Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/ruby-ferret-0.11.8.7/ext/priorityqueue.c Examining data/ruby-ferret-0.11.8.7/ext/r_store.c Examining data/ruby-ferret-0.11.8.7/ext/stem_UTF_8_english.h Examining data/ruby-ferret-0.11.8.7/ext/stem_UTF_8_german.h Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_api.c Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_UTF_8_porter.c Examining data/ruby-ferret-0.11.8.7/ext/stem_ISO_8859_1_spanish.h Examining data/ruby-ferret-0.11.8.7/ext/helper.c Examining data/ruby-ferret-0.11.8.7/ext/field_index.h Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_ISO_8859_1_hungarian.c Examining data/ruby-ferret-0.11.8.7/ext/q_term.c Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_ISO_8859_1_english.c Examining data/ruby-ferret-0.11.8.7/ext/scanner_mb.c Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_ISO_8859_1_french.c Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_UTF_8_german.c Examining data/ruby-ferret-0.11.8.7/ext/store.h Examining data/ruby-ferret-0.11.8.7/ext/config.h Examining data/ruby-ferret-0.11.8.7/ext/stem_UTF_8_norwegian.h Examining data/ruby-ferret-0.11.8.7/ext/except.h Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_UTF_8_finnish.c Examining data/ruby-ferret-0.11.8.7/ext/stem_UTF_8_spanish.h Examining data/ruby-ferret-0.11.8.7/ext/stem_UTF_8_romanian.h Examining data/ruby-ferret-0.11.8.7/ext/libstemmer.h Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_ISO_8859_2_romanian.c Examining data/ruby-ferret-0.11.8.7/ext/q_boolean.c Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_UTF_8_english.c Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_libstemmer.c Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_UTF_8_danish.c Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_ISO_8859_1_norwegian.c Examining data/ruby-ferret-0.11.8.7/ext/stem_ISO_8859_1_italian.h Examining data/ruby-ferret-0.11.8.7/ext/stem_UTF_8_turkish.h Examining data/ruby-ferret-0.11.8.7/ext/q_filtered_query.c Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_utilities.c Examining data/ruby-ferret-0.11.8.7/ext/r_analysis.c Examining data/ruby-ferret-0.11.8.7/ext/q_fuzzy.c Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_ISO_8859_1_spanish.c Examining data/ruby-ferret-0.11.8.7/ext/q_const_score.c Examining data/ruby-ferret-0.11.8.7/ext/stem_ISO_8859_1_finnish.h Examining data/ruby-ferret-0.11.8.7/ext/stem_UTF_8_swedish.h Examining data/ruby-ferret-0.11.8.7/ext/stem_ISO_8859_1_porter.h Examining data/ruby-ferret-0.11.8.7/ext/search.c Examining data/ruby-ferret-0.11.8.7/ext/stem_ISO_8859_1_dutch.h Examining data/ruby-ferret-0.11.8.7/ext/threading.h Examining data/ruby-ferret-0.11.8.7/ext/scanner.h Examining data/ruby-ferret-0.11.8.7/ext/internal.h Examining data/ruby-ferret-0.11.8.7/ext/r_utils.c Examining data/ruby-ferret-0.11.8.7/ext/scanner.c Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_UTF_8_french.c Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_ISO_8859_1_finnish.c Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_UTF_8_swedish.c Examining data/ruby-ferret-0.11.8.7/ext/symbol.h Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_ISO_8859_1_swedish.c Examining data/ruby-ferret-0.11.8.7/ext/array.c Examining data/ruby-ferret-0.11.8.7/ext/r_search.c Examining data/ruby-ferret-0.11.8.7/ext/array.h Examining data/ruby-ferret-0.11.8.7/ext/q_range.c Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_UTF_8_italian.c Examining data/ruby-ferret-0.11.8.7/ext/modules.h Examining data/ruby-ferret-0.11.8.7/ext/fs_store.c Examining data/ruby-ferret-0.11.8.7/ext/q_wildcard.c Examining data/ruby-ferret-0.11.8.7/ext/q_prefix.c Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_UTF_8_dutch.c Examining data/ruby-ferret-0.11.8.7/ext/ferret.h Examining data/ruby-ferret-0.11.8.7/ext/stem_ISO_8859_1_danish.h Examining data/ruby-ferret-0.11.8.7/ext/bitvector.c Examining data/ruby-ferret-0.11.8.7/ext/stem_ISO_8859_1_portuguese.h Examining data/ruby-ferret-0.11.8.7/ext/q_match_all.c Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_ISO_8859_1_italian.c Examining data/ruby-ferret-0.11.8.7/ext/stem_UTF_8_italian.h Examining data/ruby-ferret-0.11.8.7/ext/ram_store.c Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_ISO_8859_1_german.c Examining data/ruby-ferret-0.11.8.7/ext/multimapper.h Examining data/ruby-ferret-0.11.8.7/ext/global.h Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_UTF_8_portuguese.c Examining data/ruby-ferret-0.11.8.7/ext/stem_UTF_8_french.h Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_ISO_8859_1_portuguese.c Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_UTF_8_romanian.c Examining data/ruby-ferret-0.11.8.7/ext/hashset.c Examining data/ruby-ferret-0.11.8.7/ext/ferret.c Examining data/ruby-ferret-0.11.8.7/ext/hashset.h Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_ISO_8859_1_porter.c Examining data/ruby-ferret-0.11.8.7/ext/stem_ISO_8859_1_german.h Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_ISO_8859_1_dutch.c Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_KOI8_R_russian.c Examining data/ruby-ferret-0.11.8.7/ext/analysis.h Examining data/ruby-ferret-0.11.8.7/ext/similarity.c Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_UTF_8_turkish.c Examining data/ruby-ferret-0.11.8.7/ext/win32.h Examining data/ruby-ferret-0.11.8.7/ext/helper.h Examining data/ruby-ferret-0.11.8.7/ext/q_multi_term.c Examining data/ruby-ferret-0.11.8.7/ext/bitvector.h Examining data/ruby-ferret-0.11.8.7/ext/stem_ISO_8859_2_romanian.h Examining data/ruby-ferret-0.11.8.7/ext/lang.c Examining data/ruby-ferret-0.11.8.7/ext/scanner_utf8.c Examining data/ruby-ferret-0.11.8.7/ext/hash.c Examining data/ruby-ferret-0.11.8.7/ext/mempool.h Examining data/ruby-ferret-0.11.8.7/ext/stem_KOI8_R_russian.h Examining data/ruby-ferret-0.11.8.7/ext/multimapper.c Examining data/ruby-ferret-0.11.8.7/ext/api.h Examining data/ruby-ferret-0.11.8.7/ext/stem_ISO_8859_1_norwegian.h Examining data/ruby-ferret-0.11.8.7/ext/store.c Examining data/ruby-ferret-0.11.8.7/ext/document.c Examining data/ruby-ferret-0.11.8.7/ext/term_vectors.c Examining data/ruby-ferret-0.11.8.7/ext/q_phrase.c Examining data/ruby-ferret-0.11.8.7/ext/except.c Examining data/ruby-ferret-0.11.8.7/ext/q_parser.c Examining data/ruby-ferret-0.11.8.7/ext/stem_ISO_8859_1_hungarian.h Examining data/ruby-ferret-0.11.8.7/ext/analysis.c Examining data/ruby-ferret-0.11.8.7/ext/stem_ISO_8859_1_swedish.h Examining data/ruby-ferret-0.11.8.7/ext/symbol.c Examining data/ruby-ferret-0.11.8.7/ext/stem_ISO_8859_1_english.h Examining data/ruby-ferret-0.11.8.7/ext/stopwords.c Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_UTF_8_hungarian.c Examining data/ruby-ferret-0.11.8.7/ext/stem_UTF_8_russian.h Examining data/ruby-ferret-0.11.8.7/ext/global.c Examining data/ruby-ferret-0.11.8.7/ext/priorityqueue.h Examining data/ruby-ferret-0.11.8.7/ext/sort.c Examining data/ruby-ferret-0.11.8.7/ext/stem_UTF_8_portuguese.h Examining data/ruby-ferret-0.11.8.7/ext/stem_ISO_8859_1_french.h Examining data/ruby-ferret-0.11.8.7/ext/header.h Examining data/ruby-ferret-0.11.8.7/ext/stem_UTF_8_finnish.h Examining data/ruby-ferret-0.11.8.7/ext/document.h Examining data/ruby-ferret-0.11.8.7/ext/q_span.c Examining data/ruby-ferret-0.11.8.7/ext/hash.h Examining data/ruby-ferret-0.11.8.7/ext/r_qparser.c Examining data/ruby-ferret-0.11.8.7/ext/field_index.c Examining data/ruby-ferret-0.11.8.7/ext/filter.c Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_UTF_8_russian.c Examining data/ruby-ferret-0.11.8.7/ext/similarity.h Examining