Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/prefix-1.2.9/prefix.c FINAL RESULTS: data/prefix-1.2.9/prefix.c:770:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(out, "%s[%c-%c]", pr->prefix, pr->first, pr->last); data/prefix-1.2.9/prefix.c:774:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(out, "%s", pr->prefix); data/prefix-1.2.9/prefix.c:1336:9: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. cut = (random() % 2) ? (cut - lower_dist) : (cut + upper_dist); data/prefix-1.2.9/prefix.c:54:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[1]; /* this is a varlena structure, data follows */ data/prefix-1.2.9/prefix.c:128:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, a, i); data/prefix-1.2.9/prefix.c:143:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pr->prefix, prefix, s); data/prefix-1.2.9/prefix.c:172:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(prefix, pr->prefix, s-2); data/prefix-1.2.9/prefix.c:207:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pr->prefix, str, len); data/prefix-1.2.9/prefix.c:372:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(vdat), pr, (size - VARHDRSZ)); data/prefix-1.2.9/prefix.c:141:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int s = strlen(prefix) + 1; data/prefix-1.2.9/prefix.c:170:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int s = strlen(pr->prefix)+2; data/prefix-1.2.9/prefix.c:206:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(pr->prefix); data/prefix-1.2.9/prefix.c:224:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *prefix = (char *)palloc(strlen(str)+1); data/prefix-1.2.9/prefix.c:231:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bzero(prefix, strlen(str)+1); data/prefix-1.2.9/prefix.c:369:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = sizeof(prefix_range) + ((strlen(pr->prefix)+1)*sizeof(char)) + VARHDRSZ; data/prefix-1.2.9/prefix.c:400:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(pr->prefix); data/prefix-1.2.9/prefix.c:410:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int sa = strlen(a->prefix); data/prefix-1.2.9/prefix.c:411:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int sb = strlen(b->prefix); data/prefix-1.2.9/prefix.c:437:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int alen = strlen(a->prefix); data/prefix-1.2.9/prefix.c:438:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int blen = strlen(b->prefix); data/prefix-1.2.9/prefix.c:514:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(left->prefix); data/prefix-1.2.9/prefix.c:515:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sr = strlen(right->prefix); data/prefix-1.2.9/prefix.c:538:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int plen = strlen(pr->prefix); data/prefix-1.2.9/prefix.c:561:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int alen = strlen(a->prefix); data/prefix-1.2.9/prefix.c:562:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int blen = strlen(b->prefix); data/prefix-1.2.9/prefix.c:575:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gplen = strlen(gp); data/prefix-1.2.9/prefix.c:633:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int alen = strlen(a->prefix); data/prefix-1.2.9/prefix.c:634:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int blen = strlen(b->prefix); data/prefix-1.2.9/prefix.c:646:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gplen = strlen(gp); data/prefix-1.2.9/prefix.c:706:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(inter->prefix) > 0 || (inter->first != 0 && inter->last != 0); data/prefix-1.2.9/prefix.c:726:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int flen = t_first == NULL ? 0 : strlen(c_first); data/prefix-1.2.9/prefix.c:727:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int llen = t_last == NULL ? 0 : strlen(c_last); data/prefix-1.2.9/prefix.c:769:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out = (char *)palloc((strlen(pr->prefix)+6) * sizeof(char)); data/prefix-1.2.9/prefix.c:773:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out = (char *)palloc((strlen(pr->prefix)+1) * sizeof(char)); data/prefix-1.2.9/prefix.c:1104:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). olen = strlen(orig->prefix); data/prefix-1.2.9/prefix.c:1105:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlen = strlen(new->prefix); data/prefix-1.2.9/prefix.c:1107:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gplen = strlen(gp); data/prefix-1.2.9/prefix.c:1306:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( strlen(tmp_union->prefix) == 0 ) data/prefix-1.2.9/prefix.c:1319:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( strlen(tmp_union->prefix) == 0 ) data/prefix-1.2.9/prefix.c:1448:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gplen = strlen(gp->prefix); data/prefix-1.2.9/prefix.c:1701:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( strlen(tmp_union->prefix) > 0 ) { ANALYSIS SUMMARY: Hits = 41 Lines analyzed = 1878 in approximately 0.07 seconds (26888 lines/second) Physical Source Lines of Code (SLOC) = 1312 Hits@level = [0] 0 [1] 32 [2] 6 [3] 1 [4] 2 [5] 0 Hits@level+ = [0+] 41 [1+] 41 [2+] 9 [3+] 3 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 31.25 [1+] 31.25 [2+] 6.85976 [3+] 2.28659 [4+] 1.52439 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.