql-12-12.4/src/backend/commands/tablespace.c:381:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		XLogRegisterData((char *) location, strlen(location) + 1);
data/postgresql-12-12.4/src/backend/commands/trigger.c:874:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len += strlen(ar) + 4;
data/postgresql-12-12.4/src/backend/commands/trigger.c:886:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			char	   *d = args + strlen(args);
data/postgresql-12-12.4/src/backend/commands/trigger.c:1346:4:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			equal(info->args, stmt->args))
data/postgresql-12-12.4/src/backend/commands/trigger.c:2019:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				p += strlen(p) + 1;
data/postgresql-12-12.4/src/backend/executor/execMain.c:2280:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			vallen = strlen(val);
data/postgresql-12-12.4/src/backend/executor/execParallel.c:622:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	query_len = strlen(estate->es_sourceText);
data/postgresql-12-12.4/src/backend/executor/execParallel.c:627:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	pstmt_len = strlen(pstmt_data) + 1;
data/postgresql-12-12.4/src/backend/executor/execPartition.c:1275:28:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
													  values[0], &equal);
data/postgresql-12-12.4/src/backend/executor/execPartition.c:1276:30:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
				if (bound_offset >= 0 && equal)
data/postgresql-12-12.4/src/backend/executor/execPartition.c:1307:19:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
																 &equal);
data/postgresql-12-12.4/src/backend/executor/execPartition.c:1407:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		vallen = strlen(val);
data/postgresql-12-12.4/src/backend/executor/execTuples.c:2302:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = strlen(txt);
data/postgresql-12-12.4/src/backend/executor/nodeAgg.c:3286:5:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			!equal(newagg->args, existingRef->args) ||
data/postgresql-12-12.4/src/backend/executor/nodeAgg.c:3287:5:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			!equal(newagg->aggorder, existingRef->aggorder) ||
data/postgresql-12-12.4/src/backend/executor/nodeAgg.c:3288:5:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			!equal(newagg->aggdistinct, existingRef->aggdistinct) ||
data/postgresql-12-12.4/src/backend/executor/nodeAgg.c:3289:5:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			!equal(newagg->aggfilter, existingRef->aggfilter))
data/postgresql-12-12.4/src/backend/executor/nodeAgg.c:3296:4:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			equal(newagg->aggdirectargs, existingRef->aggdirectargs))
data/postgresql-12-12.4/src/backend/executor/nodeWindowAgg.c:2419:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			if (equal(wfunc, perfunc[i].wfunc) &&
data/postgresql-12-12.4/src/backend/jit/llvm/llvmjit.c:858:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strncmp(name, "pgextern.", strlen("pgextern.")) == 0)
data/postgresql-12-12.4/src/backend/jit/llvm/llvmjit.c:867:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		*modname = pnstrdup(name + strlen("pgextern."),
data/postgresql-12-12.4/src/backend/jit/llvm/llvmjit.c:868:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							*funcname - name - strlen("pgextern.") - 1);
data/postgresql-12-12.4/src/backend/jit/llvm/llvmjit_inline.cpp:803:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		path = path.replace(0, strlen("$libdir"), std::string(pkglib_path) + "/bitcode");
data/postgresql-12-12.4/src/backend/jit/llvm/llvmjit_types.c:101:2:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strlen,
data/postgresql-12-12.4/src/backend/lib/stringinfo.c:165:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	appendBinaryStringInfo(str, s, strlen(s));
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:360:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (inputlen != strlen(input))
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:440:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		*outputlen = strlen(*output);
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:513:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	salt = palloc(pg_b64_dec_len(strlen(encoded_salt)));
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:514:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	saltlen = pg_b64_decode(encoded_salt, strlen(encoded_salt), salt);
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:599:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	decoded_salt_buf = palloc(pg_b64_dec_len(strlen(salt_str)));
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:600:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	decoded_len = pg_b64_decode(salt_str, strlen(salt_str),
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:609:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	decoded_stored_buf = palloc(pg_b64_dec_len(strlen(storedkey_str)));
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:610:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	decoded_len = pg_b64_decode(storedkey_str, strlen(storedkey_str),
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:616:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	decoded_server_buf = palloc(pg_b64_dec_len(strlen(serverkey_str)));
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:617:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	decoded_len = pg_b64_decode(serverkey_str, strlen(serverkey_str),
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:1047:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			client_nonce_len = strlen(state->client_nonce);
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:1048:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			server_nonce_len = strlen(state->server_nonce);
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:1049:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			final_nonce_len = strlen(state->client_final_nonce);
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:1078:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					  strlen(state->client_first_message_bare));
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:1082:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					  strlen(state->server_first_message));
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:1086:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					  strlen(state->client_final_message_without_proof));
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:1231:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cbind_header_len = strlen("p=tls-server-end-point,,");	/* p=type,, */
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:1279:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	client_proof = palloc(pg_b64_dec_len(strlen(value)));
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:1280:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (pg_b64_decode(value, strlen(value), client_proof) != SCRAM_KEY_LEN)
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:1314:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					  strlen(state->client_first_message_bare));
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:1318:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					  strlen(state->server_first_message));
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:1322:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					  strlen(state->client_final_message_without_proof));
data/postgresql-12-12.4/src/backend/libpq/auth-scram.c:1367:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	pg_sha256_update(&ctx, (uint8 *) username, strlen(username));
data/postgresql-12-12.4/src/backend/libpq/auth.c:716:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(buf.data) + 1 != buf.len)
data/postgresql-12-12.4/src/backend/libpq/auth.c:1073:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (pg_krb_server_keyfile && strlen(pg_krb_server_keyfile) > 0)
data/postgresql-12-12.4/src/backend/libpq/auth.c:1083:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			size_t		kt_len = strlen(pg_krb_server_keyfile) + 14;
data/postgresql-12-12.4/src/backend/libpq/auth.c:1257:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (port->hba->krb_realm != NULL && strlen(port->hba->krb_realm))
data/postgresql-12-12.4/src/backend/libpq/auth.c:1278:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	else if (port->hba->krb_realm && strlen(port->hba->krb_realm))
data/postgresql-12-12.4/src/backend/libpq/auth.c:1583:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (port->hba->krb_realm && strlen(port->hba->krb_realm))
data/postgresql-12-12.4/src/backend/libpq/auth.c:1732:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(ident_response) < 2)
data/postgresql-12-12.4/src/backend/libpq/auth.c:1734:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	else if (ident_response[strlen(ident_response) - 2] != '\r')
data/postgresql-12-12.4/src/backend/libpq/auth.c:1925:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		rc = send(sock_fd, ident_query, strlen(ident_query), 0);
data/postgresql-12-12.4/src/backend/libpq/auth.c:2078:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (strlen(passwd) == 0)
data/postgresql-12-12.4/src/backend/libpq/auth.c:2855:3:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strlen(port->peer_cn) <= 0)
data/postgresql-12-12.4/src/backend/libpq/auth.c:2994:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(passwd) > RADIUS_MAX_PASSWORD_LENGTH)
data/postgresql-12-12.4/src/backend/libpq/auth.c:3122:84:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	radius_add_attribute(packet, RADIUS_USER_NAME, (const unsigned char *) user_name, strlen(user_name));
data/postgresql-12-12.4/src/backend/libpq/auth.c:3123:90:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	radius_add_attribute(packet, RADIUS_NAS_IDENTIFIER, (const unsigned char *) identifier, strlen(identifier));
data/postgresql-12-12.4/src/backend/libpq/auth.c:3131:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	encryptedpasswordlen = ((strlen(passwd) + RADIUS_VECTOR_LENGTH - 1) / RADIUS_VECTOR_LENGTH) * RADIUS_VECTOR_LENGTH;
data/postgresql-12-12.4/src/backend/libpq/auth.c:3132:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	cryptvector = palloc(strlen(secret) + RADIUS_VECTOR_LENGTH);
data/postgresql-12-12.4/src/backend/libpq/auth.c:3133:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	memcpy(cryptvector, secret, strlen(secret));
data/postgresql-12-12.4/src/backend/libpq/auth.c:3139:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		memcpy(cryptvector + strlen(secret), md5trailer, RADIUS_VECTOR_LENGTH);
data/postgresql-12-12.4/src/backend/libpq/auth.c:3147:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!pg_md5_binary(cryptvector, strlen(secret) + RADIUS_VECTOR_LENGTH, encryptedpassword + i))
data/postgresql-12-12.4/src/backend/libpq/auth.c:3158:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (j < strlen(passwd))
data/postgresql-12-12.4/src/backend/libpq/auth.c:3340:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cryptvector = palloc(packetlength + strlen(secret));
data/postgresql-12-12.4/src/backend/libpq/auth.c:3349:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		memcpy(cryptvector + packetlength, secret, strlen(secret));
data/postgresql-12-12.4/src/backend/libpq/auth.c:3352:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						   packetlength + strlen(secret),
data/postgresql-12-12.4/src/backend/libpq/be-fsstubs.c:445:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	while ((nbytes = read(fd, buf, BUFSIZE)) > 0)
data/postgresql-12-12.4/src/backend/libpq/be-fsstubs.c:500:11:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	oumask = umask(S_IWGRP | S_IWOTH);
data/postgresql-12-12.4/src/backend/libpq/be-fsstubs.c:508:3:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
		umask(oumask);
data/postgresql-12-12.4/src/backend/libpq/be-fsstubs.c:512:2:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	umask(oumask);
data/postgresql-12-12.4/src/backend/libpq/be-secure-common.c:116:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(buf);
data/postgresql-12-12.4/src/backend/libpq/be-secure-gssapi.c:492:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (pg_krb_server_keyfile != NULL && strlen(pg_krb_server_keyfile) > 0)
data/postgresql-12-12.4/src/backend/libpq/be-secure-openssl.c:502:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (len != strlen(peer_cn))
data/postgresql-12-12.4/src/backend/libpq/be-secure-openssl.c:1338:24:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
#error OpenSSL version mismatch
data/postgresql-12-12.4/src/backend/libpq/crypt.c:100:3:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strlen(shadow_pass) == MD5_PASSWD_LEN &&
data/postgresql-12-12.4/src/backend/libpq/crypt.c:137:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!pg_md5_encrypt(password, role, strlen(role),
data/postgresql-12-12.4/src/backend/libpq/crypt.c:195:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!pg_md5_encrypt(shadow_pass + strlen("md5"),
data/postgresql-12-12.4/src/backend/libpq/crypt.c:256:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
								strlen(role),
data/postgresql-12-12.4/src/backend/libpq/hba.c:293:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	toklen = strlen(token);
data/postgresql-12-12.4/src/backend/libpq/hba.c:392:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		inc_fullname = (char *) palloc(strlen(outer_filename) + 1 +
data/postgresql-12-12.4/src/backend/libpq/hba.c:393:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
									   strlen(inc_filename) + 1);
data/postgresql-12-12.4/src/backend/libpq/hba.c:504:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(rawline) == MAX_LINE - 1)
data/postgresql-12-12.4/src/backend/libpq/hba.c:516:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		lineptr = rawline + strlen(rawline) - 1;
data/postgresql-12-12.4/src/backend/libpq/hba.c:677:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_t		plen = strlen(pattern);
data/postgresql-12-12.4/src/backend/libpq/hba.c:678:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_t		hlen = strlen(actual_hostname);
data/postgresql-12-12.4/src/backend/libpq/hba.c:2757:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		wstr = palloc((strlen(parsedline->ident_user + 1) + 1) * sizeof(pg_wchar));
data/postgresql-12-12.4/src/backend/libpq/hba.c:2759:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
									wstr, strlen(parsedline->ident_user + 1));
data/postgresql-12-12.4/src/backend/libpq/hba.c:2815:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		wstr = palloc((strlen(ident_user) + 1) * sizeof(pg_wchar));
data/postgresql-12-12.4/src/backend/libpq/hba.c:2816:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		wlen = pg_mb2wchar_with_len(ident_user, wstr, strlen(ident_user));
data/postgresql-12-12.4/src/backend/libpq/hba.c:2858:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			regexp_pgrole = palloc0(strlen(identLine->pg_role) - 2 + (matches[1].rm_eo - matches[1].rm_so) + 1);
data/postgresql-12-12.4/src/backend/libpq/pqcomm.c:371:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(unixSocketPath) >= UNIXSOCK_PATH_BUFLEN)
data/postgresql-12-12.4/src/backend/libpq/pqformat.c:151:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		slen = strlen(p);
data/postgresql-12-12.4/src/backend/libpq/pqformat.c:181:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		slen = strlen(p);
data/postgresql-12-12.4/src/backend/libpq/pqformat.c:199:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			slen = strlen(str);
data/postgresql-12-12.4/src/backend/libpq/pqformat.c:205:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		slen = strlen(p);
data/postgresql-12-12.4/src/backend/libpq/pqformat.c:371:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			slen = strlen(str);
data/postgresql-12-12.4/src/backend/libpq/pqformat.c:377:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(void) pq_putmessage(msgtype, p, strlen(p) + 1);
data/postgresql-12-12.4/src/backend/libpq/pqformat.c:562:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		*nbytes = strlen(p);
data/postgresql-12-12.4/src/backend/libpq/pqformat.c:593:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	slen = strlen(str);
data/postgresql-12-12.4/src/backend/libpq/pqformat.c:622:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	slen = strlen(str);
data/postgresql-12-12.4/src/backend/libpq/pqmq.c:274:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (strlen(value) != 5)
data/postgresql-12-12.4/src/backend/nodes/equalfuncs.c:55:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (!equal(a->fldname, b->fldname)) \
data/postgresql-12-12.4/src/backend/nodes/equalfuncs.c:2336:7:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	if (!equal(&a->val, &b->val))	/* hack for in-line Value field */
data/postgresql-12-12.4/src/backend/nodes/equalfuncs.c:2930:10:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
				if (!equal(lfirst(item_a), lfirst(item_b)))
data/postgresql-12-12.4/src/backend/nodes/equalfuncs.c:2998:1:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
equal(const void *a, const void *b)
data/postgresql-12-12.4/src/backend/nodes/extensible.c:57:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(extnodename) >= EXTNODENAME_MAX_LEN)
data/postgresql-12-12.4/src/backend/nodes/list.c:453:7:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (equal(lfirst(cell), datum))
data/postgresql-12-12.4/src/backend/nodes/list.c:578:7:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (equal(lfirst(cell), datum))
data/postgresql-12-12.4/src/backend/optimizer/path/clausesel.c:385:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (!equal(var, rqelem->var))
data/postgresql-12-12.4/src/backend/optimizer/path/equivclass.c:171:6:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	if (equal(item1, item2))
data/postgresql-12-12.4/src/backend/optimizer/path/equivclass.c:278:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (!equal(opfamilies, cur_ec->ec_opfamilies))
data/postgresql-12-12.4/src/backend/optimizer/path/equivclass.c:297:5:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
				equal(item1, cur_em->em_expr))
data/postgresql-12-12.4/src/backend/optimizer/path/equivclass.c:307:5:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
				equal(item2, cur_em->em_expr))
data/postgresql-12-12.4/src/backend/optimizer/path/equivclass.c:665:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (!equal(opfamilies, cur_ec->ec_opfamilies))
data/postgresql-12-12.4/src/backend/optimizer/path/equivclass.c:688:5:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
				equal(expr, cur_em->em_expr))
data/postgresql-12-12.4/src/backend/optimizer/path/equivclass.c:1738:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (!equal(rinfo->mergeopfamilies, cur_ec->ec_opfamilies))
data/postgresql-12-12.4/src/backend/optimizer/path/equivclass.c:1747:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			if (equal(outervar, cur_em->em_expr))
data/postgresql-12-12.4/src/backend/optimizer/path/equivclass.c:1856:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (!equal(rinfo->mergeopfamilies, cur_ec->ec_opfamilies))
data/postgresql-12-12.4/src/backend/optimizer/path/equivclass.c:1888:9:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
				if (equal(leftvar, cfirst) && equal(rightvar, csecond))
data/postgresql-12-12.4/src/backend/optimizer/path/equivclass.c:1888:35:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
				if (equal(leftvar, cfirst) && equal(rightvar, csecond))
data/postgresql-12-12.4/src/backend/optimizer/path/equivclass.c:2004:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			if (equal(item1, em->em_expr))
data/postgresql-12-12.4/src/backend/optimizer/path/equivclass.c:2006:13:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			else if (equal(item2, em->em_expr))
data/postgresql-12-12.4/src/backend/optimizer/path/equivclass.c:2093:9:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
				if (equal(opfamilies, ec->ec_opfamilies))
data/postgresql-12-12.4/src/backend/optimizer/path/indxpath.c:1793:7:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (equal(node, oldnode))
data/postgresql-12-12.4/src/backend/optimizer/path/indxpath.c:3795:7:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (equal(indexkey, operand))
data/postgresql-12-12.4/src/backend/optimizer/path/joinrels.c:1699:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			if (equal(lfirst(lc), expr))
data/postgresql-12-12.4/src/backend/optimizer/path/joinrels.c:1716:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			if (equal(lfirst(lc), expr))
data/postgresql-12-12.4/src/backend/optimizer/path/pathkeys.c:615:6:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	if (equal(partexpr, clause))
data/postgresql-12-12.4/src/backend/optimizer/path/pathkeys.c:622:7:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (equal(partexpr, arg))
data/postgresql-12-12.4/src/backend/optimizer/path/pathkeys.c:911:11:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
					if (!equal(tle_expr, sub_expr))
data/postgresql-12-12.4/src/backend/optimizer/plan/createplan.c:4845:9:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
				if (equal(node, indexkey))
data/postgresql-12-12.4/src/backend/optimizer/plan/createplan.c:5998:7:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (equal(emexpr, tlexpr))
data/postgresql-12-12.4/src/backend/optimizer/plan/planagg.c:308:5:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
				equal(mminfo->target, curTarget->expr))
data/postgresql-12-12.4/src/backend/optimizer/plan/planner.c:2165:7:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			&& equal(scanjoin_target->exprs, current_rel->reltarget->exprs);
data/postgresql-12-12.4/src/backend/optimizer/plan/planner.c:3263:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			if (equal(gc, sc))
data/postgresql-12-12.4/src/backend/optimizer/plan/setrefs.c:1116:9:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			if (!equal(ptle->expr, ctle->expr))
data/postgresql-12-12.4/src/backend/optimizer/plan/setrefs.c:1558:23:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			Assert(!g->cols || equal(cols, g->cols));
data/postgresql-12-12.4/src/backend/optimizer/plan/setrefs.c:1677:6:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
					equal(mminfo->target, curTarget->expr))
data/postgresql-12-12.4/src/backend/optimizer/plan/setrefs.c:2313:4:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			equal(node, tle->expr))
data/postgresql-12-12.4/src/backend/optimizer/plan/setrefs.c:2587:6:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
					equal(mminfo->target, curTarget->expr))
data/postgresql-12-12.4/src/backend/optimizer/plan/subselect.c:563:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		char	   *ptr = splan->plan_name + strlen(splan->plan_name);
data/postgresql-12-12.4/src/backend/optimizer/prep/prepqual.c:602:10:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
				if (!equal(refclause, clause))
data/postgresql-12-12.4/src/backend/optimizer/prep/prepunion.c:896:5:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
				equal(op->colTypes, top_union->colTypes))
data/postgresql-12-12.4/src/backend/optimizer/util/paramassign.c:326:7:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (equal(var, nlp->paramval))
data/postgresql-12-12.4/src/backend/optimizer/util/paramassign.c:375:7:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (equal(phv, nlp->paramval))
data/postgresql-12-12.4/src/backend/optimizer/util/paramassign.c:453:13:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
					Assert(equal(var, nlp->paramval));
data/postgresql-12-12.4/src/backend/optimizer/util/paramassign.c:484:13:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
					Assert(equal(phv, nlp->paramval));
data/postgresql-12-12.4/src/backend/optimizer/util/pathnode.c:2609:3:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		equal(oldtarget->exprs, target->exprs))
data/postgresql-12-12.4/src/backend/optimizer/util/plancat.c:918:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			if (equal(elem->expr, nattExpr))
data/postgresql-12-12.4/src/backend/optimizer/util/predtest.c:1120:6:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	if (equal((Node *) predicate, clause))
data/postgresql-12-12.4/src/backend/optimizer/util/predtest.c:1204:4:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			equal(((NullTest *) clause)->arg, isnullarg))
data/postgresql-12-12.4/src/backend/optimizer/util/predtest.c:1224:4:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			equal(((NullTest *) predicate)->arg, isnullarg))
data/postgresql-12-12.4/src/backend/optimizer/util/predtest.c:1339:6:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	if (equal(clause, subexpr))
data/postgresql-12-12.4/src/backend/optimizer/util/predtest.c:1701:6:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	if (equal(pred_leftop, clause_leftop))
data/postgresql-12-12.4/src/backend/optimizer/util/predtest.c:1703:7:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (equal(pred_rightop, clause_rightop))
data/postgresql-12-12.4/src/backend/optimizer/util/predtest.c:1719:11:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	else if (equal(pred_rightop, clause_rightop))
data/postgresql-12-12.4/src/backend/optimizer/util/predtest.c:1736:11:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	else if (equal(pred_leftop, clause_rightop))
data/postgresql-12-12.4/src/backend/optimizer/util/predtest.c:1738:7:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (equal(pred_rightop, clause_leftop))
data/postgresql-12-12.4/src/backend/optimizer/util/predtest.c:1762:11:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	else if (equal(pred_rightop, clause_leftop))
data/postgresql-12-12.4/src/backend/optimizer/util/tlist.c:81:7:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (equal(node, tlentry->expr))
data/postgresql-12-12.4/src/backend/optimizer/util/tlist.c:109:7:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (equal(node, tlexpr))
data/postgresql-12-12.4/src/backend/optimizer/util/tlist.c:253:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (!equal(tle1->expr, tle2->expr))
data/postgresql-12-12.4/src/backend/optimizer/util/tlist.c:1224:4:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			equal(item->expr, node))
data/postgresql-12-12.4/src/backend/parser/gram.c:25231:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#   define yystrlen strlen
data/postgresql-12-12.4/src/backend/parser/gram.c:46197:5:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			!equal(lastd->argType, firsto->argType))
data/postgresql-12-12.4/src/backend/parser/parse_agg.c:1008:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			if (equal(refwin->partitionClause, windef->partitionClause) &&
data/postgresql-12-12.4/src/backend/parser/parse_agg.c:1009:5:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
				equal(refwin->orderClause, windef->orderClause) &&
data/postgresql-12-12.4/src/backend/parser/parse_agg.c:1011:5:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
				equal(refwin->startOffset, windef->startOffset) &&
data/postgresql-12-12.4/src/backend/parser/parse_agg.c:1012:5:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
				equal(refwin->endOffset, windef->endOffset))
data/postgresql-12-12.4/src/backend/parser/parse_agg.c:1327:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			if (equal(node, tle->expr))
data/postgresql-12-12.4/src/backend/parser/parse_agg.c:1566:11:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
						if (equal(expr, tle->expr))
data/postgresql-12-12.4/src/backend/parser/parse_clause.c:1907:12:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
						if (!equal(target_result->expr, tle->expr))
data/postgresql-12-12.4/src/backend/parser/parse_clause.c:2021:7:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (equal(expr, texpr))
data/postgresql-12-12.4/src/backend/parser/parse_relation.c:573:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	matchlen = strlen(match);
data/postgresql-12-12.4/src/backend/parser/parse_relation.c:575:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		varstr_levenshtein_less_equal(actual, strlen(actual), match, matchlen,
data/postgresql-12-12.4/src/backend/parser/parse_relation.c:883:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					varstr_levenshtein_less_equal(alias, strlen(alias),
data/postgresql-12-12.4/src/backend/parser/parse_relation.c:885:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
												  strlen(rte->eref->aliasname),
data/postgresql-12-12.4/src/backend/parser/parse_type.c:750:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strspn(str, " \t\n\r\f") == strlen(str))
data/postgresql-12-12.4/src/backend/parser/parse_utilcmd.c:1930:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			if (equal(index->indexParams, priorindex->indexParams) &&
data/postgresql-12-12.4/src/backend/parser/parse_utilcmd.c:1931:5:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
				equal(index->indexIncludingParams, priorindex->indexIncludingParams) &&
data/postgresql-12-12.4/src/backend/parser/parse_utilcmd.c:1932:5:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
				equal(index->whereClause, priorindex->whereClause) &&
data/postgresql-12-12.4/src/backend/parser/parse_utilcmd.c:1933:5:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
				equal(index->excludeOpNames, priorindex->excludeOpNames) &&
data/postgresql-12-12.4/src/backend/parser/parse_utilcmd.c:3831:9:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
				if (equal(value, value2))
data/postgresql-12-12.4/src/backend/parser/scan.c:9188:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			     (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/postgresql-12-12.4/src/backend/parser/scan.c:9943:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					identlen = strlen(ident);
data/postgresql-12-12.4/src/backend/parser/scan.c:9969:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					identlen = strlen(ident);
data/postgresql-12-12.4/src/backend/parser/scan.c:11024:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return yy_scan_bytes( yystr, (int) strlen(yystr) , yyscanner);
data/postgresql-12-12.4/src/backend/parser/scan.c:11506:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	Size		slen = strlen(str);
data/postgresql-12-12.4/src/backend/parser/scansup.c:46:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(s);
data/postgresql-12-12.4/src/backend/partitioning/partbounds.c:1068:14:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
							bool		equal;
data/postgresql-12-12.4/src/backend/partitioning/partbounds.c:1074:17:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
															&equal);
data/postgresql-12-12.4/src/backend/partitioning/partbounds.c:1075:27:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
							if (offset >= 0 && equal)
data/postgresql-12-12.4/src/backend/partitioning/partbounds.c:1124:12:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
					bool		equal;
data/postgresql-12-12.4/src/backend/partitioning/partbounds.c:1150:16:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
													 &equal);
data/postgresql-12-12.4/src/backend/partitioning/partprune.c:1764:7:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (equal(leftop, partkey))
data/postgresql-12-12.4/src/backend/partitioning/partprune.c:1766:12:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		else if (equal(rightop, partkey))
data/postgresql-12-12.4/src/backend/partitioning/partprune.c:2008:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (!equal(leftop, partkey) ||
data/postgresql-12-12.4/src/backend/partitioning/partprune.c:2235:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (!equal(arg, partkey))
data/postgresql-12-12.4/src/backend/partitioning/partprune.c:3531:7:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (equal(leftop, partkey))
data/postgresql-12-12.4/src/backend/partitioning/partprune.c:3550:7:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (equal(leftop, partkey))
data/postgresql-12-12.4/src/backend/partitioning/partprune.c:3554:12:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		else if (equal(negate_clause((Node *) leftop), partkey))
data/postgresql-12-12.4/src/backend/postmaster/autovacuum.c:3151:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(activity);
data/postgresql-12-12.4/src/backend/postmaster/autovacuum.c:3186:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(activity);
data/postgresql-12-12.4/src/backend/postmaster/fork_process.c:104:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				rc = write(fd, oomvalue, strlen(oomvalue));
