Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/python-aiohttp-3.6.2/aiohttp/_find_header.c
Examining data/python-aiohttp-3.6.2/aiohttp/_find_header.h
Examining data/python-aiohttp-3.6.2/aiohttp/_frozenlist.c
Examining data/python-aiohttp-3.6.2/aiohttp/_helpers.c
Examining data/python-aiohttp-3.6.2/aiohttp/_http_parser.c
Examining data/python-aiohttp-3.6.2/aiohttp/_http_writer.c
Examining data/python-aiohttp-3.6.2/aiohttp/_websocket.c
Examining data/python-aiohttp-3.6.2/vendor/http-parser/bench.c
Examining data/python-aiohttp-3.6.2/vendor/http-parser/contrib/parsertrace.c
Examining data/python-aiohttp-3.6.2/vendor/http-parser/contrib/url_parser.c
Examining data/python-aiohttp-3.6.2/vendor/http-parser/http_parser.c
Examining data/python-aiohttp-3.6.2/vendor/http-parser/http_parser.h
Examining data/python-aiohttp-3.6.2/vendor/http-parser/test.c
FINAL RESULTS:
data/python-aiohttp-3.6.2/aiohttp/_frozenlist.c:769:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
data/python-aiohttp-3.6.2/aiohttp/_helpers.c:769:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:775:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
data/python-aiohttp-3.6.2/aiohttp/_http_writer.c:772:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
data/python-aiohttp-3.6.2/aiohttp/_websocket.c:773:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3810:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
size_t buf1len = sprintf(buf1, "%s\r\nConnection: Keep-Alive\r\nContent-Length: %lu\r\n\r\n",
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3847:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(total, r1->raw);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3848:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(total, r2->raw);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3849:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(total, r3->raw);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3898:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(total, r1->raw);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3899:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(total, r2->raw);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3900:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(total, r3->raw);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:4327:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s / HTTP/1.1\r\n\r\n", *this_method);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:4347:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s / HTTP/1.1\r\n\r\n", *this_method);
data/python-aiohttp-3.6.2/aiohttp/_frozenlist.c:6287:18: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!setstate) PyErr_Clear();
data/python-aiohttp-3.6.2/aiohttp/_frozenlist.c:6288:18: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
data/python-aiohttp-3.6.2/aiohttp/_frozenlist.c:6288:58: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
data/python-aiohttp-3.6.2/aiohttp/_frozenlist.c:6309:16: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Py_XDECREF(setstate);
data/python-aiohttp-3.6.2/aiohttp/_helpers.c:4305:18: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!setstate) PyErr_Clear();
data/python-aiohttp-3.6.2/aiohttp/_helpers.c:4306:18: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
data/python-aiohttp-3.6.2/aiohttp/_helpers.c:4306:58: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
data/python-aiohttp-3.6.2/aiohttp/_helpers.c:4327:16: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Py_XDECREF(setstate);
data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:21448:18: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!setstate) PyErr_Clear();
data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:21449:18: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:21449:58: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:21470:16: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Py_XDECREF(setstate);
data/python-aiohttp-3.6.2/aiohttp/_frozenlist.c:722:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascii_chars[128];
data/python-aiohttp-3.6.2/aiohttp/_frozenlist.c:7085:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctversion[4], rtversion[4];
data/python-aiohttp-3.6.2/aiohttp/_frozenlist.c:7089:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[200];
data/python-aiohttp-3.6.2/aiohttp/_helpers.c:722:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascii_chars[128];
data/python-aiohttp-3.6.2/aiohttp/_helpers.c:5072:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctversion[4], rtversion[4];
data/python-aiohttp-3.6.2/aiohttp/_helpers.c:5076:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[200];
data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:728:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascii_chars[128];
data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:2445:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)(memcpy((__pyx_v_ptr + __pyx_v_s), __pyx_v_at, __pyx_v_length));
data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:7544:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)(memcpy((__pyx_v_buf + __pyx_v_size), __pyx_v_at, __pyx_v_length));
data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:7629:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)(memcpy((__pyx_v_buf + __pyx_v_size), __pyx_v_at, __pyx_v_length));
data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:21500:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char warning[200];
data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:23878:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctversion[4], rtversion[4];
data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:23882:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[200];
data/python-aiohttp-3.6.2/aiohttp/_http_writer.c:725:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascii_chars[128];
data/python-aiohttp-3.6.2/aiohttp/_http_writer.c:1240:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char __pyx_v_7aiohttp_12_http_writer_BUFFER[0x4000];
data/python-aiohttp-3.6.2/aiohttp/_http_writer.c:1503:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)(memcpy(__pyx_v_buf, __pyx_v_writer->buf, __pyx_v_writer->size));
data/python-aiohttp-3.6.2/aiohttp/_http_writer.c:4601:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char warning[200];
data/python-aiohttp-3.6.2/aiohttp/_http_writer.c:5535:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctversion[4], rtversion[4];
data/python-aiohttp-3.6.2/aiohttp/_http_writer.c:5539:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[200];
data/python-aiohttp-3.6.2/aiohttp/_websocket.c:726:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascii_chars[128];
data/python-aiohttp-3.6.2/aiohttp/_websocket.c:2448:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char warning[200];
data/python-aiohttp-3.6.2/aiohttp/_websocket.c:3292:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctversion[4], rtversion[4];
data/python-aiohttp-3.6.2/aiohttp/_websocket.c:3296:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[200];
data/python-aiohttp-3.6.2/vendor/http-parser/contrib/parsertrace.c:108:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* file = fopen(filename, "r");
data/python-aiohttp-3.6.2/vendor/http-parser/http_parser.c:187:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char tokens[256] = {
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:54:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char response_status[MAX_ELEMENT_SIZE];
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:55:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char request_path[MAX_ELEMENT_SIZE];