data/ruby-ferret-0.11.8.7/ext/index.h Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_UTF_8_norwegian.c Examining data/ruby-ferret-0.11.8.7/ext/r_index.c Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_ISO_8859_1_danish.c Examining data/ruby-ferret-0.11.8.7/ext/STEMMER_stem_UTF_8_spanish.c Examining data/ruby-ferret-0.11.8.7/ext/stem_UTF_8_porter.h Examining data/ruby-ferret-0.11.8.7/ext/stem_UTF_8_hungarian.h Examining data/ruby-ferret-0.11.8.7/ext/stem_UTF_8_dutch.h Examining data/ruby-ferret-0.11.8.7/ext/lang.h Examining data/ruby-ferret-0.11.8.7/ext/stem_UTF_8_danish.h Examining data/ruby-ferret-0.11.8.7/ext/search.h Examining data/ruby-ferret-0.11.8.7/ext/mempool.c Examining data/ruby-ferret-0.11.8.7/ext/index.c Examining data/ruby-ferret-0.11.8.7/ext/compound_io.c Examining data/ruby-ferret-0.11.8.7/ext/posh.c Examining data/ruby-ferret-0.11.8.7/ext/posh.h FINAL RESULTS: data/ruby-ferret-0.11.8.7/ext/analysis.c:1280:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tk->text, hf->text + pos); data/ruby-ferret-0.11.8.7/ext/document.c:143:14: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. s += sprintf(s, " =>%s\n", fields[i]); data/ruby-ferret-0.11.8.7/ext/except.c:62:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xmsg_buffer, XMSG_BUFFER_SIZE, fmt, args); data/ruby-ferret-0.11.8.7/ext/except.h:149:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(frt_xmsg_buffer, FRT_XMSG_BUFFER_SIZE, __VA_ARGS__);\ data/ruby-ferret-0.11.8.7/ext/except.h:150:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(frt_xmsg_buffer_final, FRT_XMSG_BUFFER_SIZE,\ data/ruby-ferret-0.11.8.7/ext/except.h:157:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(frt_xmsg_buffer, FRT_XMSG_BUFFER_SIZE, ##args);\ data/ruby-ferret-0.11.8.7/ext/except.h:158:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(frt_xmsg_buffer_final, FRT_XMSG_BUFFER_SIZE,\ data/ruby-ferret-0.11.8.7/ext/ferret.c:254:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf + so_far, FRT_BUF_SIZ - so_far, fmt, args); data/ruby-ferret-0.11.8.7/ext/ferret.c:308:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(term_str, "%s:%s", field, text); data/ruby-ferret-0.11.8.7/ext/global.c:121:5: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(string, fmt, args); data/ruby-ferret-0.11.8.7/ext/global.c:131:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(t, s); data/ruby-ferret-0.11.8.7/ext/global.c:151:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, DBL2S, num); data/ruby-ferret-0.11.8.7/ext/global.c:273:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, CMD_BUF_SIZE, command, progname(), pid); data/ruby-ferret-0.11.8.7/ext/global.c:295:21: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if ( !(stream = popen(buf, "r")) ) { data/ruby-ferret-0.11.8.7/ext/global.c:374:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, args); data/ruby-ferret-0.11.8.7/ext/global.c:464:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, format, args); data/ruby-ferret-0.11.8.7/ext/global.h:291:36: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define xlog if (frt_x_do_logging) printf data/ruby-ferret-0.11.8.7/ext/index.c:120:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s_%s", base, u); data/ruby-ferret-0.11.8.7/ext/index.c:123:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s_%s.%s", base, u, ext); data/ruby-ferret-0.11.8.7/ext/index.c:133:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, SEGMENTS_FILE_NAME"_%s", u); data/ruby-ferret-0.11.8.7/ext/index.c:160:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s_%s.%s%d", data/ruby-ferret-0.11.8.7/ext/index.c:313:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. s += sprintf(str, "[\"%s\":(%s%s%s%s%s%s%s%s", (char *)fi->name, data/ruby-ferret-0.11.8.7/ext/index.c:513:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. pos = sprintf(buf, data/ruby-ferret-0.11.8.7/ext/index.c:524:16: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. pos += sprintf(buf + pos, data/ruby-ferret-0.11.8.7/ext/index.c:2159:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.tfx", segment); data/ruby-ferret-0.11.8.7/ext/index.c:2178:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.tix", segment); data/ruby-ferret-0.11.8.7/ext/index.c:2624:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.tis", segment); data/ruby-ferret-0.11.8.7/ext/index.c:3758:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(segment_name, file_name); data/ruby-ferret-0.11.8.7/ext/index.c:4646:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.cfs", sr_segment); data/ruby-ferret-0.11.8.7/ext/index.c:4663:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.frq", sr_segment); data/ruby-ferret-0.11.8.7/ext/index.c:4665:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.prx", sr_segment); data/ruby-ferret-0.11.8.7/ext/index.c:5395:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.frq", dw->si->name); data/ruby-ferret-0.11.8.7/ext/index.c:5397:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.prx", dw->si->name); data/ruby-ferret-0.11.8.7/ext/index.c:5755:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.cfs", segment); data/ruby-ferret-0.11.8.7/ext/index.c:5761:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.fdx", segment); data/ruby-ferret-0.11.8.7/ext/index.c:5779:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.tis", segment); data/ruby-ferret-0.11.8.7/ext/index.c:5781:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.frq", segment); data/ruby-ferret-0.11.8.7/ext/index.c:5783:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.prx", segment); data/ruby-ferret-0.11.8.7/ext/index.c:5878:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.fdt", sm->si->name); data/ruby-ferret-0.11.8.7/ext/index.c:5881:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.fdx", sm->si->name); data/ruby-ferret-0.11.8.7/ext/index.c:5890:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.fdt", segment); data/ruby-ferret-0.11.8.7/ext/index.c:5892:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.fdx", segment); data/ruby-ferret-0.11.8.7/ext/index.c:6071:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.frq", sm->si->name); data/ruby-ferret-0.11.8.7/ext/index.c:6073:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.prx", sm->si->name); data/ruby-ferret-0.11.8.7/ext/index.c:6236:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cfs_name, "%s.cfs", si->name); data/ruby-ferret-0.11.8.7/ext/index.c:6540:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.fdt", segment); data/ruby-ferret-0.11.8.7/ext/index.c:6542:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.fdx", segment); data/ruby-ferret-0.11.8.7/ext/index.c:6545:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.fdt", sr_segment); data/ruby-ferret-0.11.8.7/ext/index.c:6547:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.fdx", sr_segment); data/ruby-ferret-0.11.8.7/ext/index.c:6550:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.del", sr_segment); data/ruby-ferret-0.11.8.7/ext/index.c:6554:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.del", segment); data/ruby-ferret-0.11.8.7/ext/index.c:6627:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.tix", segment); data/ruby-ferret-0.11.8.7/ext/index.c:6629:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.tix", sr_segment); data/ruby-ferret-0.11.8.7/ext/index.c:6632:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.tis", segment); data/ruby-ferret-0.11.8.7/ext/index.c:6634:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.tis", sr_segment); data/ruby-ferret-0.11.8.7/ext/index.c:6637:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.tfx", segment); data/ruby-ferret-0.11.8.7/ext/index.c:6639:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.tfx", sr_segment); data/ruby-ferret-0.11.8.7/ext/index.c:6642:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.frq", segment); data/ruby-ferret-0.11.8.7/ext/index.c:6644:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.frq", sr_segment); data/ruby-ferret-0.11.8.7/ext/index.c:6647:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.prx", segment); data/ruby-ferret-0.11.8.7/ext/index.c:6649:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s.prx", sr_segment); data/ruby-ferret-0.11.8.7/ext/q_fuzzy.c:160:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. bptr += sprintf(bptr, "%s:", S(field)); data/ruby-ferret-0.11.8.7/ext/q_fuzzy.c:163:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. bptr += sprintf(bptr, "%s~", term); data/ruby-ferret-0.11.8.7/ext/q_multi_term.c:412:16: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. pos += sprintf(doc_freqs + pos, "(%s=%d) + ", term, doc_freq); data/ruby-ferret-0.11.8.7/ext/q_multi_term.c:523:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. bptr += sprintf(bptr, "%s:", field); data/ruby-ferret-0.11.8.7/ext/q_multi_term.c:529:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. bptr += sprintf(bptr, "%s", bt->term); data/ruby-ferret-0.11.8.7/ext/q_parser.c:810:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/ruby-ferret-0.11.8.7/ext/q_phrase.c:636:20: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. pos += sprintf(doc_freqs + pos, "%s=%d, ", data/ruby-ferret-0.11.8.7/ext/q_prefix.c:24:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. bptr += sprintf(bptr, "%s:", S(PfxQ(self)->field)); data/ruby-ferret-0.11.8.7/ext/q_prefix.c:27:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. bptr += sprintf(bptr, "%s*", prefix); data/ruby-ferret-0.11.8.7/ext/q_span.c:413:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str, "SpanTermEnum(%s)@%s", query_str, pos_str); data/ruby-ferret-0.11.8.7/ext/q_span.c:885:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str, "SpanOrEnum(%s)@%s", query_str, doc_str); data/ruby-ferret-0.11.8.7/ext/q_span.c:1192:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str, "SpanNearEnum(%s)@%s", query_str, doc_str); data/ruby-ferret-0.11.8.7/ext/q_span.c:1424:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. df_i += sprintf(doc_freqs + df_i, "%s=%d, ", term, data/ruby-ferret-0.11.8.7/ext/q_span.c:1608:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p, smtq->terms[i]); data/ruby-ferret-0.11.8.7/ext/q_span.c:1828:18: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. res_p += sprintf(res_p, "%s", q_strs[i]); data/ruby-ferret-0.11.8.7/ext/q_span.c:2012:18: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. res_p += sprintf(res_p, "%s", q_strs[i]); data/ruby-ferret-0.11.8.7/ext/q_span.c:2318:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. bptr += sprintf(bptr, "%s:", S(field)); data/ruby-ferret-0.11.8.7/ext/q_span.c:2321:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. bptr += sprintf(bptr, "%s*", prefix); data/ruby-ferret-0.11.8.7/ext/q_wildcard.c:22:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. bptr += sprintf(bptr, "%s:", field_str); data/ruby-ferret-0.11.8.7/ext/q_wildcard.c:24:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. bptr += sprintf(bptr, "%s", pattern); data/ruby-ferret-0.11.8.7/ext/r_analysis.c:395:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "token[\"%s\":%d:%d:%d]", rs2s(token->text), data/ruby-ferret-0.11.8.7/ext/r_index.c:1125:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(jp, format, tde->doc_num(tde), tde->freq(tde)); data/ruby-ferret-0.11.8.7/ext/r_search.c:231:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str + p, "\t%d \"%s\": %0.5f\n", doc_id, value, data/ruby-ferret-0.11.8.7/ext/r_search.c:944:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str, "%s:%s", ostr, qstr); data/ruby-ferret-0.11.8.7/ext/r_search.c:2348:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sort_str, xsort_str); data/ruby-ferret-0.11.8.7/ext/sort.c:97:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str, "%s:%s%s", S(self->field), type, (self->reverse ? "!" : "")); data/ruby-ferret-0.11.8.7/ext/sort.c:101:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str, "%s%s", type, (self->reverse ? "!" : "")); data/ruby-ferret-0.11.8.7/ext/sort.c:773:14: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. s += sprintf(s, "%s, ", sf_strs[i]); data/ruby-ferret-0.11.8.7/ext/win32.h:28:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dirname_buf, "%s\\*", dirname); data/ruby-ferret-0.11.8.7/ext/analysis.c:23:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tk->text, text, sizeof(char) * tlen); data/ruby-ferret-0.11.8.7/ext/analysis.c:119:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ts, orig_ts, size); data/ruby-ferret-0.11.8.7/ext/analysis.c:354:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wbuf[MAX_WORD_SIZE + 1], *w, *w_end; data/ruby-ferret-0.11.8.7/ext/analysis.c:492:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wbuf[MAX_WORD_SIZE + 1], *w, *w_end; data/ruby-ferret-0.11.8.7/ext/analysis.c:674:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(token, ts->t, i); data/ruby-ferret-0.11.8.7/ext/analysis.c:889:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char token[MAX_WORD_SIZE + 1]; data/ruby-ferret-0.11.8.7/ext/analysis.c:965:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(token, start, token_i * sizeof(char)); data/ruby-ferret-0.11.8.7/ext/analysis.c:1220:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_WORD_SIZE + 1]; data/ruby-ferret-0.11.8.7/ext/analysis.c:1226:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tk->text, buf, tk->len + 1); data/ruby-ferret-0.11.8.7/ext/analysis.c:1345:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wbuf[MAX_WORD_SIZE + 1], *wchr; data/ruby-ferret-0.11.8.7/ext/analysis.c:1362:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tk->text, "BAD_DATA"); data/ruby-ferret-0.11.8.7/ext/analysis.c:1427:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tk->text, stemmed, len); data/ruby-ferret-0.11.8.7/ext/analysis.c:1695:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[10000]; data/ruby-ferret-0.11.8.7/ext/analysis.h:22:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[FRT_MAX_WORD_SIZE]; data/ruby-ferret-0.11.8.7/ext/analysis.h:120:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[FRT_MAX_WORD_SIZE]; data/ruby-ferret-0.11.8.7/ext/bitvector.h:395:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dest[i], &src[i], sizeof(*dest)*(max - i)); \ data/ruby-ferret-0.11.8.7/ext/bitvector.h:402:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. else memcpy(&dest[i], &src[i], sizeof(*dest)*(max - i)); \ data/ruby-ferret-0.11.8.7/ext/document.c:68:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, df->name, namelen); data/ruby-ferret-0.11.8.7/ext/document.c:80:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, df->data[i], df->lengths[i]); data/ruby-ferret-0.11.8.7/ext/document.c:141:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. s += sprintf(buf, "Document [\n"); data/ruby-ferret-0.11.8.7/ext/except.c:25:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xmsg_buffer[XMSG_BUFFER_SIZE]; data/ruby-ferret-0.11.8.7/ext/except.c:26:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xmsg_buffer_final[XMSG_BUFFER_SIZE]; data/ruby-ferret-0.11.8.7/ext/except.h:174:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char