data/postgresql-12-12.4/src/backend/postmaster/pgarch.c:586:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					dp += strlen(dp);
data/postgresql-12-12.4/src/backend/postmaster/pgarch.c:592:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					dp += strlen(dp);
data/postgresql-12-12.4/src/backend/postmaster/pgarch.c:725:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int			basenamelen = (int) strlen(rlde->d_name) - 6;
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:3169:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = Min(strlen(cmd_str), pgstat_track_activity_query_size - 1);
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:3303:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = pg_mbcliplen(appname, strlen(appname), NAMEDATALEN - 1);
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:5237:11:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		switch (fgetc(fpin))
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:5411:11:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		switch (fgetc(fpin))
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:5592:11:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		switch (fgetc(fpin))
data/postgresql-12-12.4/src/backend/postmaster/pgstat.c:6561:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	rawlen = strlen(activity);
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:590:2:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	umask(PG_MODE_MASK_OWNER);
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:753:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				snprintf(ExtraOptions + strlen(ExtraOptions),
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:754:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						 sizeof(ExtraOptions) - strlen(ExtraOptions),
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:2103:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			valoffset = offset + strlen(nameptr) + 1;
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:2169:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			offset = valoffset + strlen(valptr) + 1;
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:2202:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(port->database_name) > sizeof(packet->database))
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:2205:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(port->user_name) > sizeof(packet->user))
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:2208:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(port->cmdline_options) > sizeof(packet->options))
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:2232:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			port->user_name + strlen(port->user_name) - 1)
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:2245:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(port->database_name) >= NAMEDATALEN)
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:2247:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(port->user_name) >= NAMEDATALEN)
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:4205:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		rc = send(port->sock, buffer, strlen(buffer) + 1, 0);
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:4327:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strspn(remote_host, "0123456789.") < strlen(remote_host) &&
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:4328:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strspn(remote_host, "0123456789ABCDEFabcdef:") < strlen(remote_host))
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:4412:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	maxac += (strlen(ExtraOptions) + 1) / 2;
data/postgresql-12-12.4/src/backend/postmaster/postmaster.c:4666:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		j = strlen(cmdLine);
data/postgresql-12-12.4/src/backend/postmaster/syslogger.c:472:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			bytesRead = read(syslogPipe[0],
data/postgresql-12-12.4/src/backend/postmaster/syslogger.c:765:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
		strcpy(filenobuf, "0");
data/postgresql-12-12.4/src/backend/postmaster/syslogger.c:780:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
		strcpy(csvfilenobuf, "0");
data/postgresql-12-12.4/src/backend/postmaster/syslogger.c:1207:11:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	oumask = umask((mode_t) ((~(Log_file_mode | S_IWUSR)) & (S_IRWXU | S_IRWXG | S_IRWXO)));
data/postgresql-12-12.4/src/backend/postmaster/syslogger.c:1209:2:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	umask(oumask);
data/postgresql-12-12.4/src/backend/postmaster/syslogger.c:1399:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(filename);
data/postgresql-12-12.4/src/backend/postmaster/syslogger.c:1407:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(filename);
data/postgresql-12-12.4/src/backend/postmaster/syslogger.c:1472:11:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	oumask = umask(pg_mode_mask);
data/postgresql-12-12.4/src/backend/postmaster/syslogger.c:1474:2:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	umask(oumask);
data/postgresql-12-12.4/src/backend/regex/regc_locale.c:398:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(cn->name) == len &&
data/postgresql-12-12.4/src/backend/regex/regc_locale.c:566:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(*namePtr) == len &&
data/postgresql-12-12.4/src/backend/regex/regerror.c:107:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(msg) + 1;		/* space needed, including NUL */
data/postgresql-12-12.4/src/backend/replication/basebackup.c:250:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	datadirpathlen = strlen(DataDir);
data/postgresql-12-12.4/src/backend/replication/basebackup.c:800:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	pq_sendint32(buf, strlen(is));
data/postgresql-12-12.4/src/backend/replication/basebackup.c:801:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	pq_sendbytes(buf, is, strlen(is));
data/postgresql-12-12.4/src/backend/replication/basebackup.c:858:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = strlen(ti->oid);
data/postgresql-12-12.4/src/backend/replication/basebackup.c:862:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = strlen(ti->path);
data/postgresql-12-12.4/src/backend/replication/basebackup.c:944:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(content);
data/postgresql-12-12.4/src/backend/replication/basebackup.c:1018:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size += sendDir(pathbuf, strlen(path), sizeonly, NIL, true);
data/postgresql-12-12.4/src/backend/replication/basebackup.c:1058:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strspn(lastDir + 1, "0123456789") == strlen(lastDir + 1))
data/postgresql-12-12.4/src/backend/replication/basebackup.c:1090:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					strlen(PG_TEMP_FILE_PREFIX)) == 0)
data/postgresql-12-12.4/src/backend/replication/basebackup.c:1114:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			int			cmplen = strlen(excludeFiles[excludeIdx].name);
data/postgresql-12-12.4/src/backend/replication/basebackup.c:1361:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			int			cmplen = strlen(noChecksumFiles[excludeIdx].name);
data/postgresql-12-12.4/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c:318:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (ret && strlen(ret) != 0)
data/postgresql-12-12.4/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c:322:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (ret && strlen(ret) != 0)
data/postgresql-12-12.4/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c:433:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
										   strlen(pubnames_str));
data/postgresql-12-12.4/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c:1038:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		val_escaped = PQescapeIdentifier(conn, val, strlen(val));
data/postgresql-12-12.4/src/backend/replication/logical/message.c:67:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	xlrec.prefix_size = strlen(prefix) + 1;
data/postgresql-12-12.4/src/backend/replication/logical/origin.c:718:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	readBytes = read(fd, &magic, sizeof(magic));
data/postgresql-12-12.4/src/backend/replication/logical/origin.c:746:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		readBytes = read(fd, &disk_state, sizeof(disk_state));
data/postgresql-12-12.4/src/backend/replication/logical/proto.c:494:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pq_sendcountedtext(out, outputstr, strlen(outputstr), false);
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:2402:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				Size		prefix_size = strlen(change->data.msg.prefix) + 1;
data/postgresql-12-12.4/src/backend/replication/logical/reorderbuffer.c:3326:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		readBytes = read(fd, &map, sizeof(LogicalRewriteMappingData));
data/postgresql-12-12.4/src/backend/replication/logical/snapbuild.c:1733:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	readBytes = read(fd, &ondisk, SnapBuildOnDiskConstantSize);
data/postgresql-12-12.4/src/backend/replication/logical/snapbuild.c:1775:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	readBytes = read(fd, &ondisk.builder, sizeof(SnapBuild));
data/postgresql-12-12.4/src/backend/replication/logical/snapbuild.c:1803:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	readBytes = read(fd, ondisk.builder.was_running.was_xip, sz);
data/postgresql-12-12.4/src/backend/replication/logical/snapbuild.c:1830:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	readBytes = read(fd, ondisk.builder.committed.xip, sz);
data/postgresql-12-12.4/src/backend/replication/logical/worker.c:1550:7:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	if (!equal(newsub->publications, MySubscription->publications))
data/postgresql-12-12.4/src/backend/replication/repl_gram.c:854:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#   define yystrlen strlen
data/postgresql-12-12.4/src/backend/replication/repl_scanner.c:1091:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			     (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/postgresql-12-12.4/src/backend/replication/repl_scanner.c:1484:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					len = strlen(yylval.str);
data/postgresql-12-12.4/src/backend/replication/repl_scanner.c:1501:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					int len = strlen(yytext);
data/postgresql-12-12.4/src/backend/replication/repl_scanner.c:2250:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return yy_scan_bytes( yystr, (int) strlen(yystr) );
data/postgresql-12-12.4/src/backend/replication/repl_scanner.c:2538:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	Size		slen = strlen(str);
data/postgresql-12-12.4/src/backend/replication/slot.c:178:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(name) == 0)
data/postgresql-12-12.4/src/backend/replication/slot.c:187:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(name) >= NAMEDATALEN)
data/postgresql-12-12.4/src/backend/replication/slot.c:1440:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	readBytes = read(fd, &cp, ReplicationSlotOnDiskConstantSize);
data/postgresql-12-12.4/src/backend/replication/slot.c:1479:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	readBytes = read(fd,
data/postgresql-12-12.4/src/backend/replication/syncrep.c:1122:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		standby_name += strlen(standby_name) + 1;
data/postgresql-12-12.4/src/backend/replication/syncrep_gram.c:767:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#   define yystrlen strlen
data/postgresql-12-12.4/src/backend/replication/syncrep_gram.c:1565:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size += strlen(standby_name) + 1;
data/postgresql-12-12.4/src/backend/replication/syncrep_gram.c:1581:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ptr += strlen(standby_name) + 1;
data/postgresql-12-12.4/src/backend/replication/syncrep_scanner.c:876:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			     (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/postgresql-12-12.4/src/backend/replication/syncrep_scanner.c:1866:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return yy_scan_bytes( yystr, (int) strlen(yystr) );
data/postgresql-12-12.4/src/backend/replication/syncrep_scanner.c:2136:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	Size		slen = strlen(str);
data/postgresql-12-12.4/src/backend/replication/walsender.c:478:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(histfname);
data/postgresql-12-12.4/src/backend/replication/walsender.c:508:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		nread = read(fd, rbuf.data, sizeof(rbuf));
data/postgresql-12-12.4/src/backend/replication/walsender.c:2476:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		readbytes = read(sendFile, p, segbytes);
data/postgresql-12-12.4/src/backend/rewrite/rewriteHandler.c:1027:7:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	if (!equal(priorbottom, src_input))
data/postgresql-12-12.4/src/backend/snowball/dict_snowball.c:275:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			recoded = pg_server_to_any(txt, strlen(txt), PG_UTF8);
data/postgresql-12-12.4/src/backend/snowball/dict_snowball.c:285:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		SN_set_current(d->z, strlen(txt), (symbol *) txt);
data/postgresql-12-12.4/src/backend/snowball/dict_snowball.c:301:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			recoded = pg_any_to_server(txt, strlen(txt), PG_UTF8);
data/postgresql-12-12.4/src/backend/statistics/mcv.c:796:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				len = strlen(DatumGetCString(values[dim][i])) + 1;
data/postgresql-12-12.4/src/backend/statistics/mcv.c:909:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				uint32		len = (uint32) strlen(DatumGetCString(value)) + 1;
data/postgresql-12-12.4/src/backend/storage/file/copydir.c:190:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		nbytes = read(srcfd, buffer, COPY_BUF_SIZE);
data/postgresql-12-12.4/src/backend/storage/file/fd.c:1010:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), "%d ", mru);
data/postgresql-12-12.4/src/backend/storage/file/fd.c:1010:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), "%d ", mru);
data/postgresql-12-12.4/src/backend/storage/file/fd.c:1012:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), "LEAST");
data/postgresql-12-12.4/src/backend/storage/file/fd.c:1012:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), "LEAST");
data/postgresql-12-12.4/src/backend/storage/file/fd.c:2980:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					strlen(PG_TEMP_FILE_PREFIX)) == 0)
data/postgresql-12-12.4/src/backend/storage/file/fd.c:3038:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strspn(de->d_name, "0123456789") != strlen(de->d_name))
data/postgresql-12-12.4/src/backend/storage/file/fd.c:3445:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(parentpath) == 0)
data/postgresql-12-12.4/src/backend/storage/file/reinit.c:134:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strspn(de->d_name, "0123456789") != strlen(de->d_name))
data/postgresql-12-12.4/src/backend/storage/file/reinit.c:304:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					 strlen(forkNames[INIT_FORKNUM]));
data/postgresql-12-12.4/src/backend/storage/file/reinit.c:342:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					 strlen(forkNames[INIT_FORKNUM]));
data/postgresql-12-12.4/src/backend/storage/file/sharedfileset.c:247:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	uint32		hash = hash_any((const unsigned char *) name, strlen(name));
data/postgresql-12-12.4/src/backend/storage/ipc/dsm.c:295:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					strlen(PG_DYNSHMEM_MMAP_FILE_PREFIX)) == 0)
data/postgresql-12-12.4/src/backend/storage/ipc/latch.c:1575:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		rc = read(selfpipe_readfd, buf, sizeof(buf));
data/postgresql-12-12.4/src/backend/storage/ipc/pmsignal.c:325:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		rc = read(postmaster_alive_fds[POSTMASTER_FD_WATCH], &c, 1);
data/postgresql-12-12.4/src/backend/storage/ipc/shm_mq.c:1023:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		uint64		read;
data/postgresql-12-12.4/src/backend/storage/ipc/shm_mq.c:1034:20:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		used = written - read;
data/postgresql-12-12.4/src/backend/storage/ipc/shm_mq.c:1036:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		offset = read % (uint64) ringsize;
data/postgresql-12-12.4/src/backend/storage/lmgr/lwlock.c:369:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size = add_size(size, strlen(NamedLWLockTrancheRequestArray[i].tranche_name) + 1);
data/postgresql-12-12.4/src/backend/storage/lmgr/lwlock.c:477:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			trancheNames += strlen(request->tranche_name) + 1;
data/postgresql-12-12.4/src/backend/storage/lmgr/lwlock.c:669:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	Assert(strlen(tranche_name) + 1 < NAMEDATALEN);
data/postgresql-12-12.4/src/backend/storage/smgr/md.c:331:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		char	   *segpath = (char *) palloc(strlen(path) + 12);
data/postgresql-12-12.4/src/backend/tcop/dest.c:178:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			pq_putmessage('C', commandTag, strlen(commandTag) + 1);
data/postgresql-12-12.4/src/backend/tcop/fastpath.c:161:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			pq_sendcountedtext(&buf, outputstr, strlen(outputstr), false);
data/postgresql-12-12.4/src/backend/tcop/postgres.c:316:6:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	c = getc(stdin);
data/postgresql-12-12.4/src/backend/tcop/postgres.c:652:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (!equal(new_list, raw_parsetree_list))
data/postgresql-12-12.4/src/backend/tcop/postgres.c:801:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (!equal(new_list, querytree_list))
data/postgresql-12-12.4/src/backend/tcop/postgres.c:841:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (!equal(new_list, querytree_list))
data/postgresql-12-12.4/src/backend/tcop/postgres.c:894:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (!equal(new_plan, plan))
data/postgresql-12-12.4/src/backend/tcop/postgres.c:918:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (!equal(new_plan, plan))
data/postgresql-12-12.4/src/backend/tsearch/dict_synonym.c:190:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		d->syn[cur].outlen = strlen(starto);
data/postgresql-12-12.4/src/backend/tsearch/dict_thesaurus.c:415:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
															 Int32GetDatum(strlen(d->wrds[i].lexeme)),
data/postgresql-12-12.4/src/backend/tsearch/dict_thesaurus.c:541:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
																	 Int32GetDatum(strlen(inptr->lexeme)),
data/postgresql-12-12.4/src/backend/tsearch/regis.c:87:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			len = strlen(str);
data/postgresql-12-12.4/src/backend/tsearch/spell.c:163:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char	   *res = cpalloc(strlen(str) + 1);
data/postgresql-12-12.4/src/backend/tsearch/spell.c:189:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define STRNCMP(s,p)	strncmp( (s), (p), strlen(p) )
data/postgresql-12-12.4/src/backend/tsearch/spell.c:258:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			l1 = strlen((const char *) s1) - 1,
data/postgresql-12-12.4/src/backend/tsearch/spell.c:259:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				l2 = strlen((const char *) s2) - 1;
data/postgresql-12-12.4/src/backend/tsearch/spell.c:281:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			l1 = strlen((const char *) s1) - 1,
data/postgresql-12-12.4/src/backend/tsearch/spell.c:282:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				l2 = strlen((const char *) s2) - 1,
data/postgresql-12-12.4/src/backend/tsearch/spell.c:500:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	Conf->Spell[Conf->nspell] = (SPELL *) tmpalloc(SPELLHDRSZ + strlen(word) + 1);
data/postgresql-12-12.4/src/backend/tsearch/spell.c:722:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		tmask = (char *) tmpalloc(strlen(mask) + 3);
data/postgresql-12-12.4/src/backend/tsearch/spell.c:728:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		masklen = strlen(tmask);
data/postgresql-12-12.4/src/backend/tsearch/spell.c:756:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((Affix->replen = strlen(repl)) > 0)
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1228:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			addCompoundAffixFlagValue(Conf, recoded + strlen("COMPOUNDFLAG"),
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1231:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			addCompoundAffixFlagValue(Conf, recoded + strlen("COMPOUNDBEGIN"),
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1234:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			addCompoundAffixFlagValue(Conf, recoded + strlen("COMPOUNDLAST"),
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1238:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			addCompoundAffixFlagValue(Conf, recoded + strlen("COMPOUNDEND"),
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1241:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			addCompoundAffixFlagValue(Conf, recoded + strlen("COMPOUNDMIDDLE"),
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1244:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			addCompoundAffixFlagValue(Conf, recoded + strlen("ONLYINCOMPOUND"),
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1248:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
									  recoded + strlen("COMPOUNDPERMITFLAG"),
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1252:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
									  recoded + strlen("COMPOUNDFORBIDFLAG"),
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1256:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			char	   *s = recoded + strlen("FLAG");
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1347:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		sflaglen = strlen(sflag);
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1587:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		*ptr = cpalloc(strlen(Conf->AffixData[a1]) +
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1588:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					   strlen(Conf->AffixData[a2]) +
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1594:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		*ptr = cpalloc(strlen(Conf->AffixData[a1]) +
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1595:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					   strlen(Conf->AffixData[a2]) +
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1757:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			Conf->Spell[i]->p.d.len = strlen(Conf->Spell[i]->word);
data/postgresql-12-12.4/src/backend/tsearch/spell.c:1795:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			Conf->Spell[i]->p.d.len = strlen(Conf->Spell[i]->word);
data/postgresql-12-12.4/src/backend/tsearch/spell.c:2109:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (baselen && *baselen + strlen(Affix->find) <= Affix->replen)
data/postgresql-12-12.4/src/backend/tsearch/spell.c:2133:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		newword_len = strlen(newword);
data/postgresql-12-12.4/src/backend/tsearch/spell.c:2170:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			wrdlen = strlen(word),
data/postgresql-12-12.4/src/backend/tsearch/spell.c:2239:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				swrdlen = strlen(newword);
data/postgresql-12-12.4/src/backend/tsearch/spell.c:2548:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int			wordlen = strlen(word);
data/postgresql-12-12.4/src/backend/tsearch/ts_locale.c:214:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(buf);
data/postgresql-12-12.4/src/backend/tsearch/ts_locale.c:241:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return lowerstr_with_len(str, strlen(str));
data/postgresql-12-12.4/src/backend/tsearch/ts_parse.c:236:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					curValLenLemm = strlen(res->lexeme);
data/postgresql-12-12.4/src/backend/tsearch/ts_parse.c:421:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				prs->words[prs->curwords].len = strlen(ptr->lexeme);
data/postgresql-12-12.4/src/backend/tsearch/ts_parse.c:509:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			hlfinditem(prs, query, savedpos, ptr->lexeme, strlen(ptr->lexeme));
data/postgresql-12-12.4/src/backend/tsearch/ts_utils.c:48:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strspn(basename, "abcdefghijklmnopqrstuvwxyz0123456789_") != strlen(basename))
data/postgresql-12-12.4/src/backend/tsearch/wparser_def.c:2636:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	prs->startsellen = strlen(prs->startsel);
data/postgresql-12-12.4/src/backend/tsearch/wparser_def.c:2637:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	prs->stopsellen = strlen(prs->stopsel);
data/postgresql-12-12.4/src/backend/tsearch/wparser_def.c:2638:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	prs->fragdelimlen = strlen(prs->fragdelim);
data/postgresql-12-12.4/src/backend/utils/adt/acl.c:242:5:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
				read;
data/postgresql-12-12.4/src/backend/utils/adt/acl.c:280:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
				goption |= read;
data/postgresql-12-12.4/src/backend/utils/adt/acl.c:328:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		privs |= read;
data/postgresql-12-12.4/src/backend/utils/adt/acl.c:599:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	out = palloc(strlen("=/") +
data/postgresql-12-12.4/src/backend/utils/adt/acl.c:1669:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		chunk_len = strlen(chunk);
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:328:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strncmp(p, ASSGN, strlen(ASSGN)) != 0)
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:334:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		p += strlen(ASSGN);
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:1186:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ptr += strlen(ptr);
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:1197:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define APPENDSTR(str)	(strcpy(p, (str)), p += strlen(p))
data/postgresql-12-12.4/src/backend/utils/adt/arrayfuncs.c:1693:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		p += strlen(p);
data/postgresql-12-12.4/src/backend/utils/adt/bool.c:32:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return parse_bool_with_len(value, strlen(value), result);
data/postgresql-12-12.4/src/backend/utils/adt/bool.c:144:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(str);
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:151:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strncmp(s, csymbol, strlen(csymbol)) == 0)
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:152:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		s += strlen(csymbol);
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:163:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strncmp(s, nsymbol, strlen(nsymbol)) == 0)
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:166:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		s += strlen(nsymbol);
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:173:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	else if (strncmp(s, psymbol, strlen(psymbol)) == 0)
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:174:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		s += strlen(psymbol);
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:183:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strncmp(s, csymbol, strlen(csymbol)) == 0)
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:184:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		s += strlen(csymbol);
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:227:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		else if (strncmp(s, ssymbol, strlen(ssymbol)) == 0)
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:228:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			s += strlen(ssymbol) - 1;
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:265:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		else if (strncmp(s, nsymbol, strlen(nsymbol)) == 0)
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:268:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			s += strlen(nsymbol);
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:270:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		else if (strncmp(s, psymbol, strlen(psymbol)) == 0)
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:271:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			s += strlen(psymbol);
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:272:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		else if (strncmp(s, csymbol, strlen(csymbol)) == 0)
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:273:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			s += strlen(csymbol);
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:392:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			bufptr -= strlen(ssymbol);
data/postgresql-12-12.4/src/backend/utils/adt/cash.c:393:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			memcpy(bufptr, ssymbol, strlen(ssymbol));
data/postgresql-12-12.4/src/backend/utils/adt/date.c:2787:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
										   strlen(tzname),
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:884:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						dterr = DecodeNumberField(strlen(field[i]), field[i],
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:1084:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							dterr = DecodeNumberField(strlen(field[i]), field[i],
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:1107:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					flen = strlen(field[i]);
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:1119:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					else if (cp != NULL && flen - strlen(cp) > 2)
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:1794:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						dterr = DecodeNumberField(strlen(field[i]), field[i],
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:1982:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							dterr = DecodeNumberField(strlen(field[i]), field[i],
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:2007:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					flen = strlen(field[i]);
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:2025:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						else if (flen - strlen(cp) > 2)
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:2409:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ((len = strlen(field[i])) <= 0)
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:2802:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(str);
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:2898:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	else if (*cp == '\0' && strlen(str) > 3)
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:3489:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(str) < 2 || str[0] != 'P')
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4027:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					str += strlen(str);
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4054:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					str += strlen(str);
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4098:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					str += strlen(str);
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4135:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return cp + strlen(cp);
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4158:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return cp + strlen(cp);
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4178:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return cp + strlen(cp);
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4256:6:  [1] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source is a constant character.