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:56:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char request_url[MAX_ELEMENT_SIZE];
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:57:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fragment[MAX_ELEMENT_SIZE];
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:58:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query_string[MAX_ELEMENT_SIZE];
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:59:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char body[MAX_ELEMENT_SIZE];
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:66:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char headers [MAX_HEADERS][2][MAX_ELEMENT_SIZE];
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:1984:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst + dlen, src, ncpy);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:2002:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, ncpy);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:2537:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ubuf[256]; \
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:2540:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ubuf, (found)->request_url + (u)->field_data[(fn)].off, \
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3809:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[3000];
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3840:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char total[ strlen(r1->raw)
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3893:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char total[80*1024] = "\0";
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3894:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[80*1024] = "\0";
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3895:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[80*1024] = "\0";
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3896:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf3[80*1024] = "\0";
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:4024:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, headers, headers_len);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:4029:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + wrote, "400\r\n", 5);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:4033:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf + wrote, "\r\n");
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:4037:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + wrote, "0\r\n\r\n", 6);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:4326:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:4346:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/python-aiohttp-3.6.2/aiohttp/_frozenlist.c:646:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
data/python-aiohttp-3.6.2/aiohttp/_frozenlist.c:767:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
data/python-aiohttp-3.6.2/aiohttp/_frozenlist.c:7133:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
data/python-aiohttp-3.6.2/aiohttp/_helpers.c:646:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
data/python-aiohttp-3.6.2/aiohttp/_helpers.c:767:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
data/python-aiohttp-3.6.2/aiohttp/_helpers.c:5120:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:652:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:773:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:19562:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_1 = __Pyx_decode_c_string(__pyx_t_82, 0, strlen(__pyx_t_82), NULL, NULL, PyUnicode_DecodeASCII); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 72, __pyx_L1_error)
data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:21154:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t slen = strlen(cstring);
data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:23926:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
data/python-aiohttp-3.6.2/aiohttp/_http_writer.c:649:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
data/python-aiohttp-3.6.2/aiohttp/_http_writer.c:770:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
data/python-aiohttp-3.6.2/aiohttp/_http_writer.c:5583:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
data/python-aiohttp-3.6.2/aiohttp/_websocket.c:650:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
data/python-aiohttp-3.6.2/aiohttp/_websocket.c:771:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
data/python-aiohttp-3.6.2/aiohttp/_websocket.c:3340:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
data/python-aiohttp-3.6.2/vendor/http-parser/contrib/url_parser.c:34:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[2]);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:2585:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (http_parser_parse_url(m->request_url, strlen(m->request_url), 0, &u)) {
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:2681:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
off += strlen(m->raw);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:2684:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
off -= strlen(m->upgrade);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:2693:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(body + nread + strlen(m->upgrade)) = '\0';
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:2714:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t i, j, len = strlen(raw), error_location_line = 0;
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3356:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
test->url ? strlen(test->url) : 0,
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3407:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t raw_len = strlen(message->raw);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3412:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t read;
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3423:70: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!messages[0].headers_complete_cb_called && parser.nread != read) {
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3424:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert(parser.nread == read);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3425:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
print_error(msg1, read);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3430:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
messages[num_messages - 1].upgrade = msg1 + read;
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3434:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != msg1len) {
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3435:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
print_error(msg1, read);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3444:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
messages[num_messages - 1].upgrade = msg2 + read;
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3448:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != msg2len) {
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3449:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
print_error(msg2, read);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3455:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != 0) {
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3456:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
print_error(message->raw, read);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3476:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t read;