frt_xmsg_buffer[FRT_XMSG_BUFFER_SIZE]; data/ruby-ferret-0.11.8.7/ext/except.h:175:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char frt_xmsg_buffer_final[FRT_XMSG_BUFFER_SIZE]; data/ruby-ferret-0.11.8.7/ext/ferret.c:176:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, old, len + 1); data/ruby-ferret-0.11.8.7/ext/ferret.c:245:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[FRT_BUF_SIZ]; data/ruby-ferret-0.11.8.7/ext/fs_store.c:50:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAX_FILE_PATH]; data/ruby-ferret-0.11.8.7/ext/fs_store.c:62:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAX_FILE_PATH]; data/ruby-ferret-0.11.8.7/ext/fs_store.c:64:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, 0); data/ruby-ferret-0.11.8.7/ext/fs_store.c:78:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAX_FILE_PATH]; data/ruby-ferret-0.11.8.7/ext/fs_store.c:84:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path1[MAX_FILE_PATH], path2[MAX_FILE_PATH]; data/ruby-ferret-0.11.8.7/ext/fs_store.c:149:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAX_FILE_PATH]; data/ruby-ferret-0.11.8.7/ext/fs_store.c:158:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAX_FILE_PATH]; data/ruby-ferret-0.11.8.7/ext/fs_store.c:230:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAX_FILE_PATH]; data/ruby-ferret-0.11.8.7/ext/fs_store.c:272:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAX_FILE_PATH]; data/ruby-ferret-0.11.8.7/ext/fs_store.c:273:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(join_path(path, store->dir.path, filename), data/ruby-ferret-0.11.8.7/ext/fs_store.c:338:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAX_FILE_PATH]; data/ruby-ferret-0.11.8.7/ext/fs_store.c:339:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(join_path(path, store->dir.path, filename), O_RDONLY | O_BINARY); data/ruby-ferret-0.11.8.7/ext/fs_store.c:359:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(lock->name, O_CREAT | O_EXCL | O_RDWR, data/ruby-ferret-0.11.8.7/ext/fs_store.c:377:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int f = open(lock->name, O_CREAT | O_EXCL | O_WRONLY, S_IRUSR | S_IWUSR); data/ruby-ferret-0.11.8.7/ext/fs_store.c:398:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lname[100]; data/ruby-ferret-0.11.8.7/ext/fs_store.c:399:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAX_FILE_PATH]; data/ruby-ferret-0.11.8.7/ext/global.c:107:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str1 + len1, str2, len2 + 1); /* make sure '\0' copied too */ data/ruby-ferret-0.11.8.7/ext/global.c:157:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%#.6e", num); data/ruby-ferret-0.11.8.7/ext/global.c:212:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, s, slen); data/ruby-ferret-0.11.8.7/ext/global.c:232:22: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. q += sprintf(q, "%ld", l); data/ruby-ferret-0.11.8.7/ext/global.c:383:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char name[MAX_PROG_NAME]; /* program name for error msgs */ data/ruby-ferret-0.11.8.7/ext/index.c:117:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:131:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:159:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:327:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, ")]"); data/ruby-ferret-0.11.8.7/ext/index.c:689:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:699:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(file_name, si->name, seg_len); data/ruby-ferret-0.11.8.7/ext/index.c:704:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ext, "cfs", 4); data/ruby-ferret-0.11.8.7/ext/index.c:712:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ext, INDEX_EXTENSIONS[i], 4); data/ruby-ferret-0.11.8.7/ext/index.c:727:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:920:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *listing, listing_buffer[1024]; data/ruby-ferret-0.11.8.7/ext/index.c:982:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prev_seg_file_name[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:1087:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char seg_file_name[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:1134:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:1173:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char seg_file_name[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:1348:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_in[ZIP_BUFFER_SIZE]; data/ruby-ferret-0.11.8.7/ext/index.c:1451:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + buf_start, data/ruby-ferret-0.11.8.7/ext/index.c:1518:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:1521:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(file_name, segment, segment_len); data/ruby-ferret-0.11.8.7/ext/index.c:1525:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(file_name + segment_len, ".fdt"); data/ruby-ferret-0.11.8.7/ext/index.c:1527:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(file_name + segment_len, ".fdx"); data/ruby-ferret-0.11.8.7/ext/index.c:1539:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fr, orig, sizeof(FieldsReader)); data/ruby-ferret-0.11.8.7/ext/index.c:1696:34: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. term->text = (char *)memcpy(ALLOC_N(char, total_len), data/ruby-ferret-0.11.8.7/ext/index.c:1811:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:1814:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(file_name, segment, segment_len); data/ruby-ferret-0.11.8.7/ext/index.c:1816:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(file_name + segment_len, ".fdt"); data/ruby-ferret-0.11.8.7/ext/index.c:1819:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(file_name + segment_len, ".fdx"); data/ruby-ferret-0.11.8.7/ext/index.c:1871:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out_buffer[ZIP_BUFFER_SIZE]; data/ruby-ferret-0.11.8.7/ext/index.c:2036:20: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. return (char *)memcpy(ALLOC_N(char, te->curr_term_len + 1), data/ruby-ferret-0.11.8.7/ext/index.c:2042:23: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. return (TermInfo*)memcpy(ALLOC(TermInfo), &(te->curr_ti), sizeof(TermInfo)); data/ruby-ferret-0.11.8.7/ext/index.c:2154:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:2218:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(te->prev_term, te->curr_term, te->curr_term_len + 1); data/ruby-ferret-0.11.8.7/ext/index.c:2261:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(te->curr_term, data/ruby-ferret-0.11.8.7/ext/index.c:2312:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ste, other_te, sizeof(SegmentTermEnum)); data/ruby-ferret-0.11.8.7/ext/index.c:2474:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(te->prev_term, te->curr_term, te->curr_term_len + 1); data/ruby-ferret-0.11.8.7/ext/index.c:2475:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(te->curr_term, top->term, top->te->curr_term_len + 1); data/ruby-ferret-0.11.8.7/ext/index.c:2622:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:2731:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:2735:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(file_name, segment, segment_len); data/ruby-ferret-0.11.8.7/ext/index.c:2742:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(file_name + segment_len, ".tix"); data/ruby-ferret-0.11.8.7/ext/index.c:2744:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(file_name + segment_len, ".tis"); data/ruby-ferret-0.11.8.7/ext/index.c:2746:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(file_name + segment_len, ".tfx"); data/ruby-ferret-0.11.8.7/ext/index.c:3626:50: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. h_set(fn_extensions, INDEX_EXTENSIONS[i], (char *)INDEX_EXTENSIONS[i]); data/ruby-ferret-0.11.8.7/ext/index.c:3740:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char curr_seg_file_name[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:3756:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char segment_name[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:3784:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_fn[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:3804:47: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). si_norm_file_name(si, tmp_fn, atoi(extension + 1)); data/ruby-ferret-0.11.8.7/ext/index.c:4109:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char curr_seg_fn[MAX_FILE_PATH]; data/ruby-ferret-0.11.8.7/ext/index.c:4226:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char norm_file_name[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:4293:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, norm->bytes, SR_SIZE(sr)); data/ruby-ferret-0.11.8.7/ext/index.c:4401:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_file_name[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:4598:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:4615:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:4804:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, bytes, MR(ir)->max_doc); data/ruby-ferret-0.11.8.7/ext/index.c:5337:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:5391:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:5620:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_WORD_SIZE]; data/ruby-ferret-0.11.8.7/ext/index.c:5627:36: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. data_ptr = (char *)memcpy(buf, df->data[i], len); data/ruby-ferret-0.11.8.7/ext/index.c:5750:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:5777:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:5873:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:5978:20: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. term = (char *)memcpy(sm->term_buf + sm->term_buf_ptr, term, term_len + 1); data/ruby-ferret-0.11.8.7/ext/index.c:6069:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:6109:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:6207:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:6211:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(file_name, si->name, seg_len); data/ruby-ferret-0.11.8.7/ext/index.c:6217:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ext, COMPOUND_EXTENSIONS[i], 4); data/ruby-ferret-0.11.8.7/ext/index.c:6235:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cfs_name[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:6533:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:6620:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:6695:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name_in[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.c:6696:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name_out[SEGMENT_NAME_MAX_LENGTH]; data/ruby-ferret-0.11.8.7/ext/index.h:264:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char curr_term[FRT_MAX_WORD_SIZE]; data/ruby-ferret-0.11.8.7/ext/index.h:265:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prev_term[FRT_MAX_WORD_SIZE]; data/ruby-ferret-0.11.8.7/ext/mempool.c:53:20: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. return (char *)memcpy(mp_alloc(mp, len), str, len); data/ruby-ferret-0.11.8.7/ext/mempool.c:58:23: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. char *s = (char *)memcpy(mp_alloc(mp, len + 1), str, len); data/ruby-ferret-0.11.8.7/ext/mempool.c:65:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. return memcpy(mp_alloc(mp, len), p, len); data/ruby-ferret-0.11.8.7/ext/multimapper.c:70:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(states, self->states[c], size * sizeof(int)); data/ruby-ferret-0.11.8.7/ext/multimapper.c:221:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char alphabet[256]; data/ruby-ferret-0.11.8.7/ext/multimapper.c:278:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d, state->mapping, len); data/ruby-ferret-0.11.8.7/ext/multimapper.c:317:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d, state->mapping, len); data/ruby-ferret-0.11.8.7/ext/multimapper.h:39:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char alphabet[256]; data/ruby-ferret-0.11.8.7/ext/priorityqueue.c:24:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_pq, pq, sizeof(PriorityQueue)); data/ruby-ferret-0.11.8.7/ext/priorityqueue.c:26:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_pq->heap, pq->heap, sizeof(void *) * (new_pq->size + 1)); data/ruby-ferret-0.11.8.7/ext/q_boolean.c:457:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(csc->sub_scorers, sub_scorers, sizeof(Scorer *) * ss_cnt); data/ruby-ferret-0.11.8.7/ext/q_boolean.c:1383:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_self, self, sizeof(BooleanQuery)); data/ruby-ferret-0.11.8.7/ext/q_boolean.c:1386:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(BQ(new_self)->clauses, BQ(self)->clauses, data/ruby-ferret-0.11.8.7/ext/q_boolean.c:1460:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + bp, clause_str, sizeof(char) * clause_len); data/ruby-ferret-0.11.8.7/ext/q_boolean.c:1465:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + bp, clause_str, sizeof(char) * clause_len); data/ruby-ferret-0.11.8.7/ext/q_boolean.c:1475:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + bp, boost_str, sizeof(char) * boost_len); data/ruby-ferret-0.11.8.7/ext/q_boolean.c:1507:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(BQ(self)->similarity, sim, sizeof(Similarity)); data/ruby-ferret-0.11.8.7/ext/q_multi_term.c:416:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(doc_freqs + pos, "= %d", total_doc_freqs); data/ruby-ferret-0.11.8.7/ext/q_parser.c:1111:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; data/ruby-ferret-0.11.8.7/ext/q_parser.c:1128:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yyformat[sizeof yyunexpected data/ruby-ferret-0.11.8.7/ext/q_parser.c:1353:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yymsgbuf[128]; data/ruby-ferret-0.11.8.7/ext/q_parser.c:2190:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/ruby-ferret-0.11.8.7/ext/q_phrase.c:766:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(self->positions, positions, size * sizeof(int)); data/ruby-ferret-0.11.8.7/ext/q_phrase.c:1005:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, field, flen); data/ruby-ferret-0.11.8.7/ext/q_phrase.c:1023:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + buf_index, "<> ", 3); data/ruby-ferret-0.11.8.7/ext/q_phrase.c:1032:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + buf_index, term, len); data/ruby-ferret-0.11.8.7/ext/q_phrase.c:1047:22: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. buf_index += sprintf(buffer + buf_index, "~%d", phq->slop); data/ruby-ferret-0.11.8.7/ext/q_range.c:34:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, field, flen * sizeof(char)); data/ruby-ferret-0.11.8.7/ext/q_range.c:43:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(b, range->lower_term, llen); data/ruby-ferret-0.11.8.7/ext/q_range.c:55:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(b, range->upper_term, ulen); data/ruby-ferret-0.11.8.7/ext/q_span.c:396:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pos_str[20]; data/ruby-ferret-0.11.8.7/ext/q_span.c:402:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pos_str, "START"); data/ruby-ferret-0.11.8.7/ext/q_span.c:406:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pos_str, "END"); data/ruby-ferret-0.11.8.7/ext/q_span.c:410:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pos_str, "%d", self->doc(self) - pos); data/ruby-ferret-0.11.8.7/ext/q_span.c:869:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char