					sprintf(cp, "0");
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4274:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					cp += strlen(cp);
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4285:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					cp += strlen(cp);
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4292:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					cp += strlen(cp);
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4345:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				cp += strlen(cp);
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4354:4:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
			strcpy(cp, "@");
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4401:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(base[i].token) > TOKMAXLEN)
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4507:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strlen(abbr->zone) + 1;
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4546:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strlen(abbr->zone) + 1;
data/postgresql-12-12.4/src/backend/utils/adt/datetime.c:4812:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (tzn && strlen(tzn) > 31)
data/postgresql-12-12.4/src/backend/utils/adt/datum.c:102:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			size = (Size) (strlen(s) + 1);
data/postgresql-12-12.4/src/backend/utils/adt/enum.c:118:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(name) >= NAMEDATALEN)
data/postgresql-12-12.4/src/backend/utils/adt/enum.c:186:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(name) >= NAMEDATALEN)
data/postgresql-12-12.4/src/backend/utils/adt/enum.c:232:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	pq_sendtext(&buf, NameStr(en->enumlabel), strlen(NameStr(en->enumlabel)));
data/postgresql-12-12.4/src/backend/utils/adt/format_type.c:448:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_t		slen = strlen(typename);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:1409:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			len = strlen(num),
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2010:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return str_tolower(buff, strlen(buff), collid);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2016:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return str_toupper(buff, strlen(buff), collid);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2022:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return str_initcap(buff, strlen(buff), collid);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2028:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return asc_tolower(buff, strlen(buff));
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2034:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return asc_toupper(buff, strlen(buff));
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2452:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2462:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2468:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2474:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2480:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2494:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2501:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2508:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2515:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2521:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2527:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2535:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2546:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2554:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2562:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2568:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2576:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2581:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2588:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2594:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2600:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2606:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2616:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if (strlen(str) <= (n->key->len + TM_SUFFIX_LEN) * DCH_MAX_ITEM_SIZ)
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2626:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2636:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if (strlen(str) <= (n->key->len + TM_SUFFIX_LEN) * DCH_MAX_ITEM_SIZ)
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2646:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2656:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if (strlen(str) <= (n->key->len + TM_SUFFIX_LEN) * DCH_MAX_ITEM_SIZ)
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2666:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2676:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if (strlen(str) <= (n->key->len + TM_SUFFIX_LEN) * DCH_MAX_ITEM_SIZ)
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2685:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2695:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if (strlen(str) <= (n->key->len + TM_SUFFIX_LEN) * DCH_MAX_ITEM_SIZ)
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2704:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2714:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if (strlen(str) <= (n->key->len + TM_SUFFIX_LEN) * DCH_MAX_ITEM_SIZ)
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2723:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2730:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2738:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if (strlen(str) <= (n->key->len + TM_SUFFIX_LEN) * DCH_MAX_ITEM_SIZ)
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2748:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2756:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if (strlen(str) <= (n->key->len + TM_SUFFIX_LEN) * DCH_MAX_ITEM_SIZ)
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2766:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2774:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if (strlen(str) <= (n->key->len + TM_SUFFIX_LEN) * DCH_MAX_ITEM_SIZ)
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2784:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2792:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if (strlen(str) <= (n->key->len + TM_SUFFIX_LEN) * DCH_MAX_ITEM_SIZ)
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2801:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2809:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if (strlen(str) <= (n->key->len + TM_SUFFIX_LEN) * DCH_MAX_ITEM_SIZ)
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2818:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2826:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if (strlen(str) <= (n->key->len + TM_SUFFIX_LEN) * DCH_MAX_ITEM_SIZ)
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2835:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2845:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2851:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2858:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2865:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2872:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2879:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2887:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2907:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2915:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2930:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2945:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2960:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2973:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2980:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2987:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2993:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:2999:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s += strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:3518:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	fmt_len = strlen(fmt_str);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:4272:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
				strcat(result, "M");
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:4451:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if ((x = strlen(Np->L_negative_sign)) &&
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:4458:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			else if ((x = strlen(Np->L_positive_sign)) &&
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:4525:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int			x = strlen(Np->decimal);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:4570:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if ((x = strlen(Np->L_negative_sign)) &&
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:4577:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			else if ((x = strlen(Np->L_positive_sign)) &&
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:4667:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				Np->inout_p += strlen(Np->inout_p);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:4733:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					Np->inout_p += strlen(Np->inout_p);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:4743:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					Np->inout_p += strlen(Np->inout_p);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:4805:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				Np->inout_p += strlen(Np->inout_p);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:5075:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					pattern_len = strlen(pattern);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:5123:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						Np->inout_p += strlen(pattern) - 1;
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:5136:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						Np->inout_p += strlen(Np->inout_p) - 1;
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:5141:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						Np->inout_p += strlen(Np->inout_p) - 1;
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:5149:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						Np->inout_p += strlen(Np->inout_p) - 1;
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:5154:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						Np->inout_p += strlen(Np->inout_p) - 1;
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:5271:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				Np->inout_p += strlen(Np->inout_p);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:5338:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(VARDATA(result));	\
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:5459:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			numstr = (char *) palloc(strlen(orgnum) + 2);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:5509:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			numstr_pre_len = strlen(numstr);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:5591:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		numstr_pre_len = strlen(orgnum);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:5666:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			numstr = (char *) palloc(strlen(orgnum) + 2);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:5701:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		numstr_pre_len = strlen(orgnum);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:5794:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		numstr_pre_len = strlen(orgnum);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:5817:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			numstr_pre_len = strlen(numstr);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:5897:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		numstr_pre_len = strlen(orgnum);
data/postgresql-12-12.4/src/backend/utils/adt/formatting.c:5920:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			numstr_pre_len = strlen(numstr);
data/postgresql-12-12.4/src/backend/utils/adt/inet_cidr_ntop.c:35:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define SPRINTF(x) strlen(sprintf/**/x)
data/postgresql-12-12.4/src/backend/utils/adt/inet_cidr_ntop.c:285:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(outbuf) + 1 > size)
data/postgresql-12-12.4/src/backend/utils/adt/json.c:1499:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!key_scalar && IsValidJsonNumber(outputstr, strlen(outputstr)))
data/postgresql-12-12.4/src/backend/utils/adt/json.c:2161:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			addlen = strlen(addon);
data/postgresql-12-12.4/src/backend/utils/adt/jsonb.c:101:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return jsonb_from_cstring(json, strlen(json));
data/postgresql-12-12.4/src/backend/utils/adt/jsonb.c:316:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	v.val.string.len = checkStringLen(strlen(fname));
data/postgresql-12-12.4/src/backend/utils/adt/jsonb.c:365:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			v.val.string.len = checkStringLen(strlen(token));
data/postgresql-12-12.4/src/backend/utils/adt/jsonb.c:759:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					jb.val.string.len = strlen(outputstr);
data/postgresql-12-12.4/src/backend/utils/adt/jsonb.c:774:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					jb.val.string.len = strlen(outputstr);
data/postgresql-12-12.4/src/backend/utils/adt/jsonb.c:801:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						jb.val.string.len = strlen(outputstr);
data/postgresql-12-12.4/src/backend/utils/adt/jsonb.c:809:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				jb.val.string.len = strlen(jb.val.string.val);
data/postgresql-12-12.4/src/backend/utils/adt/jsonb.c:814:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				jb.val.string.len = strlen(jb.val.string.val);
data/postgresql-12-12.4/src/backend/utils/adt/jsonb.c:819:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				jb.val.string.len = strlen(jb.val.string.val);
data/postgresql-12-12.4/src/backend/utils/adt/jsonb.c:881:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				jb.val.string.len = checkStringLen(strlen(outputstr));
data/postgresql-12-12.4/src/backend/utils/adt/jsonb.c:1054:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		v.val.string.len = strlen(attname);
data/postgresql-12-12.4/src/backend/utils/adt/jsonb.c:1316:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(str);
data/postgresql-12-12.4/src/backend/utils/adt/jsonb.c:1332:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = strlen(str);
data/postgresql-12-12.4/src/backend/utils/adt/jsonb.c:1411:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(str);
data/postgresql-12-12.4/src/backend/utils/adt/jsonb.c:1427:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = strlen(str);
data/postgresql-12-12.4/src/backend/utils/adt/jsonb_gin.c:1395:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			item = make_text_key(JGINFLAG_NUM, cstr, strlen(cstr));
data/postgresql-12-12.4/src/backend/utils/adt/jsonfuncs.c:2657:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							: strlen(jsv->val.json.str));
data/postgresql-12-12.4/src/backend/utils/adt/jsonfuncs.c:2693:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
									: strlen(jsv->val.json.str),
data/postgresql-12-12.4/src/backend/utils/adt/jsonfuncs.c:3089:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
										   field, strlen(field));
data/postgresql-12-12.4/src/backend/utils/adt/jsonfuncs.c:3457:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(fname) >= NAMEDATALEN)
data/postgresql-12-12.4/src/backend/utils/adt/jsonfuncs.c:3884:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(fname) >= NAMEDATALEN)
data/postgresql-12-12.4/src/backend/utils/adt/jsonfuncs.c:5087:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					action(state, val, strlen(val));
data/postgresql-12-12.4/src/backend/utils/adt/jsonfuncs.c:5144:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				_state->action(_state->action_state, token, strlen(token));
data/postgresql-12-12.4/src/backend/utils/adt/jsonfuncs.c:5148:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				_state->action(_state->action_state, token, strlen(token));
data/postgresql-12-12.4/src/backend/utils/adt/jsonfuncs.c:5153:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				_state->action(_state->action_state, token, strlen(token));
data/postgresql-12-12.4/src/backend/utils/adt/jsonfuncs.c:5170:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		_state->action(_state->action_state, val, strlen(val));
data/postgresql-12-12.4/src/backend/utils/adt/jsonfuncs.c:5322:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		text	   *out = _state->action(_state->action_state, token, strlen(token));
data/postgresql-12-12.4/src/backend/utils/adt/jsonpath.c:96:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			len = strlen(in);
data/postgresql-12-12.4/src/backend/utils/adt/jsonpath_exec.c:917:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				jbv->val.string.len = strlen(jbv->val.string.val);
data/postgresql-12-12.4/src/backend/utils/adt/jsonpath_exec.c:2013:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		utf8len1 = (mbstr1 == utf8str1) ? mblen1 : strlen(utf8str1);
data/postgresql-12-12.4/src/backend/utils/adt/jsonpath_exec.c:2014:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		utf8len2 = (mbstr2 == utf8str2) ? mblen2 : strlen(utf8str2);
data/postgresql-12-12.4/src/backend/utils/adt/jsonpath_gram.c:956:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#   define yystrlen strlen
data/postgresql-12-12.4/src/backend/utils/adt/jsonpath_scan.c:2577:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			     (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/postgresql-12-12.4/src/backend/utils/adt/jsonpath_scan.c:3762:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return yy_scan_bytes( yystr, (int) strlen(yystr) );
data/postgresql-12-12.4/src/backend/utils/adt/jsonpath_scan.c:4097:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		slen = strlen(str);
data/postgresql-12-12.4/src/backend/utils/adt/like.c:253:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	slen = strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/like.c:274:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	slen = strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/like_support.c:981:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pattlen = strlen(patt);
data/postgresql-12-12.4/src/backend/utils/adt/like_support.c:1073:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			*rest_selec = regex_selectivity(patt, strlen(patt),
data/postgresql-12-12.4/src/backend/utils/adt/like_support.c:1095:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			*rest_selec = regex_selectivity(patt, strlen(patt),
data/postgresql-12-12.4/src/backend/utils/adt/like_support.c:1097:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
											strlen(prefix));
data/postgresql-12-12.4/src/backend/utils/adt/like_support.c:1551:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(workstr);
data/postgresql-12-12.4/src/backend/utils/adt/mac.c:71:10:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	count = sscanf(str, "%x:%x:%x:%x:%x:%x%1s",
data/postgresql-12-12.4/src/backend/utils/adt/mac.c:74:11:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
		count = sscanf(str, "%x-%x-%x-%x-%x-%x%1s",
data/postgresql-12-12.4/src/backend/utils/adt/mac.c:77:11:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
		count = sscanf(str, "%2x%2x%2x:%2x%2x%2x%1s",
data/postgresql-12-12.4/src/backend/utils/adt/mac.c:80:11:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
		count = sscanf(str, "%2x%2x%2x-%2x%2x%2x%1s",
data/postgresql-12-12.4/src/backend/utils/adt/mac.c:83:11:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
		count = sscanf(str, "%2x%2x.%2x%2x.%2x%2x%1s",
data/postgresql-12-12.4/src/backend/utils/adt/mac.c:86:11:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
		count = sscanf(str, "%2x%2x-%2x%2x-%2x%2x%1s",
data/postgresql-12-12.4/src/backend/utils/adt/mac.c:89:11:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
		count = sscanf(str, "%2x%2x%2x%2x%2x%2x%1s",
data/postgresql-12-12.4/src/backend/utils/adt/misc.c:640:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				memmove(endp, endp + 1, strlen(endp));
data/postgresql-12-12.4/src/backend/utils/adt/name.c:54:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(s);
data/postgresql-12-12.4/src/backend/utils/adt/name.c:112:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	pq_sendtext(&buf, NameStr(*s), strlen(NameStr(*s)));
data/postgresql-12-12.4/src/backend/utils/adt/name.c:142:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return varstr_cmp(NameStr(*arg1), strlen(NameStr(*arg1)),
data/postgresql-12-12.4/src/backend/utils/adt/name.c:143:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					  NameStr(*arg2), strlen(NameStr(*arg2)),
data/postgresql-12-12.4/src/backend/utils/adt/name.c:387:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	namlen = strlen(NameStr(*nam));
data/postgresql-12-12.4/src/backend/utils/adt/network.c:132:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(tmp);
data/postgresql-12-12.4/src/backend/utils/adt/network.c:830:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(tmp);
data/postgresql-12-12.4/src/backend/utils/adt/numeric.c:783:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		last = strlen(str) - 1;
data/postgresql-12-12.4/src/backend/utils/adt/numeric.c:5809:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	decdigits = (unsigned char *) palloc(strlen(cp) + DEC_DIGITS * 2);
data/postgresql-12-12.4/src/backend/utils/adt/numeric.c:6224:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(sig_out) + 13;
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:465:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	pstr = pg_any_to_server(*str, strlen(*str), encoding);
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:754:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ptr = pg_any_to_server(src, strlen(src), encoding);
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:1037:4:  [1] (buffer) wcscat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Risk is low because the source is a constant
  character.
			wcscat(test_locale, L"_");
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:1038:10:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = wcslen(test_locale);
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:1146:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
		strcpy(iso_lc_messages, "C");
data/postgresql-12-12.4/src/backend/utils/adt/pg_locale.c:1840:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char	   *str = asc_tolower(loc, strlen(loc));
data/postgresql-12-12.4/src/backend/utils/adt/pseudotypes.c:82:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	pq_sendtext(&buf, str, strlen(str));
data/postgresql-12-12.4/src/backend/utils/adt/quote.c:108:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(rawstr);
data/postgresql-12-12.4/src/backend/utils/adt/rangetypes.c:2060:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					   strlen(RANGE_EMPTY_LITERAL)) == 0)
data/postgresql-12-12.4/src/backend/utils/adt/rangetypes.c:2066:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ptr += strlen(RANGE_EMPTY_LITERAL);
data/postgresql-12-12.4/src/backend/utils/adt/rangetypes.c:2477:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		data_length = strlen(DatumGetCString(datum)) + 1;
data/postgresql-12-12.4/src/backend/utils/adt/rangetypes_selfuncs.c:42:19:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
										   bool equal);
data/postgresql-12-12.4/src/backend/utils/adt/rangetypes_selfuncs.c:44:50:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
						   RangeBound *hist, int hist_length, bool equal);
data/postgresql-12-12.4/src/backend/utils/adt/rangetypes_selfuncs.c:51:53:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
								int length_hist_nvalues, double value, bool equal);
data/postgresql-12-12.4/src/backend/utils/adt/rangetypes_selfuncs.c:53:72:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
									int length_hist_nvalues, double length1, double length2, bool equal);
data/postgresql-12-12.4/src/backend/utils/adt/rangetypes_selfuncs.c:597:50:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
							 RangeBound *hist, int hist_nvalues, bool equal)
data/postgresql-12-12.4/src/backend/utils/adt/rangetypes_selfuncs.c:606:67:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	index = rbound_bsearch(typcache, constbound, hist, hist_nvalues, equal);
data/postgresql-12-12.4/src/backend/utils/adt/rangetypes_selfuncs.c:629:29:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			   int hist_length, bool equal)
data/postgresql-12-12.4/src/backend/utils/adt/rangetypes_selfuncs.c:641:19:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (cmp < 0 || (equal && cmp == 0))
data/postgresql-12-12.4/src/backend/utils/adt/rangetypes_selfuncs.c:658:25:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
					double value, bool equal)
data/postgresql-12-12.4/src/backend/utils/adt/rangetypes_selfuncs.c:671:29:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (middleval < value || (equal && middleval <= value))
data/postgresql-12-12.4/src/backend/utils/adt/rangetypes_selfuncs.c:856:45:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
					  double length1, double length2, bool equal)
data/postgresql-12-12.4/src/backend/utils/adt/rangetypes_selfuncs.c:873:24:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	if (isinf(length2) && equal)
data/postgresql-12-12.4/src/backend/utils/adt/rangetypes_selfuncs.c:915:76:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	i = length_hist_bsearch(length_hist_values, length_hist_nvalues, length1, equal);
data/postgresql-12-12.4/src/backend/utils/adt/rangetypes_selfuncs.c:953:33:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (!(bin_upper < length2 || (equal && bin_upper <= length2)))
data/postgresql-12-12.4/src/backend/utils/adt/regexp.c:447:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
										  strlen(NameStr(*n)),
data/postgresql-12-12.4/src/backend/utils/adt/regexp.c:461:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
										   strlen(NameStr(*n)),
data/postgresql-12-12.4/src/backend/utils/adt/regexp.c:510:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
										  strlen(NameStr(*n)),
data/postgresql-12-12.4/src/backend/utils/adt/regexp.c:524:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
										   strlen(NameStr(*n)),
data/postgresql-12-12.4/src/backend/utils/adt/regproc.c:76:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strspn(pro_name_or_oid, "0123456789") == strlen(pro_name_or_oid))
data/postgresql-12-12.4/src/backend/utils/adt/regproc.c:247:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strspn(pro_name_or_oid, "0123456789") == strlen(pro_name_or_oid))
data/postgresql-12-12.4/src/backend/utils/adt/regproc.c:497:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strspn(opr_name_or_oid, "0123456789") == strlen(opr_name_or_oid))
data/postgresql-12-12.4/src/backend/utils/adt/regproc.c:606:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				result = (char *) palloc(strlen(nspname) + strlen(oprname) + 2);
data/postgresql-12-12.4/src/backend/utils/adt/regproc.c:606:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				result = (char *) palloc(strlen(nspname) + strlen(oprname) + 2);
data/postgresql-12-12.4/src/backend/utils/adt/regproc.c:670:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strspn(opr_name_or_oid, "0123456789") == strlen(opr_name_or_oid))
data/postgresql-12-12.4/src/backend/utils/adt/regproc.c:916:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strspn(class_name_or_oid, "0123456789") == strlen(class_name_or_oid))
data/postgresql-12-12.4/src/backend/utils/adt/regproc.c:1074:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strspn(typ_name_or_oid, "0123456789") == strlen(typ_name_or_oid))
data/postgresql-12-12.4/src/backend/utils/adt/regproc.c:1210:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strspn(cfg_name_or_oid, "0123456789") == strlen(cfg_name_or_oid))
data/postgresql-12-12.4/src/backend/utils/adt/regproc.c:1321:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strspn(dict_name_or_oid, "0123456789") == strlen(dict_name_or_oid))
data/postgresql-12-12.4/src/backend/utils/adt/regproc.c:1432:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strspn(role_name_or_oid, "0123456789") == strlen(role_name_or_oid))
data/postgresql-12-12.4/src/backend/utils/adt/regproc.c:1557:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strspn(nsp_name_or_oid, "0123456789") == strlen(nsp_name_or_oid))
data/postgresql-12-12.4/src/backend/utils/adt/regproc.c:1770:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ptr2 = ptr + strlen(ptr);
data/postgresql-12-12.4/src/backend/utils/adt/ri_triggers.c:1809:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	buffer += strlen(buffer);
data/postgresql-12-12.4/src/backend/utils/adt/ruleutils.c:3502:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				int			refnamelen = strlen(refname);
data/postgresql-12-12.4/src/backend/utils/adt/ruleutils.c:3518:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						if (strlen(modname) < NAMEDATALEN)
data/postgresql-12-12.4/src/backend/utils/adt/ruleutils.c:4382:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int			colnamelen = strlen(colname);
data/postgresql-12-12.4/src/backend/utils/adt/ruleutils.c:4398:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (strlen(modname) < NAMEDATALEN)
data/postgresql-12-12.4/src/backend/utils/adt/ruleutils.c:4899:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(ev_qual) > 0 && strcmp(ev_qual, "<>") != 0)
data/postgresql-12-12.4/src/backend/utils/adt/ruleutils.c:5689:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					((strlen(trailing_nl) + targetbuf.len > context->wrapColumn) ||
data/postgresql-12-12.4/src/backend/utils/adt/ruleutils.c:7513:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(op) == 1)
data/postgresql-12-12.4/src/backend/utils/adt/ruleutils.c:9582:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strcspn(extval, "eE.") != strlen(extval))
data/postgresql-12-12.4/src/backend/utils/adt/ruleutils.c:10006:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if (strlen(trailing_nl) + itembuf.len > context->wrapColumn)
data/postgresql-12-12.4/src/backend/utils/adt/ruleutils.c:10703:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	result = (char *) palloc(strlen(ident) + nquotes + 2 + 1);
data/postgresql-12-12.4/src/backend/utils/adt/selfuncs.c:3009:7:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (equal(var, varinfo->var))
data/postgresql-12-12.4/src/backend/utils/adt/selfuncs.c:4076:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			slen = strlen(value);
data/postgresql-12-12.4/src/backend/utils/adt/selfuncs.c:4620:10:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
					if (equal(node, indexkey))
data/postgresql-12-12.4/src/backend/utils/adt/timestamp.c:503:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
											   strlen(tzname),
data/postgresql-12-12.4/src/backend/utils/adt/timestamp.c:4113:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
										   strlen(tzname),
data/postgresql-12-12.4/src/backend/utils/adt/timestamp.c:5042:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
										   strlen(tzname),
data/postgresql-12-12.4/src/backend/utils/adt/timestamp.c:5255:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
										   strlen(tzname),
data/postgresql-12-12.4/src/backend/utils/adt/tsgistidx.c:98:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		outbuf_maxlen = 2 * EXTRALEN + Max(strlen(SINGOUTSTR), strlen(ARROUTSTR)) + 1;
data/postgresql-12-12.4/src/backend/utils/adt/tsgistidx.c:98:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		outbuf_maxlen = 2 * EXTRALEN + Max(strlen(SINGOUTSTR), strlen(ARROUTSTR)) + 1;
data/postgresql-12-12.4/src/backend/utils/adt/tsquery.c:535:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	*lenval = strlen(state->buf);
data/postgresql-12-12.4/src/backend/utils/adt/tsquery.c:1255:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			val_len = strlen(val);
data/postgresql-12-12.4/src/backend/utils/adt/tsvector.c:477:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		lex_len = strlen(lexeme);
data/postgresql-12-12.4/src/backend/utils/adt/varbit.c:189:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	slen = strlen(sp);
data/postgresql-12-12.4/src/backend/utils/adt/varbit.c:490:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	slen = strlen(sp);
data/postgresql-12-12.4/src/backend/utils/adt/varchar.c:205:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	result = bpchar_input(s, strlen(s), atttypmod);
data/postgresql-12-12.4/src/backend/utils/adt/varchar.c:499:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	result = varchar_input(s, strlen(s), atttypmod);
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:173:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return cstring_to_text_with_len(s, strlen(s));
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:288:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_t		len = strlen(inputText);
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:631:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	pq_sendtext(&buf, str, strlen(str));
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:2247:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return varstrfastcmp_locale(NameStr(*arg1), strlen(NameStr(*arg1)),
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:2248:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
								NameStr(*arg2), strlen(NameStr(*arg2)),
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:2820:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t		len1 = strlen(NameStr(*arg1));
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:2846:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t		len2 = strlen(NameStr(*arg2));
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:2870:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t		len1 = strlen(NameStr(*arg1));
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:2896:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t		len2 = strlen(NameStr(*arg2));
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:2922:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	result = varstr_cmp(NameStr(*arg1), strlen(NameStr(*arg1)),
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:2939:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						NameStr(*arg2), strlen(NameStr(*arg2)),
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:3686:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				memmove(endp, endp + 1, strlen(endp));
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:3717:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			Assert(strlen(downname) <= len);
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:3718:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(curname, downname, len);	/* strncpy is required here */
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:3741:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		truncate_identifier(curname, strlen(curname), false);
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:3813:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				memmove(endp, endp + 1, strlen(endp));
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:3853:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(curname) >= MAXPGPATH)
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:3934:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				memmove(endp, endp + 1, strlen(endp));
data/postgresql-12-12.4/src/backend/utils/adt/varlena.c:5083:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		result = strlen(DatumGetCString(value)) + 1;
data/postgresql-12-12.4/src/backend/utils/adt/xml.c:298:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t		len = strlen(str);
data/postgresql-12-12.4/src/backend/utils/adt/xml.c:431:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	pq_sendtext(&buf, outval, strlen(outval));
data/postgresql-12-12.4/src/backend/utils/adt/xml.c:2100:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	result = pg_any_to_server(utf8string, strlen(utf8string), PG_UTF8);