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3477:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(message->raw);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3484:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != toread) {
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3485:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
print_error(message->raw, read);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3492:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != 0) {
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3493:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
print_error(message->raw, read);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3514:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parse(buf, strlen(buf));
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3548:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parsed = http_parser_execute(&parser, &settings_null, buf, strlen(buf));
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3549:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(parsed == strlen(buf));
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3552:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buflen = strlen(buf);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3582:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parsed = http_parser_execute(&parser, &settings_null, buf, strlen(buf));
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3583:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(parsed == strlen(buf));
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3586:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buflen = strlen(buf);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3616:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parsed = http_parser_execute(&parser, &settings_null, buf, strlen(buf));
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3617:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(parsed == strlen(buf));
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3620:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buflen = strlen(buf);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3643:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parsed = http_parser_execute(&parser, &settings_null, buf, strlen(buf));
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3644:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(parsed == strlen(buf));
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3647:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buflen = strlen(buf);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3670:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parsed = http_parser_execute(&parser, &settings_null, buf, strlen(buf));
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3671:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(parsed == strlen(buf));
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3674:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buflen = strlen(buf);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3719:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parsed = http_parser_execute(&parser, &settings_null, buf, strlen(buf));
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3720:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(parsed == strlen(buf));
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3723:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buflen = strlen(buf);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3748:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parsed = http_parser_execute(&parser, &settings_null, buf, strlen(buf));
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3749:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(parsed == strlen(buf));
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3751:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(parser.nread == strlen(buf));
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3840:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char total[ strlen(r1->raw)
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3841:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(r2->raw)
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3842:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(r3->raw)
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3853:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t read;
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3855:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
read = parse(total, strlen(total));
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3858:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
upgrade_message_fix(total, read, 3, r1, r2, r3);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3862:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != strlen(total)) {
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3862:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (read != strlen(total)) {
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3863:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
print_error(total, read);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3869:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != 0) {
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3870:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
print_error(total, read);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3902:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t read;
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3904:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int total_len = strlen(total);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3942:72: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!messages[0].headers_complete_cb_called && parser.nread != read) {
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3943:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
print_error(buf1, read);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3949:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != buf1_len) {
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3950:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
print_error(buf1, read);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3958:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != buf1_len + buf2_len) {
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3959:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
print_error(buf2, read);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3967:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != buf1_len + buf2_len + buf3_len) {
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3968:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
print_error(buf3, read);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3976:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
upgrade_message_fix(total, read, 3, r1, r2, r3);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:4020:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t headers_len = strlen(headers);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:4050:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buflen = strlen(msg->raw);
data/python-aiohttp-3.6.2/vendor/http-parser/test.c:4099:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buflen = strlen(msg->raw);
ANALYSIS SUMMARY:
Hits = 164
Lines analyzed = 63928 in approximately 1.45 seconds (43976 lines/second)
Physical Source Lines of Code (SLOC) = 49834
Hits@level = [0] 91 [1] 90 [2] 48 [3] 12 [4] 14 [5] 0
Hits@level+ = [0+] 255 [1+] 164 [2+] 74 [3+] 26 [4+] 14 [5+] 0
Hits/KSLOC@level+ = [0+] 5.11699 [1+] 3.29093 [2+] 1.48493 [3+] 0.521732 [4+] 0.280933 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.