doc_str[62]; data/ruby-ferret-0.11.8.7/ext/q_span.c:874:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(doc_str, "START"); data/ruby-ferret-0.11.8.7/ext/q_span.c:878:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(doc_str, "END"); data/ruby-ferret-0.11.8.7/ext/q_span.c:881:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(doc_str, "%d:%d-%d", self->doc(self), data/ruby-ferret-0.11.8.7/ext/q_span.c:1181:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char doc_str[62]; data/ruby-ferret-0.11.8.7/ext/q_span.c:1186:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(doc_str, "START"); data/ruby-ferret-0.11.8.7/ext/q_span.c:1189:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(doc_str, "%d:%d-%d", self->doc(self), data/ruby-ferret-0.11.8.7/ext/q_span.c:1825:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. res_p += sprintf(res_p, "span_or["); data/ruby-ferret-0.11.8.7/ext/q_span.c:2009:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. res_p += sprintf(res_p, "span_near["); data/ruby-ferret-0.11.8.7/ext/q_term.c:273:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(b, field, sizeof(char) * flen); data/ruby-ferret-0.11.8.7/ext/q_term.c:277:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(b, TQ(self)->term, tlen); data/ruby-ferret-0.11.8.7/ext/q_wildcard.c:98:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[MAX_WORD_SIZE] = ""; data/ruby-ferret-0.11.8.7/ext/q_wildcard.c:107:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(prefix, WCQ(self)->pattern, prefix_len); data/ruby-ferret-0.11.8.7/ext/r_index.c:869:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(jp, "%d", te->curr_ti.doc_freq); data/ruby-ferret-0.11.8.7/ext/r_index.c:884:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(jp, "\"term\":", 7); data/ruby-ferret-0.11.8.7/ext/r_index.c:888:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(jp, "\"frequency\":", 12); data/ruby-ferret-0.11.8.7/ext/r_index.c:890:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(jp, "%d", te->curr_ti.doc_freq); data/ruby-ferret-0.11.8.7/ext/r_index.c:1130:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(jp, "%d,", pos); data/ruby-ferret-0.11.8.7/ext/r_search.c:210:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "TopDocs: total_hits = %ld, max_score = %lf [\n", data/ruby-ferret-0.11.8.7/ext/r_search.c:237:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + p, "]\n"); data/ruby-ferret-0.11.8.7/ext/r_search.c:273:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, field_name, l); data/ruby-ferret-0.11.8.7/ext/r_utils.c:909:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_pq, pq, sizeof(PriQ)); data/ruby-ferret-0.11.8.7/ext/r_utils.c:911:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_pq->heap, pq->heap, sizeof(VALUE) * (new_pq->size + 1)); data/ruby-ferret-0.11.8.7/ext/ram_store.c:202:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + buffer_offset, src, bytes_to_copy); data/ruby-ferret-0.11.8.7/ext/ram_store.c:211:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, src + src_offset, bytes_to_copy); data/ruby-ferret-0.11.8.7/ext/ram_store.c:316:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(b + offset, buffer + buffer_offset, bytes_to_copy); data/ruby-ferret-0.11.8.7/ext/ram_store.c:402:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lname[100]; data/ruby-ferret-0.11.8.7/ext/scanner.c:894:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, ts + skip, __len); data/ruby-ferret-0.11.8.7/ext/scanner_mb.c:6235:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MB_LEN_MAX]; data/ruby-ferret-0.11.8.7/ext/scanner_mb.c:6700:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out_wc, ts + skip, __len*sizeof(unsigned int)); data/ruby-ferret-0.11.8.7/ext/scanner_utf8.c:4414:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, ts + skip, __len); data/ruby-ferret-0.11.8.7/ext/search.c:72:12: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. return strcat(buffer, "</ul>\n"); data/ruby-ferret-0.11.8.7/ext/search.c:161:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_hit, hit, sizeof(Hit)); data/ruby-ferret-0.11.8.7/ext/search.c:171:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pq->heap[1], hit, sizeof(Hit)); data/ruby-ferret-0.11.8.7/ext/search.c:750:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e_ptr, ellipsis, ellipsis_len); data/ruby-ferret-0.11.8.7/ext/search.c:760:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e_ptr, pre_tag, pre_tag_len); data/ruby-ferret-0.11.8.7/ext/search.c:767:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e_ptr, post_tag, post_tag_len); data/ruby-ferret-0.11.8.7/ext/search.c:781:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e_ptr, ellipsis, ellipsis_len); data/ruby-ferret-0.11.8.7/ext/search.c:811:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e_ptr, pre_tag, pre_len); data/ruby-ferret-0.11.8.7/ext/search.c:818:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e_ptr, post_tag, post_len); data/ruby-ferret-0.11.8.7/ext/search.h:914:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[FRT_QP_CONC_WORDS][FRT_MAX_WORD_SIZE]; data/ruby-ferret-0.11.8.7/ext/sort.c:562:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_hit, hit, sizeof(Hit)); data/ruby-ferret-0.11.8.7/ext/sort.c:572:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pq->heap[1], hit, sizeof(Hit)); data/ruby-ferret-0.11.8.7/ext/sort.c:621:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(field_doc, hit, sizeof(Hit)); data/ruby-ferret-0.11.8.7/ext/store.c:302:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_index_i, is, sizeof(InStream)); data/ruby-ferret-0.11.8.7/ext/store.c:473:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, is->buf.buf + is->buf.pos, length); data/ruby-ferret-0.11.8.7/ext/store.c:494:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, is->buf.buf + is->buf.pos, length); data/ruby-ferret-0.11.8.7/ext/store.c:689:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(b, fn, len); data/ruby-ferret-0.11.8.7/ext/win32.h:26:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dirname_buf[FRT_MAX_FILE_PATH]; data/ruby-ferret-0.11.8.7/ext/analysis.c:42:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return tk_set(tk, text, (int)strlen(text), start, end, pos_inc); data/ruby-ferret-0.11.8.7/ext/analysis.c:251:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(ts->t); data/ruby-ferret-0.11.8.7/ext/analysis.c:1279:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int text_len = strlen(hf->text + pos); data/ruby-ferret-0.11.8.7/ext/document.c:40:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return df_add_data_len(df, data, strlen(data)); data/ruby-ferret-0.11.8.7/ext/document.c:138:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(fields[i]) + 5; data/ruby-ferret-0.11.8.7/ext/ferret.c:253:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). so_far = strlen(buf); data/ruby-ferret-0.11.8.7/ext/ferret.c:256:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). so_far = strlen(buf); data/ruby-ferret-0.11.8.7/ext/ferret.c:257:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (fmt[0] != '\0' && fmt[strlen(fmt) - 1] == ':') { data/ruby-ferret-0.11.8.7/ext/ferret.c:259:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). so_far = strlen(buf); data/ruby-ferret-0.11.8.7/ext/fs_store.c:294:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fd, path, len) != len) { data/ruby-ferret-0.11.8.7/ext/fs_store.c:452:17: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(S_IWOTH); data/ruby-ferret-0.11.8.7/ext/global.c:104:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len1 = strlen(str1); data/ruby-ferret-0.11.8.7/ext/global.c:105:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len2 = strlen(str2); data/ruby-ferret-0.11.8.7/ext/global.c:117:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += (int) strlen(fmt); data/ruby-ferret-0.11.8.7/ext/global.c:130:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *t = ALLOC_N(char, strlen(s) + 1); data/ruby-ferret-0.11.8.7/ext/global.c:153:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). e = buf + strlen(buf); data/ruby-ferret-0.11.8.7/ext/global.c:158:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(e = strchr(buf, 'e'))) { e = buf + strlen(buf); } data/ruby-ferret-0.11.8.7/ext/global.c:165:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(p, e, strlen(e) + 1); data/ruby-ferret-0.11.8.7/ext/global.c:188:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = (int) strlen(fmt) + 1; data/ruby-ferret-0.11.8.7/ext/global.c:207:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = (int) strlen(s); data/ruby-ferret-0.11.8.7/ext/global.c:220:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q = string + strlen(string); data/ruby-ferret-0.11.8.7/ext/global.c:223:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q += strlen(q); data/ruby-ferret-0.11.8.7/ext/global.c:230:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q = string + strlen(string); data/ruby-ferret-0.11.8.7/ext/global.c:377:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (fmt[0] != '\0' && fmt[strlen(fmt) - 1] == ':') data/ruby-ferret-0.11.8.7/ext/global.c:388:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name, str, sizeof(name) - 1); data/ruby-ferret-0.11.8.7/ext/index.c:311:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *str = ALLOC_N(char, strlen((char *)fi->name) + 200); data/ruby-ferret-0.11.8.7/ext/index.c:690:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t seg_len = strlen(si->name); data/ruby-ferret-0.11.8.7/ext/index.c:922:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(listing_buffer, listing, 1023); data/ruby-ferret-0.11.8.7/ext/index.c:1519:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t segment_len = strlen(segment); data/ruby-ferret-0.11.8.7/ext/index.c:1812:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t segment_len = strlen(segment); data/ruby-ferret-0.11.8.7/ext/index.c:2733:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t segment_len = strlen(segment); data/ruby-ferret-0.11.8.7/ext/index.c:2824:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(tiw->tis_writer->last_term), data/ruby-ferret-0.11.8.7/ext/index.c:3336:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). end += mtde->curr_tde->read(mtde->curr_tde, docs + last_end, data/ruby-ferret-0.11.8.7/ext/index.c:6209:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int seg_len = strlen(si->name); data/ruby-ferret-0.11.8.7/ext/index.h:414:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int (*read)(FrtTermDocEnum *tde, int *docs, int *freqs, int req_num); data/ruby-ferret-0.11.8.7/ext/lang.h:11:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). #undef read data/ruby-ferret-0.11.8.7/ext/mempool.c:52:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(str) + 1; data/ruby-ferret-0.11.8.7/ext/multimapper.c:189:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). current_state->mapping_len = strlen(mapping); data/ruby-ferret-0.11.8.7/ext/multimapper.c:227:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int plen = (int)strlen(pattern); data/ruby-ferret-0.11.8.7/ext/multimapper.c:302:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int capa = strlen(from); data/ruby-ferret-0.11.8.7/ext/q_boolean.c:1439:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). clause_len = (int)strlen(clause_str); data/ruby-ferret-0.11.8.7/ext/q_boolean.c:1473:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int boost_len = (int)strlen(boost_str); data/ruby-ferret-0.11.8.7/ext/q_fuzzy.c:130:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int m = (int)strlen(target); data/ruby-ferret-0.11.8.7/ext/q_fuzzy.c:157:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bptr = buffer = ALLOC_N(char, strlen(term) + sym_len(field) + 70); data/ruby-ferret-0.11.8.7/ext/q_fuzzy.c:166:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bptr += strlen(bptr); data/ruby-ferret-0.11.8.7/ext/q_fuzzy.c:191:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (fuzq->pre_len >= (int)strlen(term)) { data/ruby-ferret-0.11.8.7/ext/q_fuzzy.c:198:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(prefix, term, pre_len); data/ruby-ferret-0.11.8.7/ext/q_fuzzy.c:210:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fuzq->text_len = (int)strlen(fuzq->text); data/ruby-ferret-0.11.8.7/ext/q_multi_term.c:79:40: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). self->pointer_max = self->tde->read(self->tde, self->docs, self->freqs, data/ruby-ferret-0.11.8.7/ext/q_multi_term.c:406:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(((BoostedTerm *)bt_pq->heap[i])->term) + 30; data/ruby-ferret-0.11.8.7/ext/q_multi_term.c:512:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int flen = (int)strlen(field); data/ruby-ferret-0.11.8.7/ext/q_multi_term.c:517:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen += (int)strlen(((BoostedTerm *)boosted_terms->heap[i])->term) + 35; data/ruby-ferret-0.11.8.7/ext/q_multi_term.c:534:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bptr += (int)strlen(bptr); data/ruby-ferret-0.11.8.7/ext/q_parser.c:992:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define yystrlen strlen data/ruby-ferret-0.11.8.7/ext/q_parser.c:2087:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). qp->dynbuf = ALLOC_AND_ZERO_N(char, strlen(qp->qstr) + 1); data/ruby-ferret-0.11.8.7/ext/q_parser.c:2088:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(qp->dynbuf, buf, MAX_WORD_SIZE); data/ruby-ferret-0.11.8.7/ext/q_parser.c:2192:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, qp->qstr, 1023); data/ruby-ferret-0.11.8.7/ext/q_parser.c:2455:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int max_len = (int)strlen(str) + 1; data/ruby-ferret-0.11.8.7/ext/q_parser.c:2492:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = (int)strlen(pattern); data/ruby-ferret-0.11.8.7/ext/q_parser.c:2965:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *new_str = ALLOC_N(char, strlen(str)*2 + 1); data/ruby-ferret-0.11.8.7/ext/q_phrase.c:627:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(terms[j]) + 30; data/ruby-ferret-0.11.8.7/ext/q_phrase.c:971:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int flen = strlen(field); data/ruby-ferret-0.11.8.7/ext/q_phrase.c:994:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(terms[j]) + 5; data/ruby-ferret-0.11.8.7/ext/q_phrase.c:1031:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(term); data/ruby-ferret-0.11.8.7/ext/q_prefix.c:18:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t plen = strlen(prefix); data/ruby-ferret-0.11.8.7/ext/q_prefix.c:47:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t prefix_len = strlen(prefix); data/ruby-ferret-0.11.8.7/ext/q_range.c:27:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flen = strlen(field); data/ruby-ferret-0.11.8.7/ext/q_range.c:28:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). llen = range->lower_term ? strlen(range->lower_term) : 0; data/ruby-ferret-0.11.8.7/ext/q_range.c:29:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ulen = range->upper_term ? strlen(range->upper_term) : 0; data/ruby-ferret-0.11.8.7/ext/q_range.c:161:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)strlen(lower_term) == len)) && data/ruby-ferret-0.11.8.7/ext/q_range.c:164:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)strlen(upper_term) == len))) data/ruby-ferret-0.11.8.7/ext/q_range.c:352:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((!lt || (sscanf(lt, "%lg%n", &lnum, &len) && (int)strlen(lt) == len)) && data/ruby-ferret-0.11.8.7/ext/q_range.c:353:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (!ut || (sscanf(ut, "%lg%n", &unum, &len) && (int)strlen(ut) == len))) data/ruby-ferret-0.11.8.7/ext/q_range.c:564:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int)strlen(text) == len) { /* We have a number */\ data/ruby-ferret-0.11.8.7/ext/q_range.c:585:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || (sscanf(lt,"%lg%n",&lnum,&len) && (int)strlen(lt) == len)) data/ruby-ferret-0.11.8.7/ext/q_range.c:588:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || (sscanf(ut,"%lg%n",&unum,&len) && (int)strlen(ut) == len))) data/ruby-ferret-0.11.8.7/ext/q_span.c:397:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(query_str); data/ruby-ferret-0.11.8.7/ext/q_span.c:870:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(query_str); data/ruby-ferret-0.11.8.7/ext/q_span.c:1182:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(query_str); data/ruby-ferret-0.11.8.7/ext/q_span.c:1423:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). REALLOC_N(doc_freqs, char, df_i + strlen(term) + 23); data/ruby-ferret-0.11.8.7/ext/q_span.c:1602:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(smtq->terms[i]) + 2; data/ruby-ferret-0.11.8.7/ext/q_span.c:1609:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(smtq->terms[i]); data/ruby-ferret-0.11.8.7/ext/q_span.c:1821:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(q_strs[i]) + 2; data/ruby-ferret-0.11.8.7/ext/q_span.c:2005:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(q_strs[i]); data/ruby-ferret-0.11.8.7/ext/q_span.c:2312:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t plen = strlen(prefix); data/ruby-ferret-0.11.8.7/ext/q_span.c:2340:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t prefix_len = strlen(prefix); data/ruby-ferret-0.11.8.7/ext/q_term.c:57:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ts->pointer_max = ts->tde->read(ts->tde, ts->docs, ts->freqs, data/ruby-ferret-0.11.8.7/ext/q_term.c:268:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t flen = strlen(field); data/ruby-ferret-0.11.8.7/ext/q_term.c:269:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t tlen = strlen(TQ(self)->term); data/ruby-ferret-0.11.8.7/ext/q_wildcard.c:19:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bptr = buffer = ALLOC_N(char, strlen(pattern) + strlen(field_str) + 35); data/ruby-ferret-0.11.8.7/ext/q_wildcard.c:19:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bptr = buffer = ALLOC_N(char, strlen(pattern) + strlen(field_str) + 35); data/ruby-ferret-0.11.8.7/ext/q_wildcard.c:39:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const char *text_last = t + strlen(t); data/ruby-ferret-0.11.8.7/ext/r_analysis.c:1946:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rtoken_re = rb_reg_new(TOKEN_RE, strlen(TOKEN_RE), 0); data/ruby-ferret-0.11.8.7/ext/r_index.c:870:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). jp += strlen(jp); data/ruby-ferret-0.11.8.7/ext/r_index.c:891:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). jp += strlen(jp); data/ruby-ferret-0.11.8.7/ext/r_index.c:1126:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). jp += strlen(jp); data/ruby-ferret-0.11.8.7/ext/r_index.c:1131:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). jp += strlen(jp); data/ruby-ferret-0.11.8.7/ext/r_search.c:213:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = (int)strlen(str); data/ruby-ferret-0.11.8.7/ext/r_search.c:224:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). value_len = strlen(value); data/ruby-ferret-0.11.8.7/ext/r_search.c:233:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(str + p); data/ruby-ferret-0.11.8.7/ext/r_search.c:272:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(field_name); data/ruby-ferret-0.11.8.7/ext/r_search.c:942:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(ostr) + strlen(qstr) + 2; data/ruby-ferret-0.11.8.7/ext/r_search.c:942:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(ostr) + strlen(qstr) + 2; data/ruby-ferret-0.11.8.7/ext/r_search.c:2346:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int len = strlen(xsort_str); data/ruby-ferret-0.11.8.7/ext/ram_store.c:106:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(rf->name, LOCK_PREFIX, strlen(LOCK_PREFIX)) == 0) { data/ruby-ferret-0.11.8.7/ext/search.c:71:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). REALLOC_N(buffer, char, strlen(buffer) + 10); data/ruby-ferret-0.11.8.7/ext/search.c:741:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int pre_tag_len = (int)strlen(pre_tag); data/ruby-ferret-0.11.8.7/ext/search.c:742:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int post_tag_len = (int)strlen(post_tag); data/ruby-ferret-0.11.8.7/ext/search.c:743:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int ellipsis_len = (int)strlen(ellipsis); data/ruby-ferret-0.11.8.7/ext/search.c:794:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int pre_len = (int)strlen(pre_tag); data/ruby-ferret-0.11.8.7/ext/search.c:795:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int post_len = (int)strlen(post_tag); data/ruby-ferret-0.11.8.7/ext/sort.c:96:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str = ALLOC_N(char, 3 + sym_len(self->field) + strlen(type)); data/ruby-ferret-0.11.8.7/ext/sort.c:100:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str = ALLOC_N(char, 2 + strlen(type)); data/ruby-ferret-0.11.8.7/ext/sort.c:373:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). text_len = (int)strlen(text); data/ruby-ferret-0.11.8.7/ext/sort.c:766:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += (int)strlen(s) + 2; data/ruby-ferret-0.11.8.7/ext/sort.c:781:5: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(s, "]"); data/ruby-ferret-0.11.8.7/ext/store.c:608:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). os_write_string_len(os, str, (int)strlen(str)); data/ruby-ferret-0.11.8.7/ext/store.c:620:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int start = (int) strlen(filename) - 4; data/ruby-ferret-0.11.8.7/ext/store.c:669:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fnl->total_len += strlen(fname) + 2; data/ruby-ferret-0.11.8.7/ext/store.c:688:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(fn); data/ruby-ferret-0.11.8.7/ext/symbol.h:21:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define frt_sym_len(sym) strlen(rb_id2name((ID)sym)) ANALYSIS SUMMARY: Hits = 414 Lines analyzed = 89586 in approximately 2.75 seconds (32586 lines/second) Physical Source Lines of Code (SLOC) = 72145 Hits@level = [0] 80 [1] 121 [2] 203 [3] 0 [4] 90 [5] 0 Hits@level+ = [0+] 494 [1+] 414 [2+] 293 [3+] 90 [4+] 90 [5+] 0 Hits/KSLOC@level+ = [0+] 6.84732 [1+] 5.73844 [2+] 4.06127 [3+] 1.24749 [4+] 1.24749 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.