data/postgresql-12-12.4/src/backend/utils/adt/xml.c:2405:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t		len = strlen(s) + 1;
data/postgresql-12-12.4/src/backend/utils/adt/xml.c:2648:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(targetns) > 0)
data/postgresql-12-12.4/src/backend/utils/adt/xml.c:2654:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(targetns) > 0)
data/postgresql-12-12.4/src/backend/utils/adt/xml.c:2917:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(targetns) > 0)
data/postgresql-12-12.4/src/backend/utils/adt/xml.c:4426:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	length = strlen(str);
data/postgresql-12-12.4/src/backend/utils/adt/xml.c:4476:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						   pg_xmlCharStrndup(name, strlen(name)),
data/postgresql-12-12.4/src/backend/utils/adt/xml.c:4477:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						   pg_xmlCharStrndup(uri, strlen(uri))))
data/postgresql-12-12.4/src/backend/utils/adt/xml.c:4503:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	xstr = pg_xmlCharStrndup(path, strlen(path));
data/postgresql-12-12.4/src/backend/utils/adt/xml.c:4534:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	xstr = pg_xmlCharStrndup(path, strlen(path));
data/postgresql-12-12.4/src/backend/utils/cache/catcache.c:143:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return hash_any((unsigned char *) key, strlen(key));
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:922:9:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			if (!equal(rule1->qual, rule2->qual))
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:924:9:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			if (!equal(rule1->actions, rule2->actions))
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:968:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (!equal(policy1->qual, policy2->qual))
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:970:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (!equal(policy1->with_check_qual, policy2->with_check_qual))
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:4969:6:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	if (equal(indexoidlist, newindexoidlist) &&
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:6074:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strspn(de->d_name, "0123456789") == strlen(de->d_name))
data/postgresql-12-12.4/src/backend/utils/cache/relcache.c:6099:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strspn(de->d_name, "0123456789") == strlen(de->d_name))
data/postgresql-12-12.4/src/backend/utils/cache/relmapper.c:735:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	r = read(fd, map, sizeof(RelMapFile));
data/postgresql-12-12.4/src/backend/utils/error/elog.c:1949:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(line);
data/postgresql-12-12.4/src/backend/utils/error/elog.c:3406:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		write_eventlog(ERROR, errbuf, strlen(errbuf));
data/postgresql-12-12.4/src/backend/utils/error/elog.c:3411:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		write_console(errbuf, strlen(errbuf));
data/postgresql-12-12.4/src/backend/utils/fmgr/dfmgr.c:226:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			malloc(offsetof(DynamicFileList, filename) + strlen(libname) + 1);
data/postgresql-12-12.4/src/backend/utils/fmgr/dfmgr.c:603:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		sep_ptr = name + strlen(name);
data/postgresql-12-12.4/src/backend/utils/fmgr/dfmgr.c:605:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen("$libdir") != sep_ptr - name ||
data/postgresql-12-12.4/src/backend/utils/fmgr/dfmgr.c:606:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncmp(name, "$libdir", strlen("$libdir")) != 0)
data/postgresql-12-12.4/src/backend/utils/fmgr/dfmgr.c:633:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(p) == 0)
data/postgresql-12-12.4/src/backend/utils/fmgr/dfmgr.c:636:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	baselen = strlen(basename);
data/postgresql-12-12.4/src/backend/utils/fmgr/dfmgr.c:652:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = strlen(p);
data/postgresql-12-12.4/src/backend/utils/fmgr/dfmgr.c:670:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		full = palloc(strlen(mangled) + 1 + baselen + 1);
data/postgresql-12-12.4/src/backend/utils/fmgr/dfmgr.c:754:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size = add_size(size, strlen(file_scanner->filename) + 1);
data/postgresql-12-12.4/src/backend/utils/fmgr/dfmgr.c:790:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		start_address += strlen(start_address) + 1;
data/postgresql-12-12.4/src/backend/utils/hash/dynahash.c:349:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	hashp = (HTAB *) DynaHashAlloc(sizeof(HTAB) + strlen(tabname) + 1);
data/postgresql-12-12.4/src/backend/utils/hash/hashfn.c:670:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	Size		s_len = strlen((const char *) key);
data/postgresql-12-12.4/src/backend/utils/init/miscinit.c:179:2:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	umask(pg_mode_mask);
data/postgresql-12-12.4/src/backend/utils/init/miscinit.c:965:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if ((len = read(fd, buffer, sizeof(buffer) - 1)) < 0)
data/postgresql-12-12.4/src/backend/utils/init/miscinit.c:1113:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (write(fd, buffer, strlen(buffer)) != strlen(buffer))
data/postgresql-12-12.4/src/backend/utils/init/miscinit.c:1113:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (write(fd, buffer, strlen(buffer)) != strlen(buffer))
data/postgresql-12-12.4/src/backend/utils/init/miscinit.c:1234:4:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			read(fd, buffer, sizeof(buffer));
data/postgresql-12-12.4/src/backend/utils/init/miscinit.c:1274:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	len = read(fd, srcbuffer, sizeof(srcbuffer) - 1);
data/postgresql-12-12.4/src/backend/utils/init/miscinit.c:1317:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	destptr += strlen(destptr);
data/postgresql-12-12.4/src/backend/utils/init/miscinit.c:1333:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(destbuffer);
data/postgresql-12-12.4/src/backend/utils/init/miscinit.c:1417:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	len = read(fd, buffer, sizeof(buffer) - 1);
data/postgresql-12-12.4/src/backend/utils/init/miscinit.c:1485:8:  [1] (buffer) fscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	ret = fscanf(file, "%63s", file_version_string);
data/postgresql-12-12.4/src/backend/utils/init/postinit.c:1113:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		maxac = 2 + (strlen(port->cmdline_options) + 1) / 2;
data/postgresql-12-12.4/src/backend/utils/mb/conversion_procs/euc_tw_and_big5/euc_tw_and_big5.c:57:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	mic2big5(buf, dest, strlen((char *) buf));
data/postgresql-12-12.4/src/backend/utils/mb/conversion_procs/euc_tw_and_big5/euc_tw_and_big5.c:75:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	mic2euc_tw(buf, dest, strlen((char *) buf));
data/postgresql-12-12.4/src/backend/utils/mb/encnames.c:564:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(name) >= NAMEDATALEN)
data/postgresql-12-12.4/src/backend/utils/mb/mbutils.c:393:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		Size		resultlen = strlen((char *) result);
data/postgresql-12-12.4/src/backend/utils/mb/mbutils.c:502:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(dest_str);
data/postgresql-12-12.4/src/backend/utils/mb/mbutils.c:748:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		Size		resultlen = strlen(result);
data/postgresql-12-12.4/src/backend/utils/mb/mbutils.c:768:104:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return pg_wchar_table[DatabaseEncoding->encoding].mb2wchar_with_len((const unsigned char *) from, to, strlen(from));
data/postgresql-12-12.4/src/backend/utils/mb/mbutils.c:830:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		return strlen(mbstr);
data/postgresql-12-12.4/src/backend/utils/mb/mbutils.c:1136:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				len = strlen(utf8);
data/postgresql-12-12.4/src/backend/utils/mb/wchar.c:2058:9:  [1] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source is a constant character.
			p += sprintf(p, " ");
data/postgresql-12-12.4/src/backend/utils/mb/wchar.c:2091:9:  [1] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source is a constant character.
			p += sprintf(p, " ");
data/postgresql-12-12.4/src/backend/utils/misc/guc-file.c:919:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			     (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/postgresql-12-12.4/src/backend/utils/misc/guc-file.c:1865:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return yy_scan_bytes( yystr, (int) strlen(yystr) );
data/postgresql-12-12.4/src/backend/utils/misc/guc-file.c:2577:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strspn(config_file, " \t\r\n") == strlen(config_file))
data/postgresql-12-12.4/src/backend/utils/misc/guc-file.c:2980:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strspn(includedir, " \t\r\n") == strlen(includedir))
data/postgresql-12-12.4/src/backend/utils/misc/guc-file.c:3031:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(de->d_name) < 6)
data/postgresql-12-12.4/src/backend/utils/misc/guc-file.c:3035:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strcmp(de->d_name + strlen(de->d_name) - 5, ".conf") != 0)
data/postgresql-12-12.4/src/backend/utils/misc/guc-file.c:3155:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(s);
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:5363:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						   strlen(configdir) + strlen(CONFIG_FILENAME) + 2);
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:5363:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						   strlen(configdir) + strlen(CONFIG_FILENAME) + 2);
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:5456:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						   strlen(configdir) + strlen(HBA_FILENAME) + 2);
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:5456:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						   strlen(configdir) + strlen(HBA_FILENAME) + 2);
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:5479:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						   strlen(configdir) + strlen(IDENT_FILENAME) + 2);
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:5479:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						   strlen(configdir) + strlen(IDENT_FILENAME) + 2);
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:6467:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	seplen = strlen(separator);
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:6630:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
										strlen(newval->stringval),
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:8704:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			classLen = strlen(className);
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:9771:13:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if ((ch = fgetc(fp)) == EOF)
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:9908:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size = strlen(gconf->name) + 1;
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:9958:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					valsize = strlen(*conf->variable);
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:9968:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				valsize = strlen(config_enum_lookup_by_value(conf, *conf->variable));
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:9977:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size = add_size(size, strlen(gconf->sourcefile));
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:10439:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strncmp(current, newval, strlen(name) + 1) == 0)
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:10510:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strncmp(val, name, strlen(name)) == 0
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:10511:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			&& val[strlen(name)] == '=')
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:11379:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	dname = guc_malloc(ERROR, strlen(newval) + 1);	/* runtime dir */
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:11383:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	tname = guc_malloc(ERROR, strlen(newval) + 12); /* /global.tmp */
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:11385:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	fname = guc_malloc(ERROR, strlen(newval) + 13); /* /global.stat */
data/postgresql-12-12.4/src/backend/utils/misc/guc.c:11647:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(*newval) >= MAXFNAMELEN)
data/postgresql-12-12.4/src/backend/utils/misc/ps_status.c:148:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				end_of_area = argv[i] + strlen(argv[i]);
data/postgresql-12-12.4/src/backend/utils/misc/ps_status.c:164:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				end_of_area = environ[i] + strlen(environ[i]);
data/postgresql-12-12.4/src/backend/utils/misc/ps_status.c:318:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ps_buffer_cur_len = ps_buffer_fixed_size = strlen(ps_buffer);
data/postgresql-12-12.4/src/backend/utils/misc/ps_status.c:351:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ps_buffer_cur_len = strlen(ps_buffer);
data/postgresql-12-12.4/src/backend/utils/misc/tzparser.c:59:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(tzentry->abbrev) > TOKMAXLEN)
data/postgresql-12-12.4/src/backend/utils/misc/tzparser.c:373:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(tzbuf) == sizeof(tzbuf) - 1)
data/postgresql-12-12.4/src/backend/utils/misc/tzparser.c:391:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (pg_strncasecmp(line, "@INCLUDE", strlen("@INCLUDE")) == 0)
data/postgresql-12-12.4/src/backend/utils/misc/tzparser.c:394:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			char	   *includeFile = pstrdup(line + strlen("@INCLUDE"));
data/postgresql-12-12.4/src/backend/utils/misc/tzparser.c:410:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (pg_strncasecmp(line, "@OVERRIDE", strlen("@OVERRIDE")) == 0)
data/postgresql-12-12.4/src/backend/utils/mmgr/mcxt.c:612:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int			idlen = strlen(ident);
data/postgresql-12-12.4/src/backend/utils/mmgr/mcxt.c:1151:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	Size		len = strlen(string) + 1;
data/postgresql-12-12.4/src/backend/utils/mmgr/mcxt.c:1193:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(in);
data/postgresql-12-12.4/src/backend/utils/sort/sharedtuplestore.c:145:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(name) > sizeof(sts->name) - 1)
data/postgresql-12-12.4/src/backend/utils/time/snapmgr.c:1359:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return pstrdup(path + strlen(SNAPSHOT_EXPORT_DIR) + 1);
data/postgresql-12-12.4/src/backend/utils/time/snapmgr.c:1385:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			prefixlen = strlen(prefix);
data/postgresql-12-12.4/src/backend/utils/time/snapmgr.c:1410:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			prefixlen = strlen(prefix);
data/postgresql-12-12.4/src/backend/utils/time/snapmgr.c:1436:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			prefixlen = strlen(prefix);
data/postgresql-12-12.4/src/backend/utils/time/snapmgr.c:1503:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strspn(idstr, "0123456789ABCDEF-") != strlen(idstr))
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:73:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(fullname) + 1 + strlen(name) >= MAXPGPATH)
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:73:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(fullname) + 1 + strlen(name) >= MAXPGPATH)
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:75:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(fullname, "/");
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:95:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(name) > TZ_STRLEN_MAX)
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:412:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	scan_available_timezones(tmptzdir, tmptzdir + strlen(tmptzdir) + 1,
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:591:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strlen(cur_name) <= TZ_STRLEN_MAX &&
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:659:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			tzdir_orig_len = strlen(tzdir);
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:713:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					 (strlen(tzdirsub) < strlen(bestzonename) ||
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:713:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					 (strlen(tzdirsub) < strlen(bestzonename) ||
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:714:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					  (strlen(tzdirsub) == strlen(bestzonename) &&
data/postgresql-12-12.4/src/bin/initdb/findtimezone.c:714:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					  (strlen(tzdirsub) == strlen(bestzonename) &&
data/postgresql-12-12.4/src/bin/initdb/initdb.c:371:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	result = (char *) pg_malloc(strlen(data) + 3 + nquotes * 3);
data/postgresql-12-12.4/src/bin/initdb/initdb.c:413:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	toklen = strlen(token);
data/postgresql-12-12.4/src/bin/initdb/initdb.c:414:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	replen = strlen(replacement);
data/postgresql-12-12.4/src/bin/initdb/initdb.c:432:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		newline = (char *) pg_malloc(strlen(lines[i]) + diff + 1);
data/postgresql-12-12.4/src/bin/initdb/initdb.c:501:14:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	while ((c = fgetc(infile)) != EOF)
data/postgresql-12-12.4/src/bin/initdb/initdb.c:1550:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		i = strlen(pwd1);
data/postgresql-12-12.4/src/bin/initdb/initdb.c:1949:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ptr = vstr + (strlen(vstr) - 1);
data/postgresql-12-12.4/src/bin/initdb/initdb.c:2453:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (pgdata_get_env && strlen(pgdata_get_env))
data/postgresql-12-12.4/src/bin/initdb/initdb.c:2924:2:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	umask(pg_mode_mask);
data/postgresql-12-12.4/src/bin/pg_archivecleanup/pg_archivecleanup.c:83:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	elen = strlen(extension);
data/postgresql-12-12.4/src/bin/pg_archivecleanup/pg_archivecleanup.c:84:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	flen = strlen(filename);
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:408:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			r = read(bgpipe[0], xlogend, sizeof(xlogend) - 1);
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:763:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					(int) strlen(totalsize_str),
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:769:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			bool		truncate = (strlen(filename) > VERBOSE_FILENAME_LENGTH);
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:775:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					(int) strlen(totalsize_str),
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:783:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					truncate ? filename + strlen(filename) - VERBOSE_FILENAME_LENGTH + 3 : filename);
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:791:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				(int) strlen(totalsize_str),
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:988:4:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
			strcpy(filename, "-");
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:1493:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (filename[strlen(filename) - 1] == '/')
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:1503:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					filename[strlen(filename) - 1] = '\0';	/* Remove trailing slash */
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:1545:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					filename[strlen(filename) - 1] = '\0';	/* Remove trailing slash */
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:2082:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (write(bgpipe[1], xlogend, strlen(xlogend)) != strlen(xlogend))
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:2082:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (write(bgpipe[1], xlogend, strlen(xlogend)) != strlen(xlogend))
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_basebackup.c:2522:2:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	umask(pg_mode_mask);
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_receivewal.c:68:3:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	(strlen(fname) == XLOG_FNAME_LEN + strlen(".gz") && \
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_receivewal.c:68:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	(strlen(fname) == XLOG_FNAME_LEN + strlen(".gz") && \
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_receivewal.c:72:3:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	(strlen(fname) == XLOG_FNAME_LEN + strlen(".gz.partial") && \
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_receivewal.c:72:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	(strlen(fname) == XLOG_FNAME_LEN + strlen(".gz.partial") && \
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_receivewal.c:301:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			r = read(fd, (char *) buf, sizeof(buf));
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_receivewal.c:708:2:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	umask(pg_mode_mask);
data/postgresql-12-12.4/src/bin/pg_basebackup/pg_recvlogical.c:962:2:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	umask(pg_mode_mask);
data/postgresql-12-12.4/src/bin/pg_basebackup/receivelog.c:264:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			size = strlen(content);
data/postgresql-12-12.4/src/bin/pg_basebackup/walmethods.c:1000:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	tar_data->tarfilename = pg_malloc0(strlen(tarbase) + strlen(suffix) + 1);
data/postgresql-12-12.4/src/bin/pg_basebackup/walmethods.c:1000:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	tar_data->tarfilename = pg_malloc0(strlen(tarbase) + strlen(suffix) + 1);
data/postgresql-12-12.4/src/bin/pg_checksums/pg_checksums.c:161:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(int) strlen(current_size_str), current_size_str, total_size_str,
data/postgresql-12-12.4/src/bin/pg_checksums/pg_checksums.c:175:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int			cmplen = strlen(skip[excludeIdx].name);
data/postgresql-12-12.4/src/bin/pg_checksums/pg_checksums.c:212:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		int			r = read(f, buf.data, BLCKSZ);
data/postgresql-12-12.4/src/bin/pg_checksums/pg_checksums.c:321:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					strlen(PG_TEMP_FILE_PREFIX)) == 0)
data/postgresql-12-12.4/src/bin/pg_checksums/pg_checksums.c:327:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					strlen(PG_TEMP_FILES_DIR)) == 0)
data/postgresql-12-12.4/src/bin/pg_checksums/pg_checksums.c:395:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strncmp("pg_tblspc", subdir, strlen("pg_tblspc")) == 0)
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:361:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	len = read(fd, buffer, statbuf.st_size + 1);
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:1483:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(cmdPath) < 4 ||
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:1484:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pg_strcasecmp(cmdPath + strlen(cmdPath) - 4, ".exe") != 0)
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:1485:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		snprintf(cmdPath + strlen(cmdPath), sizeof(cmdPath) - strlen(cmdPath),
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:1485:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		snprintf(cmdPath + strlen(cmdPath), sizeof(cmdPath) - strlen(cmdPath),
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:2320:2:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	umask(PG_MODE_MASK_OWNER);
data/postgresql-12-12.4/src/bin/pg_ctl/pg_ctl.c:2566:4:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
			umask(pg_mode_mask);
data/postgresql-12-12.4/src/bin/pg_dump/compress_io.c:633:9:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		ret = fgetc(fp->uncompressedfp);
data/postgresql-12-12.4/src/bin/pg_dump/compress_io.c:710:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			filenamelen = strlen(filename);
data/postgresql-12-12.4/src/bin/pg_dump/compress_io.c:711:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			suffixlen = strlen(suffix);
data/postgresql-12-12.4/src/bin/pg_dump/dumputils.c:77:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(acls) == 0 && strlen(racls) == 0)
data/postgresql-12-12.4/src/bin/pg_dump/dumputils.c:77:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(acls) == 0 && strlen(racls) == 0)
data/postgresql-12-12.4/src/bin/pg_dump/dumputils.c:84:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(acls) != 0)
data/postgresql-12-12.4/src/bin/pg_dump/dumputils.c:94:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(racls) != 0)
data/postgresql-12-12.4/src/bin/pg_dump/dumputils.c:189:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
									 strlen("group ")) == 0)
data/postgresql-12-12.4/src/bin/pg_dump/dumputils.c:191:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
										  fmtId(grantee->data + strlen("group ")));
data/postgresql-12-12.4/src/bin/pg_dump/dumputils.c:207:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
									 strlen("group ")) == 0)
data/postgresql-12-12.4/src/bin/pg_dump/dumputils.c:209:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
										  fmtId(grantee->data + strlen("group ")));
data/postgresql-12-12.4/src/bin/pg_dump/dumputils.c:324:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
									 strlen("group ")) == 0)
data/postgresql-12-12.4/src/bin/pg_dump/dumputils.c:326:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
										  fmtId(grantee->data + strlen("group ")));
data/postgresql-12-12.4/src/bin/pg_dump/dumputils.c:340:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
									 strlen("group ")) == 0)
data/postgresql-12-12.4/src/bin/pg_dump/dumputils.c:342:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
										  fmtId(grantee->data + strlen("group ")));
data/postgresql-12-12.4/src/bin/pg_dump/dumputils.c:426:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(initacls) != 0 || strlen(initracls) != 0)
data/postgresql-12-12.4/src/bin/pg_dump/dumputils.c:426:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(initacls) != 0 || strlen(initracls) != 0)
data/postgresql-12-12.4/src/bin/pg_dump/dumputils.c:912:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pg_malloc((strlen(rawstring) / 2 + 2) * sizeof(char *));
data/postgresql-12-12.4/src/bin/pg_dump/dumputils.c:939:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				memmove(endp, endp + 1, strlen(endp));
data/postgresql-12-12.4/src/bin/pg_dump/parallel.c:141:26:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define piperead(a,b,c)		read(a,b,c)
data/postgresql-12-12.4/src/bin/pg_dump/parallel.c:191:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		rc_ = write(fileno(stderr), str_, strlen(str_)); \
data/postgresql-12-12.4/src/bin/pg_dump/parallel.c:230:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	(strncmp(msg, prefix, strlen(prefix)) == 0)
data/postgresql-12-12.4/src/bin/pg_dump/parallel.c:1153:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		Assert(nBytes == strlen(msg));
data/postgresql-12-12.4/src/bin/pg_dump/parallel.c:1161:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		Assert(nBytes == strlen(msg));
data/postgresql-12-12.4/src/bin/pg_dump/parallel.c:1204:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		Assert(nBytes == strlen(msg));
data/postgresql-12-12.4/src/bin/pg_dump/parallel.c:1549:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			len = strlen(str) + 1;
data/postgresql-12-12.4/src/bin/pg_dump/parallel.c:1666:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			len = strlen(str) + 1;
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:605:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
													  mark + strlen(buffer));
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:765:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!ropt->dataOnly && te->defn != NULL && strlen(te->defn) != 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:767:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		else if (te->copyStmt != NULL && strlen(te->copyStmt) != 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:924:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if (te->copyStmt && strlen(te->copyStmt) > 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:1402:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		buflen = strlen(buf);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:1416:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strspn(buf, " \t\r\n") == strlen(buf))
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:1464:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	WriteData(AH, s, strlen(s));
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:2048:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int			len = strlen(c);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:2174:19:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if ((byteread = fgetc(fh)) == EOF)
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:2179:19:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if ((byteread = fgetc(fh)) == EOF)
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:2191:20:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			if ((byteread = fgetc(fh)) == EOF)
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:2202:22:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if ((AH->intSize = fgetc(fh)) == EOF)
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:2208:23:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			if ((AH->offSize = fgetc(fh)) == EOF)
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:2215:19:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if ((byteread = fgetc(fh)) == EOF)
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:2231:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (AH->lookaheadLen >= strlen(TEXT_DUMPALL_HEADER) &&
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:2232:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(strncmp(AH->lookahead, TEXT_DUMP_HEADER, strlen(TEXT_DUMP_HEADER)) == 0 ||
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:2233:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			 strncmp(AH->lookahead, TEXT_DUMPALL_HEADER, strlen(TEXT_DUMPALL_HEADER)) == 0))
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:3533:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		last = first + strlen(first) - 1;
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:3609:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (te->tablespace && strlen(te->tablespace) > 0 && !ropt->noTablespace)
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:3637:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (te->defn && strlen(te->defn) > 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:3648:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		te->owner && strlen(te->owner) > 0 &&
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_archiver.c:3649:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		te->dropStmt && strlen(te->dropStmt) > 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_custom.c:693:8:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	res = getc(AH->FH);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_custom.c:977:9:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		byt = getc(AH->FH);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_db.c:135:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!requser || strlen(requser) == 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_directory.c:292:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(tctx->filename) == 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_directory.c:726:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(dname) + 1 + strlen(relativeFilename) + 1 > MAXPGPATH)
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_directory.c:726:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(dname) + 1 + strlen(relativeFilename) + 1 > MAXPGPATH)
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_directory.c:730:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(buf, "/");
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:298:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(ctx->filename) == 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:376:15:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
		old_umask = umask(S_IRWXG | S_IRWXO);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:412:3:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
		umask(old_umask);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:498:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(s);
data/postgresql-12-12.4/src/bin/pg_dump/pg_backup_tar.c:690:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			pos1 = (int) strlen(te->copyStmt) - 13;
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:1820:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(column_list) > 2)
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:2085:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							if (strspn(s, "0123456789 +-eE.") == strlen(s))
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:2810:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(encoding) > 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:2815:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(collate) > 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:2820:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(ctype) > 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:2834:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(tablespace) > 0 && strcmp(tablespace, "pg_default") != 0 &&
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:2940:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(datconnlimit) > 0 && strcmp(datconnlimit, "-1") != 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:3855:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(pubinfo[i].rolname) == 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:4189:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(subinfo[i].rolname) == 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:4687:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(nsinfo[i].rolname) == 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:5035:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(tyinfo[i].rolname) == 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:5120:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(oprinfo[i].rolname) == 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:5422:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(opcinfo[i].rolname) == 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:5506:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(opfinfo[i].rolname) == 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:5675:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(agginfo[i].aggfn.rolname) == 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:5935:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(finfo[i].rolname) == 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:6739:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(tblinfo[i].rolname) == 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:10174:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(extinfo->extconfig) > 2)
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:10179:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(extinfo->extcondition) > 2)
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:13003:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(opcfamilyname) > 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:13121:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(sortfamily) > 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:13441:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(sortfamily) > 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:14632:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(fdwinfo->fdwoptions) > 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:14708:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (srvinfo->srvtype && strlen(srvinfo->srvtype) > 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:14713:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (srvinfo->srvversion && strlen(srvinfo->srvversion) > 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:14722:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (srvinfo->srvoptions && strlen(srvinfo->srvoptions) > 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:14838:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (umoptions && strlen(umoptions) > 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:15003:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(initacls) != 0 || strlen(initracls) != 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:15003:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(initacls) != 0 || strlen(initracls) != 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:17453:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			size_t		tlen = strlen(p);
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:17982:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						if (strlen(extconditionarray[j]) > 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_dump.c:18531:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return (reloptions != NULL && strlen(reloptions) > 2);
data/postgresql-12-12.4/src/bin/pg_dump/pg_dumpall.c:1077:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(grolist) < 3)
data/postgresql-12-12.4/src/bin/pg_dump/pg_dumpall.c:1082:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		grolist[strlen(grolist) - 1] = ')';
data/postgresql-12-12.4/src/bin/pg_dump/pg_restore.c:179:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (strlen(optarg) != 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_restore.c:183:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (strlen(optarg) != 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_restore.c:212:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (strlen(optarg) != 0)
data/postgresql-12-12.4/src/bin/pg_dump/pg_restore.c:237:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (strlen(optarg) != 0)
data/postgresql-12-12.4/src/bin/pg_resetwal/pg_resetwal.c:361:2:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	umask(pg_mode_mask);
data/postgresql-12-12.4/src/bin/pg_resetwal/pg_resetwal.c:561:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(rawline);
data/postgresql-12-12.4/src/bin/pg_resetwal/pg_resetwal.c:615:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	len = read(fd, buffer, PG_CONTROL_FILE_SIZE);
data/postgresql-12-12.4/src/bin/pg_rewind/copy_fetch.c:184:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		readlen = read(srcfd, buf.data, len);
data/postgresql-12-12.4/src/bin/pg_rewind/file_ops.c:50:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strcmp(path, &dstpath[strlen(datadir_target) + 1]) == 0)
data/postgresql-12-12.4/src/bin/pg_rewind/file_ops.c:307:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	r = read(fd, buffer, len);
data/postgresql-12-12.4/src/bin/pg_rewind/filemap.c:516:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int			cmplen = strlen(excludeFiles[excludeIdx].name);
data/postgresql-12-12.4/src/bin/pg_rewind/libpq_fetch.c:437:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (PQputCopyData(conn, linebuf, strlen(linebuf)) != 1)
data/postgresql-12-12.4/src/bin/pg_rewind/parsexlog.c:310:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	r = read(xlogreadfd, readBuf, XLOG_BLCKSZ);
data/postgresql-12-12.4/src/bin/pg_rewind/pg_rewind.c:230:2:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	umask(pg_mode_mask);
data/postgresql-12-12.4/src/bin/pg_rewind/pg_rewind.c:499:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(int) strlen(fetch_size_str), fetch_done_str, fetch_size_str,
data/postgresql-12-12.4/src/bin/pg_test_timing/pg_test_timing.c:178:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			len1 = strlen(header1);
data/postgresql-12-12.4/src/bin/pg_test_timing/pg_test_timing.c:179:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			len2 = strlen(header2);
data/postgresql-12-12.4/src/bin/pg_test_timing/pg_test_timing.c:180:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			len3 = strlen(header3);
data/postgresql-12-12.4/src/bin/pg_upgrade/check.c:376:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	lena = chara ? (chara - canona) : strlen(canona);
data/postgresql-12-12.4/src/bin/pg_upgrade/check.c:380:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	lenb = charb ? (charb - canonb) : strlen(canonb);
data/postgresql-12-12.4/src/bin/pg_upgrade/check.c:620:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(old_cluster.tablespace_suffix) == 0)
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:137:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (p == NULL || strlen(p) <= 1)
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:214:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (p == NULL || strlen(p) <= 1)
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:224:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (p == NULL || strlen(p) <= 1)
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:234:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (p == NULL || strlen(p) <= 1)
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:245:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (p == NULL || strlen(p) <= 1)
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:256:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (p == NULL || strlen(p) <= 1)
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:267:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (p == NULL || strlen(p) <= 1)
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:286:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (p == NULL || strlen(p) <= 1)
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:297:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (p == NULL || strlen(p) <= 1)
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:308:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (p == NULL || strlen(p) <= 1)
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:319:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (p == NULL || strlen(p) <= 1)
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:330:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (p == NULL || strlen(p) <= 1)
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:341:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (p == NULL || strlen(p) <= 1)
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:344:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (p == NULL || strlen(p) <= 1)
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:358:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (p == NULL || strlen(p) <= 1)
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:370:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (p == NULL || strlen(p) <= 1)
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:381:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (p == NULL || strlen(p) <= 1)
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:392:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (p == NULL || strlen(p) <= 1)
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:403:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (p == NULL || strlen(p) <= 1)
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:414:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (p == NULL || strlen(p) <= 1)
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:425:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (p == NULL || strlen(p) <= 1)
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:436:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (p == NULL || strlen(p) <= 1)
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:447:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (p == NULL || strlen(p) <= 1)
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:458:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (p == NULL || strlen(p) <= 1)
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:469:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (p == NULL || strlen(p) <= 1)
data/postgresql-12-12.4/src/bin/pg_upgrade/controldata.c:480:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (p == NULL || strlen(p) <= 1)
data/postgresql-12-12.4/src/bin/pg_upgrade/exec.c:418:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(path) <= strlen(EXE_EXT) ||
data/postgresql-12-12.4/src/bin/pg_upgrade/exec.c:418:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(path) <= strlen(EXE_EXT) ||
data/postgresql-12-12.4/src/bin/pg_upgrade/exec.c:419:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pg_strcasecmp(path + strlen(path) - strlen(EXE_EXT), EXE_EXT) != 0)
data/postgresql-12-12.4/src/bin/pg_upgrade/exec.c:419:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pg_strcasecmp(path + strlen(path) - strlen(EXE_EXT), EXE_EXT) != 0)
data/postgresql-12-12.4/src/bin/pg_upgrade/file.c:108:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		ssize_t		nbytes = read(src_fd, buffer, COPY_BUF_SIZE);
data/postgresql-12-12.4/src/bin/pg_upgrade/file.c:225:20:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if ((bytesRead = read(src_fd, buffer.data, BLCKSZ)) != BLCKSZ)
data/postgresql-12-12.4/src/bin/pg_upgrade/function.c:34:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			slen1 = strlen(str1);
data/postgresql-12-12.4/src/bin/pg_upgrade/function.c:35:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			slen2 = strlen(str2);
data/postgresql-12-12.4/src/bin/pg_upgrade/function.c:207:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int			llen = strlen(lib);
data/postgresql-12-12.4/src/bin/pg_upgrade/function.c:231:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				llen = strlen(lib);
data/postgresql-12-12.4/src/bin/pg_upgrade/function.c:235:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			PQescapeStringConn(conn, cmd + strlen(cmd), lib, llen, NULL);
data/postgresql-12-12.4/src/bin/pg_upgrade/function.c:236:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(cmd, "'");
data/postgresql-12-12.4/src/bin/pg_upgrade/info.c:173:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(old_rel->tablespace) == 0)
data/postgresql-12-12.4/src/bin/pg_upgrade/info.c:190:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(new_rel->tablespace) == 0)
data/postgresql-12-12.4/src/bin/pg_upgrade/info.c:240:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				snprintf(reldesc + strlen(reldesc),
data/postgresql-12-12.4/src/bin/pg_upgrade/info.c:241:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						 sizeof(reldesc) - strlen(reldesc),
data/postgresql-12-12.4/src/bin/pg_upgrade/info.c:250:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			snprintf(reldesc + strlen(reldesc),
data/postgresql-12-12.4/src/bin/pg_upgrade/info.c:251:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					 sizeof(reldesc) - strlen(reldesc),
data/postgresql-12-12.4/src/bin/pg_upgrade/info.c:262:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				snprintf(reldesc + strlen(reldesc),
data/postgresql-12-12.4/src/bin/pg_upgrade/info.c:263:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						 sizeof(reldesc) - strlen(reldesc),
data/postgresql-12-12.4/src/bin/pg_upgrade/info.c:270:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			snprintf(reldesc + strlen(reldesc),
data/postgresql-12-12.4/src/bin/pg_upgrade/info.c:271:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					 sizeof(reldesc) - strlen(reldesc),
data/postgresql-12-12.4/src/bin/pg_upgrade/info.c:446:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	snprintf(query + strlen(query), sizeof(query) - strlen(query),
data/postgresql-12-12.4/src/bin/pg_upgrade/info.c:446:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	snprintf(query + strlen(query), sizeof(query) - strlen(query),
data/postgresql-12-12.4/src/bin/pg_upgrade/info.c:468:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	snprintf(query + strlen(query), sizeof(query) - strlen(query),
data/postgresql-12-12.4/src/bin/pg_upgrade/info.c:468:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	snprintf(query + strlen(query), sizeof(query) - strlen(query),
data/postgresql-12-12.4/src/bin/pg_upgrade/info.c:481:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	snprintf(query + strlen(query), sizeof(query) - strlen(query),
data/postgresql-12-12.4/src/bin/pg_upgrade/info.c:481:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	snprintf(query + strlen(query), sizeof(query) - strlen(query),
data/postgresql-12-12.4/src/bin/pg_upgrade/info.c:495:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	snprintf(query + strlen(query), sizeof(query) - strlen(query),
data/postgresql-12-12.4/src/bin/pg_upgrade/info.c:495:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	snprintf(query + strlen(query), sizeof(query) - strlen(query),
data/postgresql-12-12.4/src/bin/pg_upgrade/option.c:362:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (*dirpath == NULL || strlen(*dirpath) == 0)
data/postgresql-12-12.4/src/bin/pg_upgrade/option.c:366:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ((envVar = getenv(envVarName)) && strlen(envVar))
data/postgresql-12-12.4/src/bin/pg_upgrade/pg_upgrade.c:86:2:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	umask(PG_MODE_MASK_OWNER);
data/postgresql-12-12.4/src/bin/pg_upgrade/pg_upgrade.c:114:2:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	umask(pg_mode_mask);
data/postgresql-12-12.4/src/bin/pg_upgrade/server.c:170:6:  [1] (buffer) fscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	if (fscanf(version_fd, "%63s", cluster->major_version_str) == 0 ||
data/postgresql-12-12.4/src/bin/pg_upgrade/server.c:221:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		snprintf(socket_string + strlen(socket_string),
data/postgresql-12-12.4/src/bin/pg_upgrade/server.c:222:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				 sizeof(socket_string) - strlen(socket_string),
data/postgresql-12-12.4/src/bin/pg_upgrade/server.c:377:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (value && strlen(value) > 0 &&
data/postgresql-12-12.4/src/bin/pg_upgrade/util.c:79:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(message) > 0 && message[strlen(message) - 1] == '\n')
data/postgresql-12-12.4/src/bin/pg_upgrade/util.c:79:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(message) > 0 && message[strlen(message) - 1] == '\n')
data/postgresql-12-12.4/src/bin/pg_upgrade/util.c:120:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					   strlen(message) <= MESSAGE_WIDTH - 2 ? "" : "...",
data/postgresql-12-12.4/src/bin/pg_upgrade/util.c:123:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					   strlen(message) <= MESSAGE_WIDTH - 2 ? message :
data/postgresql-12-12.4/src/bin/pg_upgrade/util.c:124:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					   message + strlen(message) - MESSAGE_WIDTH + 3 + 2);
data/postgresql-12-12.4/src/bin/pg_upgrade/util.c:190:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char	   *result = pg_malloc(strlen(s) * 2 + 3);
data/postgresql-12-12.4/src/bin/pg_waldump/pg_waldump.c:197:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		r = read(fd, buf.data, XLOG_BLCKSZ);
data/postgresql-12-12.4/src/bin/pg_waldump/pg_waldump.c:394:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		readbytes = read(sendFile, p, segbytes);
data/postgresql-12-12.4/src/bin/pgbench/exprparse.c:885:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#   define yystrlen strlen
data/postgresql-12-12.4/src/bin/pgbench/exprscan.c:959:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			     (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/postgresql-12-12.4/src/bin/pgbench/exprscan.c:2227:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return yy_scan_bytes( yystr, (int) strlen(yystr) , yyscanner);
data/postgresql-12-12.4/src/bin/pgbench/exprscan.c:2783:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return strlen(state->scanbuf);
data/postgresql-12-12.4/src/bin/pgbench/exprscan.c:2801:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	Assert(end_offset <= strlen(state->scanbuf));
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:1294:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	slen = strlen(var->svalue);
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:1519:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			valueln = strlen(value);
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:1525:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		*sql = pg_realloc(*sql, strlen(*sql) - len + valueln + 1);
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:1530:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		memmove(param + valueln, param + len, strlen(param + len) + 1);
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:2530:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		arglen = strlen(arg);
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:3667:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			snprintf(opts + strlen(opts), sizeof(opts) - strlen(opts),
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:3667:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			snprintf(opts + strlen(opts), sizeof(opts) - strlen(opts),
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:3674:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
												   strlen(tablespace));
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:3675:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			snprintf(opts + strlen(opts), sizeof(opts) - strlen(opts),
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:3675:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			snprintf(opts + strlen(opts), sizeof(opts) - strlen(opts),
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:3866:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
												   strlen(index_tablespace));
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:3867:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			snprintf(buffer + strlen(buffer), sizeof(buffer) - strlen(buffer),
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:3867:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			snprintf(buffer + strlen(buffer), sizeof(buffer) - strlen(buffer),
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:4468:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	psql_scan_setup(sstate, script, strlen(script), 0, true);
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:4661:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				len = strlen(name);
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:4707:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(*script, option, namelen);
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:5535:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							   strlen(initialize_steps) + 2);
data/postgresql-12-12.4/src/bin/pgbench/pgbench.c:5536:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
				strcat(initialize_steps, "f");
data/postgresql-12-12.4/src/bin/pgevent/pgevent.c:98:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					  strlen(buffer) + 1))
data/postgresql-12-12.4/src/bin/psql/command.c:950:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						strspn(fname, "0123456789") == strlen(fname))
data/postgresql-12-12.4/src/bin/psql/command.c:1359:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = strlen(opt);
data/postgresql-12-12.4/src/bin/psql/command.c:2106:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				newval = pg_realloc(newval, strlen(newval) + strlen(opt) + 1);
data/postgresql-12-12.4/src/bin/psql/command.c:2106:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				newval = pg_realloc(newval, strlen(newval) + strlen(opt) + 1);
data/postgresql-12-12.4/src/bin/psql/command.c:3763:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		vallen = strlen(value);
data/postgresql-12-12.4/src/bin/psql/command.c:3924:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(value) != 1)
data/postgresql-12-12.4/src/bin/psql/command.c:4272:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char	   *ret = pg_malloc(strlen(str) * 2 + 3);
data/postgresql-12-12.4/src/bin/psql/command.c:4458:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	title_len = (user_title ? strlen(user_title) : 0) + 256;
data/postgresql-12-12.4/src/bin/psql/command.c:4741:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if (reloptions != NULL && strlen(reloptions) > 2)
data/postgresql-12-12.4/src/bin/psql/command.c:4802:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	c = obj + strlen(obj) - 1;
data/postgresql-12-12.4/src/bin/psql/command.c:4883:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t		header_sz = in_header ? strlen(header_keyword) : 0;
data/postgresql-12-12.4/src/bin/psql/common.c:166:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						PQescapeLiteral(pset.db, value, strlen(value));
data/postgresql-12-12.4/src/bin/psql/common.c:169:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						PQescapeIdentifier(pset.db, value, strlen(value));
data/postgresql-12-12.4/src/bin/psql/common.c:272:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		rc_ = write(fileno(stderr), str_, strlen(str_)); \
data/postgresql-12-12.4/src/bin/psql/common.c:534:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(error))
data/postgresql-12-12.4/src/bin/psql/common.c:1649:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				escname = PQescapeLiteral(pset.db, name, strlen(name));
data/postgresql-12-12.4/src/bin/psql/common.c:2394:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(home) != 0)
data/postgresql-12-12.4/src/bin/psql/copy.c:217:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		toklen = strlen(token);
data/postgresql-12-12.4/src/bin/psql/copy.c:621:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				linelen = strlen(buf);
data/postgresql-12-12.4/src/bin/psql/crosstabview.c:602:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			  strspn(val + 1, "0123456789") == strlen(val + 1)) ||
data/postgresql-12-12.4/src/bin/psql/crosstabview.c:603:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			 strspn(val, "0123456789") == strlen(val)))
data/postgresql-12-12.4/src/bin/psql/crosstabview.c:640:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (arg[0] && strspn(arg, "0123456789") == strlen(arg))
data/postgresql-12-12.4/src/bin/psql/describe.c:332:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(functypes) != strspn(functypes, "anptwS+"))
data/postgresql-12-12.4/src/bin/psql/describe.c:2251:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(indpred))
data/postgresql-12-12.4/src/bin/psql/describe.c:3103:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			int			sw = pg_wcswidth(s, strlen(s), pset.encoding);
data/postgresql-12-12.4/src/bin/psql/describe.c:3181:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			int			ctw = pg_wcswidth(ct, strlen(ct), pset.encoding);
data/postgresql-12-12.4/src/bin/psql/help.c:521:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!topic || strlen(topic) == 0)
data/postgresql-12-12.4/src/bin/psql/help.c:580:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(topic);
data/postgresql-12-12.4/src/bin/psql/input.c:121:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!s[0] || s[strlen(s) - 1] != '\n')
data/postgresql-12-12.4/src/bin/psql/input.c:146:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (i = strlen(s) - 1; i >= 0 && s[i] == '\n'; i--)
data/postgresql-12-12.4/src/bin/psql/input.c:372:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (envhist != NULL && strlen(envhist) > 0)
data/postgresql-12-12.4/src/bin/psql/large_obj.c:201:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_t		slen = strlen(comment_arg);
data/postgresql-12-12.4/src/bin/psql/large_obj.c:207:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		bufptr = cmdbuf + strlen(cmdbuf);
data/postgresql-12-12.4/src/bin/psql/large_obj.c:209:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
		strcpy(bufptr, "'");
data/postgresql-12-12.4/src/bin/psql/mainloop.c:198:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			memmove(line, line + 3, strlen(line + 3) + 1);
data/postgresql-12-12.4/src/bin/psql/mainloop.c:368:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		psql_scan_setup(scan_state, line, strlen(line),
data/postgresql-12-12.4/src/bin/psql/mainloop.c:530:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					psql_scan_setup(scan_state, line, strlen(line),
data/postgresql-12-12.4/src/bin/psql/prompt.c:101:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		 *p && strlen(destination) < sizeof(destination) - 1;
data/postgresql-12-12.4/src/bin/psql/prompt.c:277:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						if (strlen(buf) > 0 && buf[strlen(buf) - 1] == '\n')
data/postgresql-12-12.4/src/bin/psql/prompt.c:277:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						if (strlen(buf) > 0 && buf[strlen(buf) - 1] == '\n')
data/postgresql-12-12.4/src/bin/psql/prompt.c:278:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							buf[strlen(buf) - 1] = '\0';
data/postgresql-12-12.4/src/bin/psql/psqlscanslash.c:1380:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			     (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/postgresql-12-12.4/src/bin/psql/psqlscanslash.c:2718:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return yy_scan_bytes( yystr, (int) strlen(yystr) , yyscanner);
data/postgresql-12-12.4/src/bin/psql/psqlscanslash.c:3285:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				mybuf.len = strlen(mybuf.data);
data/postgresql-12-12.4/src/bin/psql/psqlscanslash.c:3404:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			memmove(cp, cp + 1, strlen(cp));
data/postgresql-12-12.4/src/bin/psql/startup.c:389:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
								cell->val, strlen(cell->val),
data/postgresql-12-12.4/src/bin/psql/startup.c:776:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (envrc != NULL && strlen(envrc) > 0)
data/postgresql-12-12.4/src/bin/psql/stringutils.c:80:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		storage = pg_malloc(2 * strlen(s) + 1);
data/postgresql-12-12.4/src/bin/psql/stringutils.c:116:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				memmove(p + 1, p, strlen(p) + 1);
data/postgresql-12-12.4/src/bin/psql/stringutils.c:166:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				memmove(p + 1, p, strlen(p) + 1);
data/postgresql-12-12.4/src/bin/psql/stringutils.c:215:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			memmove(p + 1, p, strlen(p) + 1);
data/postgresql-12-12.4/src/bin/psql/stringutils.c:303:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	dst = ret = pg_malloc(2 * strlen(src) + 3); /* excess */
data/postgresql-12-12.4/src/bin/psql/tab-complete.c:1175:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	wordlen = strlen(word);
data/postgresql-12-12.4/src/bin/psql/tab-complete.c:1326:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t		length = strlen(s);
data/postgresql-12-12.4/src/bin/psql/tab-complete.c:3808:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		string_length = strlen(text);
data/postgresql-12-12.4/src/bin/psql/tab-complete.c:3963:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		byte_length = strlen(text);
data/postgresql-12-12.4/src/bin/psql/tab-complete.c:4146:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		string_length = strlen(text);
data/postgresql-12-12.4/src/bin/psql/tab-complete.c:4382:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	text_length = strlen(text);
data/postgresql-12-12.4/src/bin/psql/tab-complete.c:4600:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	length = strlen(text) +(match_type == SINGLE_MATCH ? 3 : 2);
data/postgresql-12-12.4/src/bin/psql/tab-complete.c:4619:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	length = strlen(text);
data/postgresql-12-12.4/src/bin/psql/variables.c:118:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(value);
data/postgresql-12-12.4/src/common/controldata_utils.c:79:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	r = read(fd, ControlFile, sizeof(ControlFileData));
data/postgresql-12-12.4/src/common/exec.c:78:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(path) >= strlen(".exe") &&
data/postgresql-12-12.4/src/common/exec.c:78:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(path) >= strlen(".exe") &&
data/postgresql-12-12.4/src/common/exec.c:79:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pg_strcasecmp(path + strlen(path) - strlen(".exe"), ".exe") != 0)
data/postgresql-12-12.4/src/common/exec.c:79:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pg_strcasecmp(path + strlen(path) - strlen(".exe"), ".exe") != 0)
data/postgresql-12-12.4/src/common/exec.c:186:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				endp = startp + strlen(startp); /* point to end */
data/postgresql-12-12.4/src/common/exec.c:338:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	snprintf(retpath + strlen(retpath), MAXPGPATH - strlen(retpath),
data/postgresql-12-12.4/src/common/exec.c:338:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	snprintf(retpath + strlen(retpath), MAXPGPATH - strlen(retpath),
data/postgresql-12-12.4/src/common/exec.c:466:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			lineptr += strlen(lineptr);
data/postgresql-12-12.4/src/common/exec.c:485:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = strlen(line);
data/postgresql-12-12.4/src/common/exec.c:506:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
				strcat(line, "\n");
data/postgresql-12-12.4/src/common/file_utils.c:325:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(parentpath) == 0)
data/postgresql-12-12.4/src/common/ip.c:176:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(path) >= sizeof(unp->sun_path))
data/postgresql-12-12.4/src/common/kwlookup.c:49:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(str);
data/postgresql-12-12.4/src/common/logging.c:196:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	Assert(fmt[strlen(fmt) - 1] != '\n');
data/postgresql-12-12.4/src/common/md5.c:326:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t		passwd_len = strlen(passwd);
data/postgresql-12-12.4/src/common/relpath.c:84:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int			len = strlen(forkNames[forkNum]);
data/postgresql-12-12.4/src/common/saslprep.c:1088:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(input) > MAX_PASSWORD_LENGTH)
data/postgresql-12-12.4/src/common/scram-common.c:108:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			password_len = strlen(password);
data/postgresql-12-12.4/src/common/scram-common.c:165:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	scram_HMAC_update(&ctx, "Client Key", strlen("Client Key"));
data/postgresql-12-12.4/src/common/scram-common.c:178:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	scram_HMAC_update(&ctx, "Server Key", strlen("Server Key"));
data/postgresql-12-12.4/src/common/scram-common.c:218:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	maxlen = strlen("SCRAM-SHA-256") + 1
data/postgresql-12-12.4/src/common/string.c:33:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t		slen = strlen(str);
data/postgresql-12-12.4/src/common/string.c:34:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t		elen = strlen(end);
data/postgresql-12-12.4/src/fe_utils/print.c:229:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len += ((int_len - 1) / groupdigits) * strlen(thousands_sep);
data/postgresql-12-12.4/src/fe_utils/print.c:233:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len += strlen(decimal_point) - 1;
data/postgresql-12-12.4/src/fe_utils/print.c:260:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strspn(my_str, "0123456789+-.eE") != strlen(my_str))
data/postgresql-12-12.4/src/fe_utils/print.c:263:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	new_len = strlen(my_str) + additional_numeric_locale_len(my_str);
data/postgresql-12-12.4/src/fe_utils/print.c:287:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			new_str_pos += strlen(thousands_sep);
data/postgresql-12-12.4/src/fe_utils/print.c:297:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		new_str_pos += strlen(decimal_point);
data/postgresql-12-12.4/src/fe_utils/print.c:305:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	Assert(strlen(new_str) <= new_len);
data/postgresql-12-12.4/src/fe_utils/print.c:664:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pg_wcssize((const unsigned char *) cont->headers[i], strlen(cont->headers[i]),
data/postgresql-12-12.4/src/fe_utils/print.c:688:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pg_wcssize((const unsigned char *) *ptr, strlen(*ptr), encoding,
data/postgresql-12-12.4/src/fe_utils/print.c:849:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			pg_wcssize((const unsigned char *) *ptr, strlen(*ptr), encoding,
data/postgresql-12-12.4/src/fe_utils/print.c:888:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			pg_wcssize((const unsigned char *) cont->title, strlen(cont->title),
data/postgresql-12-12.4/src/fe_utils/print.c:911:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							 strlen(cont->headers[i]), encoding,
data/postgresql-12-12.4/src/fe_utils/print.c:981:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			pg_wcsformat((const unsigned char *) ptr[j], strlen(ptr[j]), encoding,
data/postgresql-12-12.4/src/fe_utils/print.c:1296:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pg_wcssize((const unsigned char *) cont->headers[i], strlen(cont->headers[i]),
data/postgresql-12-12.4/src/fe_utils/print.c:1316:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pg_wcssize((const unsigned char *) *ptr, strlen(*ptr), encoding,
data/postgresql-12-12.4/src/fe_utils/print.c:1531:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					 strlen(cont->headers[i % cont->ncolumns]),
data/postgresql-12-12.4/src/fe_utils/print.c:1534:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pg_wcsformat((const unsigned char *) *ptr, strlen(*ptr), encoding,
data/postgresql-12-12.4/src/fe_utils/print.c:1776:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strcspn(str, "\r\n\"") != strlen(str) ||
data/postgresql-12-12.4/src/fe_utils/print.c:3024:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (strspn(pagerprog, " \t\r\n") == strlen(pagerprog))
data/postgresql-12-12.4/src/fe_utils/print.c:3637:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	unsigned char *end = str + strlen((char *) str);
data/postgresql-12-12.4/src/fe_utils/psqlscan.c:3501:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			     (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/postgresql-12-12.4/src/fe_utils/psqlscan.c:5238:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return yy_scan_bytes( yystr, (int) strlen(yystr) , yyscanner);
data/postgresql-12-12.4/src/fe_utils/psqlscan.c:5985:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	stackelem->buf = psqlscan_prepare_buffer(state, newstr, strlen(newstr),
data/postgresql-12-12.4/src/fe_utils/simple_list.c:68:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pg_malloc(offsetof(SimpleStringListCell, val) + strlen(val) + 1);
data/postgresql-12-12.4/src/fe_utils/string_utils.c:220:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t		length = strlen(str);
data/postgresql-12-12.4/src/fe_utils/string_utils.c:297:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t		length = strlen(str);
data/postgresql-12-12.4/src/fe_utils/string_utils.c:456:89:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strspn(str, "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_./:") == strlen(str))
data/postgresql-12-12.4/src/fe_utils/string_utils.c:678:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	inputlen = strlen(atext);
data/postgresql-12-12.4/src/include/access/reloptions.h:226:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(offset) += strlen(string_val) + 1;					\
data/postgresql-12-12.4/src/include/access/reloptions.h:235:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	((option).isset ? strlen((option).values.string_val) : \
data/postgresql-12-12.4/src/include/access/tupmacs.h:187:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(cur_offset) + (strlen((char *) (attptr)) + 1) \
data/postgresql-12-12.4/src/include/access/xlog_internal.h:164:3:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	(strlen(fname) == XLOG_FNAME_LEN && \
data/postgresql-12-12.4/src/include/access/xlog_internal.h:173:3:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	(strlen(fname) == XLOG_FNAME_LEN + strlen(".partial") &&	\
data/postgresql-12-12.4/src/include/access/xlog_internal.h:173:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	(strlen(fname) == XLOG_FNAME_LEN + strlen(".partial") &&	\
data/postgresql-12-12.4/src/include/access/xlog_internal.h:194:3:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	(strlen(fname) == 8 + strlen(".history") &&		\
data/postgresql-12-12.4/src/include/access/xlog_internal.h:194:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	(strlen(fname) == 8 + strlen(".history") &&		\
data/postgresql-12-12.4/src/include/access/xlog_internal.h:211:3:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	(strlen(fname) > XLOG_FNAME_LEN && \
data/postgresql-12-12.4/src/include/access/xlog_internal.h:213:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	 strcmp((fname) + strlen(fname) - strlen(".backup"), ".backup") == 0)
data/postgresql-12-12.4/src/include/access/xlog_internal.h:213:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	 strcmp((fname) + strlen(fname) - strlen(".backup"), ".backup") == 0)
data/postgresql-12-12.4/src/include/c.h:922:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(_dst, (src), _len); \
data/postgresql-12-12.4/src/include/libpq/pqformat.h:111:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			slen = strlen(str);
data/postgresql-12-12.4/src/include/libpq/pqformat.h:116:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		slen = strlen(p);
data/postgresql-12-12.4/src/include/nodes/nodes.h:646:13:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
extern bool equal(const void *a, const void *b);
data/postgresql-12-12.4/src/include/nodes/pg_list.h:360:27:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
#define equali(l1, l2)				equal(l1, l2)
data/postgresql-12-12.4/src/include/nodes/pg_list.h:361:27:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
#define equalo(l1, l2)				equal(l1, l2)
data/postgresql-12-12.4/src/interfaces/ecpg/compatlib/informix.c:181:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t		real_len = strlen(str);
data/postgresql-12-12.4/src/interfaces/ecpg/compatlib/informix.c:413:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((int) (strlen(str) + 1) > len)
data/postgresql-12-12.4/src/interfaces/ecpg/compatlib/informix.c:677:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	memcpy(str, tmp, strlen(tmp));
data/postgresql-12-12.4/src/interfaces/ecpg/compatlib/informix.c:752:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t		len = strlen(str);
data/postgresql-12-12.4/src/interfaces/ecpg/compatlib/informix.c:770:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t		fmt_len = strlen(fmt);
data/postgresql-12-12.4/src/interfaces/ecpg/compatlib/informix.c:945:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	temp_len = strlen(temp);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/connect.c:175:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (con->autocommit && strncmp(mode, "off", strlen("off")) == 0)
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/connect.c:186:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	else if (!con->autocommit && strncmp(mode, "on", strlen("on")) == 0)
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/connect.c:257:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(sqlca->sqlstate, sqlstate, sizeof(sqlca->sqlstate));
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/connect.c:262:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(sqlca->sqlerrm.sqlerrmc, message, sizeof(sqlca->sqlerrm.sqlerrmc));
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/connect.c:264:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	sqlca->sqlerrm.sqlerrml = strlen(sqlca->sqlerrm.sqlerrmc);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/connect.c:358:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strncmp(dbname + offset, "postgresql://", strlen("postgresql://")) == 0)
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/connect.c:367:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				offset += strlen("postgresql://");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/connect.c:475:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(dbname) > 0)
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/connect.c:515:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			 (user && strlen(user) > 0) ? "for user " : "", user ? user : "");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/connect.c:523:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (user && strlen(user) > 0)
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/connect.c:525:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (passwd && strlen(passwd) > 0)
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/connect.c:570:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (user && strlen(user) > 0)
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/connect.c:576:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (passwd && strlen(passwd) > 0)
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/data.c:639:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
								strncpy(str, pval, size + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/data.c:655:8:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
							strncpy(str, pval, varcharsize);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/data.c:704:8:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
							strncpy(variable->arr, pval, variable->len);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/data.c:707:8:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
							strncpy(variable->arr, pval, varcharsize);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/descriptor.c:213:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy((char *) var, value, varcharsize);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/descriptor.c:221:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					memcpy(variable->arr, value, strlen(value));
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/descriptor.c:223:6:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
					strncpy(variable->arr, value, varcharsize);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/descriptor.c:225:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				variable->len = strlen(value);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/descriptor.c:819:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	new->name = ecpg_alloc(strlen(name) + 1, line);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:25:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(sqlca->sqlstate, sqlstate, sizeof(sqlca->sqlstate));
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:211:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	sqlca->sqlerrm.sqlerrml = strlen(sqlca->sqlerrm.sqlerrmc);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:260:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	sqlca->sqlerrm.sqlerrml = strlen(sqlca->sqlerrm.sqlerrmc);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/error.c:263:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(sqlca->sqlstate, sqlstate, sizeof(sqlca->sqlstate));
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:56:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		length = strlen(arg);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:270:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	array_query = (char *) ecpg_alloc(strlen("select typlen from pg_type where oid= and typelem<>0") + 11, stmt->lineno);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:364:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							len += strlen(PQgetvalue(results, act_tuple, act_field)) + 1;
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:374:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							int			len = strlen(PQgetvalue(results, act_tuple, act_field)) + 1;
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:429:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			int			len = strlen(PQgetvalue(results, act_tuple, act_field)) + 1;
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:504:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(to_data + 3 + ecpg_hex_enc_len(from_len), "\'");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:578:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
					strcpy(mallocedval, "{");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:581:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						sprintf(mallocedval + strlen(mallocedval), "%hd,", ((short *) var->value)[element]);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:583:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
					strcpy(mallocedval + strlen(mallocedval) - 1, "}");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:583:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					strcpy(mallocedval + strlen(mallocedval) - 1, "}");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:597:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
					strcpy(mallocedval, "{");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:600:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						sprintf(mallocedval + strlen(mallocedval), "%d,", ((int *) var->value)[element]);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:602:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
					strcpy(mallocedval + strlen(mallocedval) - 1, "}");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:602:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					strcpy(mallocedval + strlen(mallocedval) - 1, "}");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:616:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
					strcpy(mallocedval, "{");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:619:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						sprintf(mallocedval + strlen(mallocedval), "%hu,", ((unsigned short *) var->value)[element]);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:621:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
					strcpy(mallocedval + strlen(mallocedval) - 1, "}");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:621:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					strcpy(mallocedval + strlen(mallocedval) - 1, "}");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:635:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
					strcpy(mallocedval, "{");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:638:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						sprintf(mallocedval + strlen(mallocedval), "%u,", ((unsigned int *) var->value)[element]);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:640:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
					strcpy(mallocedval + strlen(mallocedval) - 1, "}");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:640:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					strcpy(mallocedval + strlen(mallocedval) - 1, "}");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:654:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
					strcpy(mallocedval, "{");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:657:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						sprintf(mallocedval + strlen(mallocedval), "%ld,", ((long *) var->value)[element]);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:659:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
					strcpy(mallocedval + strlen(mallocedval) - 1, "}");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:659:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					strcpy(mallocedval + strlen(mallocedval) - 1, "}");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:673:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
					strcpy(mallocedval, "{");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:676:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						sprintf(mallocedval + strlen(mallocedval), "%lu,", ((unsigned long *) var->value)[element]);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:678:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
					strcpy(mallocedval + strlen(mallocedval) - 1, "}");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:678:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					strcpy(mallocedval + strlen(mallocedval) - 1, "}");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:692:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
					strcpy(mallocedval, "{");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:695:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						sprintf(mallocedval + strlen(mallocedval), "%lld,", ((long long int *) var->value)[element]);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:697:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
					strcpy(mallocedval + strlen(mallocedval) - 1, "}");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:697:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					strcpy(mallocedval + strlen(mallocedval) - 1, "}");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:711:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
					strcpy(mallocedval, "{");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:714:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						sprintf(mallocedval + strlen(mallocedval), "%llu,", ((unsigned long long int *) var->value)[element]);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:716:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
					strcpy(mallocedval + strlen(mallocedval) - 1, "}");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:716:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					strcpy(mallocedval + strlen(mallocedval) - 1, "}");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:730:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
					strcpy(mallocedval, "{");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:733:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						sprintf_float_value(mallocedval + strlen(mallocedval), ((float *) var->value)[element], ",");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:735:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
					strcpy(mallocedval + strlen(mallocedval) - 1, "}");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:735:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					strcpy(mallocedval + strlen(mallocedval) - 1, "}");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:749:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
					strcpy(mallocedval, "{");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:752:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						sprintf_double_value(mallocedval + strlen(mallocedval), ((double *) var->value)[element], ",");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:754:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
					strcpy(mallocedval + strlen(mallocedval) - 1, "}");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:754:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					strcpy(mallocedval + strlen(mallocedval) - 1, "}");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:768:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
					strcpy(mallocedval, "{");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:771:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						sprintf(mallocedval + strlen(mallocedval), "%c,", (((bool *) var->value)[element]) ? 't' : 'f');
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:773:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
					strcpy(mallocedval + strlen(mallocedval) - 1, "}");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:773:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					strcpy(mallocedval + strlen(mallocedval) - 1, "}");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:793:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					int			slen = (var->varcharsize == 0) ? strlen((char *) var->value) : (unsigned int) var->varcharsize;
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:798:6:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
					strncpy(newcopy, (char *) var->value, slen);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:814:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					int			slen = strlen((char *) var->value);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:819:6:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
					strncpy(mallocedval, (char *) var->value, slen);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:847:6:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
					strncpy(newcopy, variable->arr, variable->len);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:900:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						slen = strlen(str);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:903:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						if (!(newcopy = ecpg_realloc(mallocedval, strlen(mallocedval) + slen + 2, lineno)))
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:912:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						memcpy(mallocedval + strlen(mallocedval), str, slen + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:914:8:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
							strcpy(mallocedval + strlen(mallocedval), ",");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:914:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							strcpy(mallocedval + strlen(mallocedval), ",");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:920:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
						strcpy(mallocedval + strlen(mallocedval) - 1, "}");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:920:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						strcpy(mallocedval + strlen(mallocedval) - 1, "}");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:948:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						slen = strlen(str);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:950:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						if (!(newcopy = ecpg_realloc(mallocedval, strlen(mallocedval) + slen + 2, lineno)))
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:959:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						memcpy(mallocedval + strlen(mallocedval), str, slen + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:961:8:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
							strcpy(mallocedval + strlen(mallocedval), ",");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:961:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							strcpy(mallocedval + strlen(mallocedval), ",");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:967:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
						strcpy(mallocedval + strlen(mallocedval) - 1, "}");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:967:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						strcpy(mallocedval + strlen(mallocedval) - 1, "}");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:995:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						slen = strlen(str);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:997:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						if (!(newcopy = ecpg_realloc(mallocedval, strlen(mallocedval) + slen + 2, lineno)))
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:1006:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						memcpy(mallocedval + strlen(mallocedval), str, slen + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:1008:8:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
							strcpy(mallocedval + strlen(mallocedval), ",");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:1008:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							strcpy(mallocedval + strlen(mallocedval), ",");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:1014:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
						strcpy(mallocedval + strlen(mallocedval) - 1, "}");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:1014:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						strcpy(mallocedval + strlen(mallocedval) - 1, "}");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:1042:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						slen = strlen(str);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:1044:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						if (!(newcopy = ecpg_realloc(mallocedval, strlen(mallocedval) + slen + 2, lineno)))
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:1053:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						memcpy(mallocedval + strlen(mallocedval), str, slen + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:1055:8:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
							strcpy(mallocedval + strlen(mallocedval), ",");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:1055:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							strcpy(mallocedval + strlen(mallocedval), ",");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:1061:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
						strcpy(mallocedval + strlen(mallocedval) - 1, "}");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:1061:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						strcpy(mallocedval + strlen(mallocedval) - 1, "}");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:1137:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!(newcopy = (char *) ecpg_alloc(strlen(stmt->command)
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:1138:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
										+ strlen(tobeinserted)
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:1184:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	var.varcharsize = strlen(desc_item->data);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:1309:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
								desc_inlist.varcharsize = strlen(sqlda->sqlvar[i].sqldata);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:1364:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
								desc_inlist.varcharsize = strlen(sqlda->sqlvar[i].sqldata);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:1437:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			int			ph_len = (stmt->command[position] == '?') ? strlen("?") : strlen("$1");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:1437:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			int			ph_len = (stmt->command[position] == '?') ? strlen("?") : strlen("$1");
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/execute.c:1458:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				char	   *str = ecpg_alloc(strlen(tobeinserted) + 2 + 1,
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/misc.c:285:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	bufsize = strlen(intl_format) + 100;
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/misc.c:570:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
		strncpy(sqlca->sqlstate, "YE001", sizeof(sqlca->sqlstate));
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/misc.c:572:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		sqlca->sqlerrm.sqlerrml = strlen(sqlca->sqlerrm.sqlerrmc);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/prepare.c:135:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!(newcopy = (char *) ecpg_alloc(strlen(*text) -len + strlen(buffer) + 1, lineno)))
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/prepare.c:135:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!(newcopy = (char *) ecpg_alloc(strlen(*text) -len + strlen(buffer) + 1, lineno)))
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/prepare.c:273:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		text = (char *) ecpg_alloc(strlen("deallocate \"\" ") + strlen(this->name), this->stmt->lineno);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/prepare.c:273:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		text = (char *) ecpg_alloc(strlen("deallocate \"\" ") + strlen(this->name), this->stmt->lineno);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/prepare.c:388:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	stmtLeng = strlen(ecpgQuery);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/sqlda.c:57:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		offset += strlen(PQfname(res, i)) + 1;
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/sqlda.c:145:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					long		datalen = strlen(PQgetvalue(res, row, i)) + 1;
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/sqlda.c:235:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		fname += strlen(sqlda->sqlvar[i].sqlname) + 1;
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/sqlda.c:383:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				datalen = strlen(PQgetvalue(res, row, i)) + 1;
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/sqlda.c:437:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		sqlda->sqlvar[i].sqlname.length = strlen(fname);
data/postgresql-12-12.4/src/interfaces/ecpg/ecpglib/sqlda.c:572:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				datalen = strlen(PQgetvalue(res, row, i)) + 1;
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/common.c:43:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			i = strlen(replace_val.str_val);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/common.c:118:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				i = strlen(t);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/datetime.c:64:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(str) > MAXDATELEN)
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/datetime.c:262:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						   strlen(replace_val.str_val));
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/datetime.c:274:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						memcpy(start_pattern, t, strlen(t));
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/datetime.c:286:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						memcpy(start_pattern, t, strlen(t));
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/datetime.c:298:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						memcpy(start_pattern, t, strlen(t));
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/datetime.c:433:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		i = strlen(str);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/datetime.c:445:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		str_copy = pgtypes_alloc(strlen(str) + 1 + 2);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/datetime.c:493:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(str_copy + target_pos, str + start_pos,
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/datetime.c:518:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (i = 0; i < strlen(str_copy); i++)
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/datetime.c:613:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				token[token_count][1] = offset + strlen(month_lower_tmp) - 1;
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:725:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			len = strlen(str);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:781:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				sprintf(str + strlen(str), ":%02d.%06d", tm->tm_sec, fsec);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:785:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				sprintf(str + strlen(str), ":%02d", tm->tm_sec);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:788:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				sprintf(str + strlen(str), " BC");
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:795:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					sprintf(str + strlen(str), "%+03d:%02d", hour, min);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:797:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					sprintf(str + strlen(str), "%+03d", hour);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:819:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				sprintf(str + strlen(str), ":%02d.%06d", tm->tm_sec, fsec);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:823:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				sprintf(str + strlen(str), ":%02d", tm->tm_sec);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:826:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				sprintf(str + strlen(str), " BC");
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:837:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					sprintf(str + strlen(str), " %.*s", MAXTZLEN, tzn);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:843:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						sprintf(str + strlen(str), "%+03d:%02d", hour, min);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:845:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						sprintf(str + strlen(str), "%+03d", hour);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:865:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				sprintf(str + strlen(str), ":%02d.%06d", tm->tm_sec, fsec);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:869:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				sprintf(str + strlen(str), ":%02d", tm->tm_sec);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:872:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				sprintf(str + strlen(str), " BC");
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:877:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					sprintf(str + strlen(str), " %.*s", MAXTZLEN, tzn);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:883:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						sprintf(str + strlen(str), "%+03d:%02d", hour, min);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:885:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						sprintf(str + strlen(str), "%+03d", hour);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:898:4:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
			strcpy(str + 3, " ");
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:913:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				sprintf(str + strlen(str), ":%02d.%06d", tm->tm_sec, fsec);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:917:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				sprintf(str + strlen(str), ":%02d", tm->tm_sec);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:919:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			sprintf(str + strlen(str), " %04d",
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:922:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				sprintf(str + strlen(str), " BC");
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:927:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					sprintf(str + strlen(str), " %.*s", MAXTZLEN, tzn);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:939:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						sprintf(str + strlen(str), " %+03d:%02d", hour, min);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:941:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						sprintf(str + strlen(str), " %+03d", hour);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:1019:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(tm->tm_zone) > MAXTZLEN)
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:1037:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(TZNAME_GLOBAL[tm->tm_isdst]) > MAXTZLEN)
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:1115:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(str);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:1392:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ((len = strlen(field[i])) <= 0)
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:1514:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	else if (*cp == '\0' && (len = strlen(str)) > 3)
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:1886:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						if ((ftype[i] = DecodeNumberField(strlen(field[i]), field[i], fmask,
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:2066:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							if ((ftype[i] = DecodeNumberField(strlen(field[i]), field[i], (fmask | DTK_DATE_M),
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:2087:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					flen = strlen(field[i]);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:2097:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					else if (cp != NULL && flen - strlen(cp) > 2)
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:2432:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		end_position = str + strlen(str);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:2451:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			end_position = str + strlen(str);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:2575:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
								strlen(pgtypes_date_weekdays_short[j])) == 0)
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:2579:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						pstr += strlen(pgtypes_date_weekdays_short[j]);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:2592:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if (strncmp(days[j], pstr, strlen(days[j])) == 0)
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:2596:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						pstr += strlen(days[j]);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:2609:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if (strncmp(months[j], pstr, strlen(months[j])) == 0)
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:2613:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						pstr += strlen(months[j]);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:2627:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if (strncmp(pgtypes_date_months[j], pstr, strlen(pgtypes_date_months[j])) == 0)
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:2631:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						pstr += strlen(pgtypes_date_months[j]);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:2661:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				tmp = pgtypes_alloc(strlen("%m/%d/%y") + strlen(pstr) + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:2661:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				tmp = pgtypes_alloc(strlen("%m/%d/%y") + strlen(pstr) + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:2786:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				tmp = pgtypes_alloc(strlen("%I:%M:%S %p") + strlen(pstr) + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:2786:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				tmp = pgtypes_alloc(strlen("%I:%M:%S %p") + strlen(pstr) + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:2794:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				tmp = pgtypes_alloc(strlen("%H:%M") + strlen(pstr) + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:2794:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				tmp = pgtypes_alloc(strlen("%H:%M") + strlen(pstr) + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:2839:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				tmp = pgtypes_alloc(strlen("%H:%M:%S") + strlen(pstr) + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/dt_common.c:2839:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				tmp = pgtypes_alloc(strlen("%H:%M:%S") + strlen(pstr) + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:121:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(str) < 2 || str[0] != 'P')
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:699:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return cp + strlen(cp);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:722:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return cp + strlen(cp);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:732:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return cp + strlen(cp);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:817:6:  [1] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source is a constant character.
					sprintf(cp, "0");
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:835:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					cp += strlen(cp);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:845:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					cp += strlen(cp);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:851:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					cp += strlen(cp);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:879:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				cp += strlen(cp);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:898:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				cp += strlen(cp);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:906:4:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
			strcpy(cp, "@");
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:926:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				cp += strlen(cp);
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/interval.c:1029:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(str) > MAXDATELEN)
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/numeric.c:196:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (alloc_var(dest, strlen((*ptr))) < 0)
data/postgresql-12-12.4/src/interfaces/ecpg/pgtypeslib/timestamp.c:221:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(str) > MAXDATELEN)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/c_keywords.c:47:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(str);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/descriptor.c:26:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	new->variable = mm_alloc(strlen(var) + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/descriptor.c:86:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	new->name = mm_alloc(strlen(name) + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/descriptor.c:90:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		new->connection = mm_alloc(strlen(connection) + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/ecpg.c:211:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				else if (strncmp(optarg, "ORACLE", strlen("ORACLE")) == 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/ecpg.c:285:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				input_filename = mm_alloc(strlen("stdin") + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/ecpg.c:291:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				input_filename = mm_alloc(strlen(argv[fnr]) + 5);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/ecpg.c:301:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					ptr2ext = input_filename + strlen(input_filename);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/ecpg.c:320:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					output_filename = mm_alloc(strlen(input_filename) + 3);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/output.c:104:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		char	   *line = mm_alloc(strlen("\n#line %d \"%s\"\n") + sizeof(int) * CHAR_BIT * 10 / 3 + strlen(input_filename) * 2);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/output.c:104:94:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		char	   *line = mm_alloc(strlen("\n#line %d \"%s\"\n") + sizeof(int) * CHAR_BIT * 10 / 3 + strlen(input_filename) * 2);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/output.c:110:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		dest = line + strlen(line);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/output.c:212:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			len = strlen(str);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/pgc.c:2531:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			     (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/pgc.c:3919:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					for (i = strlen(yytext)-2;
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/pgc.c:4178:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						for (i = strlen(yytext)-2;
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/pgc.c:5125:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return yy_scan_bytes( yystr, (int) strlen(yystr) );
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/pgc.c:5480:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (i = strlen(yytext)-2;
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/pgc.c:5498:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		memmove(yytext, yytext+1, strlen(yytext));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/pgc.c:5504:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(inc_file) <= 2 || strcmp(inc_file + strlen(inc_file) - 2, ".h") != 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/pgc.c:5504:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(inc_file) <= 2 || strcmp(inc_file + strlen(inc_file) - 2, ".h") != 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/pgc.c:5517:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			memmove(yytext, yytext+1, strlen(yytext));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/pgc.c:5522:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(ip->path) + strlen(yytext) + 4 > MAXPGPATH)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/pgc.c:5522:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(ip->path) + strlen(yytext) + 4 > MAXPGPATH)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/pgc.c:5531:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (strcmp(inc_file + strlen(inc_file) - 2, ".h") != 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:213:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char * res_str	= (char *)mm_alloc(strlen(str1) + strlen(str2) + 2);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:213:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char * res_str	= (char *)mm_alloc(strlen(str1) + strlen(str2) + 2);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:216:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(str1) != 0 && strlen(str2) != 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:216:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(str1) != 0 && strlen(str2) != 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:217:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(res_str, " ");
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:247:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char * res_str	= (char *)mm_alloc(strlen(str1) + strlen(str2) + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:247:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char * res_str	= (char *)mm_alloc(strlen(str1) + strlen(str2) + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:259:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char * res_str	= (char *)mm_alloc(strlen(str1) + strlen(str2) +strlen(str3) + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:259:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char * res_str	= (char *)mm_alloc(strlen(str1) + strlen(str2) +strlen(str3) + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:259:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char * res_str	= (char *)mm_alloc(strlen(str1) + strlen(str2) +strlen(str3) + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:311:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	result[strlen(result)-3] = '\0';
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:359:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					 && (strncmp(ptr->variable->name, "ECPGprepared_statement", strlen("ECPGprepared_statement")) == 0))
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:33876:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#   define yystrlen strlen
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:34606:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (pg_strcasecmp((yyvsp[0].str)+strlen("close "), "database") == 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:34849:87:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    { output_simple_statement((yyvsp[0].str), (strncmp((yyvsp[0].str), "ECPGset_var", strlen("ECPGset_var")) == 0) ? 4 : 0); }
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:34952:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ((yyvsp[0].exec).type == NULL || strlen((yyvsp[0].exec).type) == 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:34966:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				str[strlen(str) - 1] = '\0';
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:34967:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				sprintf(length, "%d", (int) strlen(str));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:35053:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		else if (strlen((yyvsp[0].prep).type) == 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:35069:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				str[strlen(str) - 1] = '\0';
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:35070:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				sprintf(length, "%d", (int) strlen(str));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:35230:84:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		 output_simple_statement((yyvsp[0].str), (strncmp((yyvsp[0].str), "ECPGset_var", strlen("ECPGset_var")) == 0) ? 4 : 0);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:47496:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			char *curname = mm_alloc(strlen((yyvsp[0].str)) + 2);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:56220:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen((yyvsp[-1].str)) > 0 && *((yyvsp[-1].str)) != '@')
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:56236:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strncmp((yyvsp[-6].str), "unix:postgresql", strlen("unix:postgresql")) != 0 && strncmp((yyvsp[-6].str), "tcp:postgresql", strlen("tcp:postgresql")) != 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:56236:130:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strncmp((yyvsp[-6].str), "unix:postgresql", strlen("unix:postgresql")) != 0 && strncmp((yyvsp[-6].str), "tcp:postgresql", strlen("tcp:postgresql")) != 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:56239:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strncmp((yyvsp[-4].str), "//", strlen("//")) != 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:56242:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strncmp((yyvsp[-6].str), "unix", strlen("unix")) == 0 &&
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:56243:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncmp((yyvsp[-4].str) + strlen("//"), "localhost", strlen("localhost")) != 0 &&
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:56243:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncmp((yyvsp[-4].str) + strlen("//"), "localhost", strlen("localhost")) != 0 &&
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:56244:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncmp((yyvsp[-4].str) + strlen("//"), "127.0.0.1", strlen("127.0.0.1")) != 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:56244:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncmp((yyvsp[-4].str) + strlen("//"), "127.0.0.1", strlen("127.0.0.1")) != 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:56245:122:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				mmerror(PARSE_ERROR, ET_ERROR, "Unix-domain sockets only work on \"localhost\" but not on \"%s\"", (yyvsp[-4].str) + strlen("//"));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:56267:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(yyvsp[0].str)[strlen((yyvsp[0].str))-1] = '\"';
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:56479:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen((yyvsp[-1].str)) == 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:56507:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (strlen((yyvsp[-1].str)) == 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:56545:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if ((yyvsp[0].str)[0] == '\"' && (yyvsp[0].str)[strlen((yyvsp[0].str))-1] == '\"') /* already quoted? */
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:56551:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				for (i = 0; i< strlen((yyvsp[0].str)); i++)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:56602:89:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			thisquery->name = (char *) mm_alloc(sizeof("ECPGprepared_statement(, , __LINE__)") + strlen(con) + strlen((yyvsp[0].str)));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:56602:103:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			thisquery->name = (char *) mm_alloc(sizeof("ECPGprepared_statement(, , __LINE__)") + strlen(con) + strlen((yyvsp[0].str)));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:56986:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen((yyvsp[0].str)) != 0 && strcmp ((yyvsp[-1].str), "datetime") != 0 && strcmp ((yyvsp[-1].str), "interval") != 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57090:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (this->type->type_sizeof && strlen(this->type->type_sizeof) != 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57459:155:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			adjust_array(actual_type[struct_level].type_enum, &dimension, &length, actual_type[struct_level].type_dimension, actual_type[struct_level].type_index, strlen((yyvsp[-4].str)), false);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57512:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						int i = strlen((yyvsp[0].str));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57747:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			sprintf(length, "%d", (int) strlen((yyvsp[0].str)));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57824:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(yyval.str) = (char *) mm_alloc(sizeof("1, , ") + strlen(con) + strlen((yyvsp[-1].str)));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57824:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(yyval.str) = (char *) mm_alloc(sizeof("1, , ") + strlen(con) + strlen((yyvsp[-1].str)));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57840:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(yyval.str) = (char *) mm_alloc(sizeof("0, , ") + strlen(con) + strlen((yyvsp[-1].str)));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57840:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(yyval.str) = (char *) mm_alloc(sizeof("0, , ") + strlen(con) + strlen((yyvsp[-1].str)));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57850:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(yyval.str) = (char *) mm_alloc(sizeof("0, , ") + strlen(con) + strlen((yyvsp[-1].str)));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57850:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(yyval.str) = (char *) mm_alloc(sizeof("0, , ") + strlen(con) + strlen((yyvsp[-1].str)));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57861:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(yyval.str) = (char *) mm_alloc(sizeof("1, , ") + strlen(con) + strlen((yyvsp[-1].str)));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57861:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(yyval.str) = (char *) mm_alloc(sizeof("1, , ") + strlen(con) + strlen((yyvsp[-1].str)));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57871:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(yyval.str) = (char *) mm_alloc(sizeof("0, , ") + strlen(con) + strlen((yyvsp[-1].str)));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57871:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(yyval.str) = (char *) mm_alloc(sizeof("0, , ") + strlen(con) + strlen((yyvsp[-1].str)));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57938:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			sprintf(length, "%d", (int) strlen((yyvsp[0].str)));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:57990:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			sprintf(length, "%d", (int) strlen((yyvsp[0].str)));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:58011:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			sprintf(length, "%d", (int) strlen(var));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:58024:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			sprintf(length, "%d", (int) strlen(var));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:58037:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			var[strlen(var) - 1] = '\0';
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:58038:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			sprintf(length, "%d", (int) strlen(var));
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:59127:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(yyval.str) = (char *)mm_alloc(strlen((yyvsp[0].str)) + 3);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:59130:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(yyval.str)[strlen((yyvsp[0].str))+1]='\'';
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:59131:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(yyval.str)[strlen((yyvsp[0].str))+2]='\0';
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:59140:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(yyval.str) = (char *)mm_alloc(strlen((yyvsp[0].str)) + 4);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:59144:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(yyval.str)[strlen((yyvsp[0].str))+2]='\'';
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:59145:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(yyval.str)[strlen((yyvsp[0].str))+3]='\0';
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:59154:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(yyval.str) = (char *)mm_alloc(strlen((yyvsp[0].str)) + 4);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:59158:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(yyval.str)[strlen((yyvsp[0].str))+2]='\'';
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/preproc.c:59159:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(yyval.str)[strlen((yyvsp[0].str))+3]='\0';
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:427:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		char	   *variable = (char *) mm_alloc(strlen(name) + ((prefix == NULL) ? 0 : strlen(prefix)) + 4);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:427:80:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		char	   *variable = (char *) mm_alloc(strlen(name) + ((prefix == NULL) ? 0 : strlen(prefix)) + 4);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:428:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		char	   *offset = (char *) mm_alloc(strlen(name) + strlen("sizeof(struct varchar_)") + 1 + strlen(varcharsize) + sizeof(int) * CHAR_BIT * 10 / 3);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:428:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		char	   *offset = (char *) mm_alloc(strlen(name) + strlen("sizeof(struct varchar_)") + 1 + strlen(varcharsize) + sizeof(int) * CHAR_BIT * 10 / 3);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:428:94:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		char	   *offset = (char *) mm_alloc(strlen(name) + strlen("sizeof(struct varchar_)") + 1 + strlen(varcharsize) + sizeof(int) * CHAR_BIT * 10 / 3);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:562:4:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
			strcpy(arrsize, "1");
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:568:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (size == NULL || strlen(size) == 0)
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:589:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char	   *pbuf = (char *) mm_alloc(strlen(name) + ((prefix == NULL) ? 0 : strlen(prefix)) + 3);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:589:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char	   *pbuf = (char *) mm_alloc(strlen(name) + ((prefix == NULL) ? 0 : strlen(prefix)) + 3);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:590:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char	   *ind_pbuf = (char *) mm_alloc(strlen(ind_name) + ((ind_prefix == NULL) ? 0 : strlen(ind_prefix)) + 3);
data/postgresql-12-12.4/src/interfaces/ecpg/preproc/type.c:590:87:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char	   *ind_pbuf = (char *) mm_alloc(strlen(ind_name) + ((ind_prefix == NULL) ? 0 : strlen(ind_prefix)) + 3);
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_informix/dec_test.pgc:51:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		r = deccvasc(decs[i], strlen(decs[i]), dec);
data/postgresql-12-12.4/src/interfaces/ecpg/test/compat_oracle/char_array.pgc:48:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(shortstr, ppppp, sizeof shortstr);
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-dec_test.c:45:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	vallen = strlen(convert);
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_informix-dec_test.c:104:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		r = deccvasc(decs[i], strlen(decs[i]), dec);
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/compat_oracle-char_array.c:160:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(shortstr, ppppp, sizeof shortstr);
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/pgtypeslib-dt_test.c:142:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	out = (char*) malloc(strlen(fmt) + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/pgtypeslib-dt_test2.c:140:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				int length = strlen(dates[i])
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/pgtypeslib-dt_test2.c:142:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						+ strlen(times[j])
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/pgtypeslib-num_test.c:41:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	vallen = strlen(convert);
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/pgtypeslib-num_test2.c:42:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	vallen = strlen(convert);
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-cursor.c:668:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	curname4.len = strlen(CURNAME);
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/preproc-define.c:144:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(n, name[i],  8);
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-desc.c:150:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ECPGt_const,"2",(long)1,(long)1,strlen("2"), ECPGd_EODT);
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-desc.c:177:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ECPGt_const,"3",(long)1,(long)1,strlen("3"), ECPGd_EODT);
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-desc.c:185:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ECPGt_const,"this is a long test",(long)19,(long)1,strlen("this is a long test"), ECPGd_indicator,
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-desc.c:291:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ECPGt_const,"2",(long)1,(long)1,strlen("2"), ECPGd_EODT);
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-execute.c:179:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(n, name[i], 8);
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-execute.c:211:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ECPGt_const,"1",(long)1,(long)1,strlen("1"), 
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-execute.c:246:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(n, name[i], 8);
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-execute.c:272:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ECPGt_const,"2",(long)1,(long)1,strlen("2"), 
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-execute.c:301:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(n, name[i], 8);
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-fetch.c:180:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ECPGt_const,"1",(long)1,(long)1,strlen("1"), 
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-oldexec.c:170:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(n, name[i], 8);
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-oldexec.c:196:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ECPGt_const,"1",(long)1,(long)1,strlen("1"), 
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-oldexec.c:221:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(n, name[i], 8);
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-prepareas.c:342:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ECPGt_const,"ident_name",(long)10,(long)1,strlen("ident_name"), 
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-prepareas.c:351:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ECPGt_const,"ident_name",(long)10,(long)1,strlen("ident_name"), 
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-prepareas.c:379:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ECPGt_const,"normal_name",(long)11,(long)1,strlen("normal_name"), 
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-prepareas.c:388:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ECPGt_const,"normal_name",(long)11,(long)1,strlen("normal_name"), 
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-prepareas.c:416:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ECPGt_const,"include_ _name",(long)14,(long)1,strlen("include_ _name"), 
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-prepareas.c:425:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ECPGt_const,"include_ _name",(long)14,(long)1,strlen("include_ _name"), 
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-prepareas.c:596:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ECPGt_const,"ident_name",(long)10,(long)1,strlen("ident_name"), 
data/postgresql-12-12.4/src/interfaces/ecpg/test/expected/sql-prepareas.c:631:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ECPGt_const,"include_ _name",(long)14,(long)1,strlen("include_ _name"), 
data/postgresql-12-12.4/src/interfaces/ecpg/test/pgtypeslib/dt_test.pgc:68:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	out = (char*) malloc(strlen(fmt) + 1);
data/postgresql-12-12.4/src/interfaces/ecpg/test/pgtypeslib/dt_test2.pgc:105:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				int length = strlen(dates[i])
data/postgresql-12-12.4/src/interfaces/ecpg/test/pgtypeslib/dt_test2.pgc:107:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						+ strlen(times[j])
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/cursor.pgc:196:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	curname4.len = strlen(CURNAME);
data/postgresql-12-12.4/src/interfaces/ecpg/test/preproc/define.pgc:53:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(n, name[i], NAMELEN);
data/postgresql-12-12.4/src/interfaces/ecpg/test/printf_hack.h:14:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	vallen = strlen(convert);
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/execute.pgc:62:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(n, name[i], 8);
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/execute.pgc:84:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(n, name[i], 8);
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/execute.pgc:103:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(n, name[i], 8);
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/oldexec.pgc:61:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(n, name[i], 8);
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/oldexec.pgc:80:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(n, name[i], 8);
data/postgresql-12-12.4/src/interfaces/ecpg/test/sql/show.pgc:34:44:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  EXEC SQL SET TRANSACTION ISOLATION LEVEL read committed;
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth-scram.c:186:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (inputlen != strlen(input))
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth-scram.c:202:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			*outputlen = strlen(*output);
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth-scram.c:216:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			*outputlen = strlen(*output);
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth-scram.c:443:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cbind_header_len = strlen("p=tls-server-end-point,,");
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth-scram.c:551:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(nonce) < strlen(state->client_nonce) ||
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth-scram.c:551:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(nonce) < strlen(state->client_nonce) ||
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth-scram.c:552:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		memcmp(nonce, state->client_nonce, strlen(state->client_nonce)) != 0)
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth-scram.c:573:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	state->salt = malloc(pg_b64_dec_len(strlen(encoded_salt)));
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth-scram.c:581:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
								   strlen(encoded_salt),
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth-scram.c:655:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	server_signature_len = pg_b64_dec_len(strlen(encoded_server_signature));
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth-scram.c:665:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
										 strlen(encoded_server_signature),
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth-scram.c:708:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					  strlen(state->client_first_message_bare));
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth-scram.c:712:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					  strlen(state->server_first_message));
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth-scram.c:716:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					  strlen(client_final_message_without_proof));
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth-scram.c:740:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					  strlen(state->client_first_message_bare));
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth-scram.c:744:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					  strlen(state->server_first_message));
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth-scram.c:748:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					  strlen(state->client_final_message_without_proof));
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth.c:392:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	conn->sspitarget = malloc(strlen(conn->krbsrvname) + strlen(host) + 2);
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth.c:392:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	conn->sspitarget = malloc(strlen(conn->krbsrvname) + strlen(host) + 2);
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth.c:746:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
									strlen(conn->pguser), crypt_pwd2))
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth.c:751:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (!pg_md5_encrypt(crypt_pwd2 + strlen("md5"), md5Salt,
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth.c:769:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ret = pqPacketSend(conn, 'p', pwd_to_send, strlen(pwd_to_send) + 1);
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth.c:771:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ret = pqPacketSend(conn, 0, pwd_to_send, strlen(pwd_to_send) + 1);
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth.c:1078:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!pg_md5_encrypt(passwd, user, strlen(user), crypt_pwd))
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth.c:1149:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(val) > MAX_ALGORITHM_NAME_LEN)
data/postgresql-12-12.4/src/interfaces/libpq/fe-auth.c:1183:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!pg_md5_encrypt(passwd, user, strlen(user), crypt_pwd))
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:1627:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strlen(host_addr) > 0 &&
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:2334:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (strlen(portstr) >= UNIXSOCK_PATH_BUFLEN)
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:2452:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if (strlen(host_addr) > 0)
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:3356:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				conn->errorMessage.len = strlen(conn->errorMessage.data);
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:3773:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(conn->last_sqlstate) != 5)
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:4338:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	maxlen = errbufsize - strlen(errbuf) - 2;
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:4341:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(errbuf, SOCK_STRERROR(SOCK_ERRNO, sebuf, sizeof(sebuf)),
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:4343:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(errbuf, "\n");
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:4399:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		conn->errorMessage.len = strlen(conn->errorMessage.data);
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:4408:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		conn->errorMessage.len = strlen(conn->errorMessage.data);
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:4527:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (pg_strncasecmp(url, LDAP_URL, strlen(LDAP_URL)) != 0)
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:4536:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	hostname = url + strlen(LDAP_URL);
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:4541:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	p = strchr(url + strlen(LDAP_URL), '/');
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:4842:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					optval = optname + strlen(optname); /* empty */
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:5033:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(line) >= sizeof(buf) - 1)
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:5044:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(line);
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:5067:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strncmp(line + 1, service, strlen(service)) == 0 &&
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:5068:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				line[strlen(service) + 1] == ']')
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:6183:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	buf = malloc(strlen(str) + 1);
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:6670:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (sizeof(qbuf) < (sizeof(query) + strlen(encoding)))
data/postgresql-12-12.4/src/interfaces/libpq/fe-connect.c:6921:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(buf);
data/postgresql-12-12.4/src/interfaces/libpq/fe-exec.c:416:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		msize += strlen(events[i].name) + 1;
data/postgresql-12-12.4/src/interfaces/libpq/fe-exec.c:649:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char	   *space = (char *) pqResultAlloc(res, strlen(str) + 1, false);
data/postgresql-12-12.4/src/interfaces/libpq/fe-exec.c:905:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	res->errMsg = (char *) pqResultAlloc(res, strlen(msgBuf) + 2, false);
data/postgresql-12-12.4/src/interfaces/libpq/fe-exec.c:1001:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					  strlen(value) + 1,
data/postgresql-12-12.4/src/interfaces/libpq/fe-exec.c:1046:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
										   strlen(name) + strlen(value) + 2);
data/postgresql-12-12.4/src/interfaces/libpq/fe-exec.c:1046:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
										   strlen(name) + strlen(value) + 2);
data/postgresql-12-12.4/src/interfaces/libpq/fe-exec.c:1054:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ptr += strlen(name) + 1;
data/postgresql-12-12.4/src/interfaces/libpq/fe-exec.c:1608:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				nbytes = strlen(paramValues[i]);
data/postgresql-12-12.4/src/interfaces/libpq/fe-exec.c:2588:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return PQputnbytes(conn, s, strlen(s));
data/postgresql-12-12.4/src/interfaces/libpq/fe-exec.c:3764:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strtextlen = strlen((const char *) strtext);
data/postgresql-12-12.4/src/interfaces/libpq/fe-gssapi-common.c:106:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	maxlen = NI_MAXHOST + strlen(conn->krbsrvname) + 2;
data/postgresql-12-12.4/src/interfaces/libpq/fe-gssapi-common.c:116:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	temp_gbuf.length = strlen(temp_gbuf.value);
data/postgresql-12-12.4/src/interfaces/libpq/fe-lobj.c:737:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	while ((nbytes = read(fd, buf, LO_BUFSIZE)) > 0)
data/postgresql-12-12.4/src/interfaces/libpq/fe-misc.c:181:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (pqPutMsgBytes(s, strlen(s) + 1, conn))
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:86:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int			fs_len = strlen(po->fieldSep);
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:137:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = s ? strlen(s) : 0;
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:145:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		total_line_length += nFields * strlen(po->fieldSep) + 1;
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:178:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strspn(pagerenv, " \t\r\n") != strlen(pagerenv) &&
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:235:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					len += strlen(s) + fs_len;
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:510:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			int			n = strlen(s);
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:617:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			fLength[j] = strlen(PQfname(res, j));
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:635:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				fill(strlen(PQfname(res, i)), fLength[i], ' ', fp);
data/postgresql-12-12.4/src/interfaces/libpq/fe-print.c:657:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				fill(strlen(PQgetvalue(res, i, j)), fLength[j], ' ', fp);
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol2.c:1137:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	nmlen = strlen(conn->workBuffer.data);
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol2.c:1610:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(startpacket->user, conn->pguser, SM_USER);
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol2.c:1611:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(startpacket->database, conn->dbName, SM_DATABASE);
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol2.c:1612:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(startpacket->tty, conn->pgtty, SM_TTY);
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol2.c:1615:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(startpacket->options, conn->pgoptions, SM_OPTIONS);
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol3.c:1199:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	slen = strlen(wquery) + 1;
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol3.c:1444:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	nmlen = strlen(svname);
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol3.c:1445:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	extralen = strlen(conn->workBuffer.data);
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol3.c:2173:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		packet_len += strlen(optname) + 1; \
data/postgresql-12-12.4/src/interfaces/libpq/fe-protocol3.c:2176:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		packet_len += strlen(optval) + 1; \
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-common.c:45:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			lenpat = strlen(pattern);
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-common.c:46:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			lenstr = strlen(string);
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-common.c:120:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (namelen != strlen(name))
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-openssl.c:794:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!(conn->sslcert && strlen(conn->sslcert) > 0) ||
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-openssl.c:795:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		!(conn->sslkey && strlen(conn->sslkey) > 0) ||
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-openssl.c:796:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		!(conn->sslrootcert && strlen(conn->sslrootcert) > 0) ||
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-openssl.c:797:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		!(conn->sslcrl && strlen(conn->sslcrl) > 0))
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-openssl.c:835:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (conn->sslrootcert && strlen(conn->sslrootcert) > 0)
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-openssl.c:861:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (conn->sslcrl && strlen(conn->sslcrl) > 0)
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-openssl.c:921:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (conn->sslcert && strlen(conn->sslcert) > 0)
data/postgresql-12-12.4/src/interfaces/libpq/fe-secure-openssl.c:1009:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (have_cert && conn->sslkey && strlen(conn->sslkey) > 0)
data/postgresql-12-12.4/src/interfaces/libpq/pqexpbuffer.c:371:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	appendBinaryPQExpBuffer(str, data, strlen(data));
data/postgresql-12-12.4/src/interfaces/libpq/win32.c:321:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		offs = strlen(strerrbuf);
data/postgresql-12-12.4/src/interfaces/libpq/win32.h:13:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define read(a,b,c) _read(a,b,c)
data/postgresql-12-12.4/src/pl/plperl/plperl.c:1068:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			len = strlen(res);
data/postgresql-12-12.4/src/pl/plperl/plperl.c:3147:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pg_verifymbstr(query, strlen(query), false);
data/postgresql-12-12.4/src/pl/plperl/plperl.c:3418:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pg_verifymbstr(query, strlen(query), false);
data/postgresql-12-12.4/src/pl/plperl/plperl.c:3632:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pg_verifymbstr(query, strlen(query), false);
data/postgresql-12-12.4/src/pl/plperl/plperl.c:4084:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	hkey = pg_server_to_any(key, strlen(key), PG_UTF8);
data/postgresql-12-12.4/src/pl/plperl/plperl.c:4090:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	hlen = -(int) strlen(hkey);
data/postgresql-12-12.4/src/pl/plperl/plperl.c:4111:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	hkey = pg_server_to_any(key, strlen(key), PG_UTF8);
data/postgresql-12-12.4/src/pl/plperl/plperl.c:4114:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	hlen = -(int) strlen(hkey);
data/postgresql-12-12.4/src/pl/plperl/plperl_helpers.h:38:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ret = pg_server_to_any(str, strlen(str), PG_UTF8);
data/postgresql-12-12.4/src/pl/plperl/ppport.h:5160:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  sv_vsetpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*));
data/postgresql-12-12.4/src/pl/plperl/ppport.h:5168:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#  define sv_vcatpvf(sv, pat, args)  sv_vcatpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*))
data/postgresql-12-12.4/src/pl/plperl/ppport.h:5172:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#  define sv_vsetpvf(sv, pat, args)  sv_vsetpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*))
data/postgresql-12-12.4/src/pl/plperl/ppport.h:5192:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  sv_vcatpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*));
data/postgresql-12-12.4/src/pl/plperl/ppport.h:5220:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  sv_vcatpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*));
data/postgresql-12-12.4/src/pl/plperl/ppport.h:5241:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
     sv_vcatpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*));  \
data/postgresql-12-12.4/src/pl/plperl/ppport.h:5263:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  sv_vsetpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*));
data/postgresql-12-12.4/src/pl/plperl/ppport.h:5291:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  sv_vsetpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*));
data/postgresql-12-12.4/src/pl/plperl/ppport.h:5312:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
     sv_vsetpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*));  \
data/postgresql-12-12.4/src/pl/plperl/ppport.h:5360:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#  define HvNAMELEN_get(hv)              (HvNAME_get(hv) ? (I32)strlen(HvNAME_get(hv)) : 0)
data/postgresql-12-12.4/src/pl/plperl/ppport.h:6144:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        STRLEN len = strlen(radix);
data/postgresql-12-12.4/src/pl/plperl/ppport.h:6728:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return strlen(buffer);
data/postgresql-12-12.4/src/pl/plperl/ppport.h:6768:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    used = strlen(dst);
data/postgresql-12-12.4/src/pl/plperl/ppport.h:6769:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    length = strlen(src);
data/postgresql-12-12.4/src/pl/plperl/ppport.h:6798:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    length = strlen(src);
data/postgresql-12-12.4/src/pl/plpgsql/src/pl_comp.c:2193:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(condname) == 5 &&
data/postgresql-12-12.4/src/pl/plpgsql/src/pl_funcs.c:102:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	nse = palloc(offsetof(PLpgSQL_nsitem, name) + strlen(name) + 1);
data/postgresql-12-12.4/src/pl/plpgsql/src/pl_gram.c:1638:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#   define yystrlen strlen
data/postgresql-12-12.4/src/pl/plpgsql/src/pl_gram.c:2404:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						cp2 = buf + strlen(buf);
data/postgresql-12-12.4/src/pl/plpgsql/src/pl_gram.c:3998:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
									if (strlen(sqlstatestr) != 5)
data/postgresql-12-12.4/src/pl/plpgsql/src/pl_gram.c:4585:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
								if (strlen(sqlstatestr) != 5)
data/postgresql-12-12.4/src/pl/plpgsql/src/pl_gram.c:5175:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		check_sql_expr(expr->query, startlocation, strlen(sqlstart));
data/postgresql-12-12.4/src/pl/plpgsql/src/pl_gram.c:6267:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		argv[argpos] = item->query + strlen(sqlstart);
data/postgresql-12-12.4/src/pl/plpgsql/src/pl_scanner.c:327:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		auxdata->leng = strlen(yytext);
data/postgresql-12-12.4/src/pl/plpython/plpy_cursorobject.c:114:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pg_verifymbstr(query, strlen(query), false);
data/postgresql-12-12.4/src/pl/plpython/plpy_elog.c:392:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(buffer) == 5 &&
data/postgresql-12-12.4/src/pl/plpython/plpy_plpymodule.c:510:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(sqlstatestr) != 5)
data/postgresql-12-12.4/src/pl/plpython/plpy_plpymodule.c:533:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			pg_verifymbstr(message, strlen(message), false);
data/postgresql-12-12.4/src/pl/plpython/plpy_plpymodule.c:535:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			pg_verifymbstr(detail, strlen(detail), false);
data/postgresql-12-12.4/src/pl/plpython/plpy_plpymodule.c:537:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			pg_verifymbstr(hint, strlen(hint), false);
data/postgresql-12-12.4/src/pl/plpython/plpy_plpymodule.c:539:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			pg_verifymbstr(schema_name, strlen(schema_name), false);
data/postgresql-12-12.4/src/pl/plpython/plpy_plpymodule.c:541:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			pg_verifymbstr(table_name, strlen(table_name), false);
data/postgresql-12-12.4/src/pl/plpython/plpy_plpymodule.c:543:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			pg_verifymbstr(column_name, strlen(column_name), false);
data/postgresql-12-12.4/src/pl/plpython/plpy_plpymodule.c:545:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			pg_verifymbstr(datatype_name, strlen(datatype_name), false);
data/postgresql-12-12.4/src/pl/plpython/plpy_plpymodule.c:547:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			pg_verifymbstr(constraint_name, strlen(constraint_name), false);
data/postgresql-12-12.4/src/pl/plpython/plpy_procedure.c:446:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	mlen = (strlen(src) * 2) + strlen(name) + 16;
data/postgresql-12-12.4/src/pl/plpython/plpy_procedure.c:446:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	mlen = (strlen(src) * 2) + strlen(name) + 16;
data/postgresql-12-12.4/src/pl/plpython/plpy_spi.c:130:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pg_verifymbstr(query, strlen(query), false);
data/postgresql-12-12.4/src/pl/plpython/plpy_spi.c:330:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pg_verifymbstr(query, strlen(query), false);
data/postgresql-12-12.4/src/pl/plpython/plpy_typeio.c:1067:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	slen = strlen(plrv_sc);
data/postgresql-12-12.4/src/pl/plpython/plpy_util.c:57:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
									   strlen(utf8string),
data/postgresql-12-12.4/src/pl/plpython/plpy_util.c:71:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	rv = PyBytes_FromStringAndSize(encoded, strlen(encoded));
data/postgresql-12-12.4/src/pl/plpython/plpy_util.c:131:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return PLyUnicode_FromStringAndSize(s, strlen(s));
data/postgresql-12-12.4/src/pl/tcl/pltcl.c:76:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return pg_any_to_server(src, strlen(src), PG_UTF8);
data/postgresql-12-12.4/src/pl/tcl/pltcl.c:82:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return pg_server_to_any(src, strlen(src), PG_UTF8);
data/postgresql-12-12.4/src/pl/tcl/pltcl.c:1605:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
					strcat(proc_internal_args, " ");
data/postgresql-12-12.4/src/pl/tcl/pltcl.c:2757:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(nulls) != qdesc->nargs)
data/postgresql-12-12.4/src/port/chklocale.c:271:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ln = strlen(codepage);
data/postgresql-12-12.4/src/port/chklocale.c:414:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(sys) == 0)
data/postgresql-12-12.4/src/port/dirent.c:57:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	d->dirname = malloc(strlen(dirname) + 4);
data/postgresql-12-12.4/src/port/dirent.c:65:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (d->dirname[strlen(d->dirname) - 1] != '/' &&
data/postgresql-12-12.4/src/port/dirent.c:66:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		d->dirname[strlen(d->dirname) - 1] != '\\')
data/postgresql-12-12.4/src/port/dirent.c:67:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(d->dirname, "\\");	/* Append backslash if not already there */
data/postgresql-12-12.4/src/port/dirent.c:68:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(d->dirname, "*");	/* Search for entries named anything */
data/postgresql-12-12.4/src/port/dirent.c:107:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	d->ret.d_namlen = strlen(d->ret.d_name);
data/postgresql-12-12.4/src/port/dirmod.c:185:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(nativeTarget) * sizeof(WCHAR);
data/postgresql-12-12.4/src/port/dirmod.c:333:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		memmove(buf, buf + 4, strlen(buf + 4) + 1);
data/postgresql-12-12.4/src/port/getopt_long.c:108:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (strlen(longopts[i].name) == namelen
data/postgresql-12-12.4/src/port/inet_net_ntop.c:51:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define SPRINTF(x) strlen(sprintf/**/x)
data/postgresql-12-12.4/src/port/inet_net_ntop.c:272:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			tp += strlen(tp);
data/postgresql-12-12.4/src/port/path.c:236:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		snprintf(ret_path + strlen(ret_path), MAXPGPATH - strlen(ret_path),
data/postgresql-12-12.4/src/port/path.c:236:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		snprintf(ret_path + strlen(ret_path), MAXPGPATH - strlen(ret_path),
data/postgresql-12-12.4/src/port/path.c:324:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int			len = strlen(spath);
data/postgresql-12-12.4/src/port/path.c:348:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
				strcpy(spath, ".");
data/postgresql-12-12.4/src/port/path.c:382:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	path_len = strlen(path);
data/postgresql-12-12.4/src/port/path.c:440:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			path1_len = strlen(path1);
data/postgresql-12-12.4/src/port/path.c:477:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(progname) > sizeof(EXE) - 1 &&
data/postgresql-12-12.4/src/port/path.c:478:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pg_strcasecmp(progname + strlen(progname) - (sizeof(EXE) - 1), EXE) == 0)
data/postgresql-12-12.4/src/port/path.c:479:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		progname[strlen(progname) - (sizeof(EXE) - 1)] = '\0';
data/postgresql-12-12.4/src/port/path.c:561:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	tail_len = strlen(bin_path) - prefix_len;
data/postgresql-12-12.4/src/port/path.c:574:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	tail_start = (int) strlen(ret_path) - tail_len;
data/postgresql-12-12.4/src/port/path.c:661:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		new = malloc(strlen(buf) + strlen(path) + 2);
data/postgresql-12-12.4/src/port/path.c:661:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		new = malloc(strlen(buf) + strlen(path) + 2);
data/postgresql-12-12.4/src/port/path.c:878:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (p = path + strlen(path) - 1; IS_DIR_SEP(*p) && p > path; p--)
data/postgresql-12-12.4/src/port/path.c:904:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	p = path + strlen(path);
data/postgresql-12-12.4/src/port/pg_strong_random.c:59:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		res = read(f, p, len);
data/postgresql-12-12.4/src/port/pgmkdirp.c:71:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(p) >= 2)
data/postgresql-12-12.4/src/port/pgmkdirp.c:103:11:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	oumask = umask(0);
data/postgresql-12-12.4/src/port/pgmkdirp.c:105:9:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	(void) umask(numask);
data/postgresql-12-12.4/src/port/pgmkdirp.c:120:11:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
			(void) umask(oumask);
data/postgresql-12-12.4/src/port/pgmkdirp.c:145:9:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	(void) umask(oumask);
data/postgresql-12-12.4/src/port/pread.c:56:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	return read(fd, buf, size);
data/postgresql-12-12.4/src/port/quotes.c:35:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			len = strlen(src),
data/postgresql-12-12.4/src/port/snprintf.c:443:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			dostr(strvalue, strlen(strvalue), target);
data/postgresql-12-12.4/src/port/snprintf.c:713:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					dostr(errm, strlen(errm), target);
data/postgresql-12-12.4/src/port/snprintf.c:982:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		vallen = strlen(value);
data/postgresql-12-12.4/src/port/sprompt.c:132:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	length = strlen(destination);
data/postgresql-12-12.4/src/port/sprompt.c:143:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			buflen = strlen(buf);
data/postgresql-12-12.4/src/port/strlcat.c:47:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		return (dlen + strlen(s));
data/postgresql-12-12.4/src/port/system.c:55:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t		cmdlen = strlen(command);
data/postgresql-12-12.4/src/port/system.c:88:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t		cmdlen = strlen(command);
data/postgresql-12-12.4/src/port/tar.c:115:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(filename) > 99)
data/postgresql-12-12.4/src/port/tar.c:118:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (linktarget && strlen(linktarget) > 99)
data/postgresql-12-12.4/src/port/tar.c:132:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int			flen = strlen(filename);
data/postgresql-12-12.4/src/port/unsetenv.c:41:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	envstr = (char *) malloc(strlen(name) + 2);
data/postgresql-12-12.4/src/port/unsetenv.c:50:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(envstr, "=");
data/postgresql-12-12.4/src/port/win32env.c:67:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(cp))
data/postgresql-12-12.4/src/port/win32env.c:118:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	envbuf = (char *) malloc(strlen(name) + 2);
data/postgresql-12-12.4/src/port/win32setlocale.c:136:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				match = strstr(match_start + strlen(needle_start), needle_end);
data/postgresql-12-12.4/src/port/win32setlocale.c:138:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					match_end = match + strlen(needle_end);
data/postgresql-12-12.4/src/port/win32setlocale.c:143:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				match_end = match_start + strlen(needle_start);
data/postgresql-12-12.4/src/port/win32setlocale.c:150:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			int			replacementlen = strlen(replacement);
data/postgresql-12-12.4/src/port/win32setlocale.c:152:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			int			restlen = strlen(rest);
data/postgresql-12-12.4/src/test/examples/testlo.c:64:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	while ((nbytes = read(fd, buf, BUFSIZE)) > 0)
data/postgresql-12-12.4/src/test/examples/testlo64.c:64:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	while ((nbytes = read(fd, buf, BUFSIZE)) > 0)
data/postgresql-12-12.4/src/test/isolation/specparse.c:771:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#   define yystrlen strlen
data/postgresql-12-12.4/src/test/isolation/specscanner.c:876:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			     (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/postgresql-12-12.4/src/test/isolation/specscanner.c:1897:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return yy_scan_bytes( yystr, (int) strlen(yystr) );
data/postgresql-12-12.4/src/test/modules/test_bloomfilter/test_bloomfilter.c:41:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		bloom_add_element(filter, (unsigned char *) element, strlen(element));
data/postgresql-12-12.4/src/test/modules/test_bloomfilter/test_bloomfilter.c:63:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
								 strlen(element)))
data/postgresql-12-12.4/src/test/modules/test_integerset/test_integerset.c:152:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	patternlen = strlen(spec->pattern_str);
data/postgresql-12-12.4/src/test/regress/pg_regress.c:453:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strcat(string, dup + (ptr - string) + strlen(replace));
data/postgresql-12-12.4/src/test/regress/pg_regress.c:528:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(*name) < 8)
data/postgresql-12-12.4/src/test/regress/pg_regress.c:530:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strcmp(*name + strlen(*name) - 7, ".source") != 0)
data/postgresql-12-12.4/src/test/regress/pg_regress.c:536:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		snprintf(prefix, strlen(*name) - 6, "%s", *name);
data/postgresql-12-12.4/src/test/regress/pg_regress.c:630:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		i = strlen(buf);
data/postgresql-12-12.4/src/test/regress/pg_regress.c:894:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	wp = ret = realloc(ret, 3 + strlen(raw) * 2);
data/postgresql-12-12.4/src/test/regress/pg_regress.c:1235:14:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	while ((c = fgetc(f)) != EOF)
data/postgresql-12-12.4/src/test/regress/pg_regress.c:1286:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int			ssize = strlen(expectfile) + 2 + 1;
data/postgresql-12-12.4/src/test/regress/pg_regress.c:1636:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		i = strlen(scbuf);
data/postgresql-12-12.4/src/test/regress/pg_regress.c:2191:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (strlen(optarg))
data/postgresql-12-12.4/src/test/regress/pg_regress.c:2592:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (i = strlen(buf); i > 0; i--)
data/postgresql-12-12.4/src/test/regress/pg_regress.c:2595:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (i = strlen(buf); i > 0; i--)
data/postgresql-12-12.4/src/test/regress/regress.c:418:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			sprintf(query + strlen(query), "$%d%s",
data/postgresql-12-12.4/src/timezone/localtime.c:242:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	nread = read(fid, up->buf, sizeof up->buf);
data/postgresql-12-12.4/src/timezone/localtime.c:454:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					int			tsabbrlen = strlen(tsabbr);
data/postgresql-12-12.4/src/timezone/localtime.c:957:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		stdlen = strlen(name);	/* length of standard zone name */
data/postgresql-12-12.4/src/timezone/pgtz.c:54:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strlcpy(tzdir + strlen(tzdir), "/timezone", MAXPGPATH - strlen(tzdir));
data/postgresql-12-12.4/src/timezone/pgtz.c:54:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strlcpy(tzdir + strlen(tzdir), "/timezone", MAXPGPATH - strlen(tzdir));
data/postgresql-12-12.4/src/timezone/pgtz.c:85:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	orignamelen = fullnamelen = strlen(fullname);
data/postgresql-12-12.4/src/timezone/pgtz.c:87:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (fullnamelen + 1 + strlen(name) >= MAXPGPATH)
data/postgresql-12-12.4/src/timezone/pgtz.c:125:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			fnamelen = strlen(fname);
data/postgresql-12-12.4/src/timezone/pgtz.c:131:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		fullnamelen += strlen(fullname + fullnamelen);
data/postgresql-12-12.4/src/timezone/pgtz.c:169:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(direntry->d_name) == fnamelen &&
data/postgresql-12-12.4/src/timezone/pgtz.c:244:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(name) > TZ_STRLEN_MAX)
data/postgresql-12-12.4/src/timezone/pgtz.c:333:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		snprintf(offsetstr + strlen(offsetstr),
data/postgresql-12-12.4/src/timezone/pgtz.c:334:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				 sizeof(offsetstr) - strlen(offsetstr),
data/postgresql-12-12.4/src/timezone/pgtz.c:338:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			snprintf(offsetstr + strlen(offsetstr),
data/postgresql-12-12.4/src/timezone/pgtz.c:339:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					 sizeof(offsetstr) - strlen(offsetstr),
data/postgresql-12-12.4/src/timezone/pgtz.c:404:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ret->baselen = strlen(startdir) + 1;
data/postgresql-12-12.4/src/timezone/zic.c:664:2:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	umask(umask(S_IWGRP | S_IWOTH) | (S_IWGRP | S_IWOTH));
data/postgresql-12-12.4/src/timezone/zic.c:664:8:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	umask(umask(S_IWGRP | S_IWOTH) | (S_IWGRP | S_IWOTH));
data/postgresql-12-12.4/src/timezone/zic.c:970:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_t		len = strlen(directory);
data/postgresql-12-12.4/src/timezone/zic.c:973:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		linksize = len + needslash + strlen(from) + 1;
data/postgresql-12-12.4/src/timezone/zic.c:984:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	taillen = strlen(f + dir_len);
data/postgresql-12-12.4/src/timezone/zic.c:1090:16:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			while ((c = getc(fp)) != EOF)
data/postgresql-12-12.4/src/timezone/zic.c:1118:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_t		n = strlen(name);
data/postgresql-12-12.4/src/timezone/zic.c:1449:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t		fieldlen = strlen(field);
data/postgresql-12-12.4/src/timezone/zic.c:1513:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (max_abbrvar_len < strlen(r.r_abbrvar))
data/postgresql-12-12.4/src/timezone/zic.c:1514:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		max_abbrvar_len = strlen(r.r_abbrvar);
data/postgresql-12-12.4/src/timezone/zic.c:1629:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (max_format_len < strlen(z.z_format))
data/postgresql-12-12.4/src/timezone/zic.c:1630:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		max_format_len = strlen(z.z_format);
data/postgresql-12-12.4/src/timezone/zic.c:1849:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ep = dp + strlen(dp) - 1;
data/postgresql-12-12.4/src/timezone/zic.c:2343:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		old0 = strlen(omittype);
data/postgresql-12-12.4/src/timezone/zic.c:2436:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				thischarcnt += strlen(thisabbr) + 1;
data/postgresql-12-12.4/src/timezone/zic.c:2667:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(abbr);
data/postgresql-12-12.4/src/timezone/zic.c:2943:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len += strlen(result + len);
data/postgresql-12-12.4/src/timezone/zic.c:3500:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	buf = emalloc(1 + 4 * strlen(yitcommand) + 2
data/postgresql-12-12.4/src/timezone/zic.c:3501:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				  + INT_STRLEN_MAXIMUM(zic_t) + 2 + 4 * strlen(type) + 2);
data/postgresql-12-12.4/src/timezone/zic.c:3784:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	array = emalloc(size_product(strlen(cp) + 1, sizeof *array));
data/postgresql-12-12.4/src/timezone/zic.c:3992:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	i = strlen(string) + 1;

ANALYSIS SUMMARY:

Hits = 7706
Lines analyzed = 1581027 in approximately 40.11 seconds (39417 lines/second)
Physical Source Lines of Code (SLOC) = 1025080
Hits@level = [0] 4844 [1] 2067 [2] 4463 [3] 250 [4] 903 [5]  23
Hits@level+ = [0+] 12550 [1+] 7706 [2+] 5639 [3+] 1176 [4+] 926 [5+]  23
Hits/KSLOC@level+ = [0+] 12.2429 [1+] 7.51746 [2+] 5.50103 [3+] 1.14723 [4+] 0.903344 [5+] 0.0224373
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.