Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ruby-oj-3.10.13/ext/oj/strict.c
Examining data/ruby-oj-3.10.13/ext/oj/val_stack.c
Examining data/ruby-oj-3.10.13/ext/oj/code.c
Examining data/ruby-oj-3.10.13/ext/oj/trace.c
Examining data/ruby-oj-3.10.13/ext/oj/dump_object.c
Examining data/ruby-oj-3.10.13/ext/oj/rails.c
Examining data/ruby-oj-3.10.13/ext/oj/sparse.c
Examining data/ruby-oj-3.10.13/ext/oj/reader.c
Examining data/ruby-oj-3.10.13/ext/oj/dump.c
Examining data/ruby-oj-3.10.13/ext/oj/util.c
Examining data/ruby-oj-3.10.13/ext/oj/dump_leaf.c
Examining data/ruby-oj-3.10.13/ext/oj/resolve.h
Examining data/ruby-oj-3.10.13/ext/oj/dump_strict.c
Examining data/ruby-oj-3.10.13/ext/oj/scp.c
Examining data/ruby-oj-3.10.13/ext/oj/cache8.h
Examining data/ruby-oj-3.10.13/ext/oj/circarray.c
Examining data/ruby-oj-3.10.13/ext/oj/wab.c
Examining data/ruby-oj-3.10.13/ext/oj/encode.h
Examining data/ruby-oj-3.10.13/ext/oj/stream_writer.c
Examining data/ruby-oj-3.10.13/ext/oj/trace.h
Examining data/ruby-oj-3.10.13/ext/oj/oj.h
Examining data/ruby-oj-3.10.13/ext/oj/util.h
Examining data/ruby-oj-3.10.13/ext/oj/err.h
Examining data/ruby-oj-3.10.13/ext/oj/err.c
Examining data/ruby-oj-3.10.13/ext/oj/rxclass.c
Examining data/ruby-oj-3.10.13/ext/oj/rxclass.h
Examining data/ruby-oj-3.10.13/ext/oj/code.h
Examining data/ruby-oj-3.10.13/ext/oj/fast.c
Examining data/ruby-oj-3.10.13/ext/oj/dump.h
Examining data/ruby-oj-3.10.13/ext/oj/cache8.c
Examining data/ruby-oj-3.10.13/ext/oj/dump_compat.c
Examining data/ruby-oj-3.10.13/ext/oj/buf.h
Examining data/ruby-oj-3.10.13/ext/oj/parse.c
Examining data/ruby-oj-3.10.13/ext/oj/hash.c
Examining data/ruby-oj-3.10.13/ext/oj/compat.c
Examining data/ruby-oj-3.10.13/ext/oj/custom.c
Examining data/ruby-oj-3.10.13/ext/oj/val_stack.h
Examining data/ruby-oj-3.10.13/ext/oj/odd.h
Examining data/ruby-oj-3.10.13/ext/oj/object.c
Examining data/ruby-oj-3.10.13/ext/oj/oj.c
Examining data/ruby-oj-3.10.13/ext/oj/odd.c
Examining data/ruby-oj-3.10.13/ext/oj/resolve.c
Examining data/ruby-oj-3.10.13/ext/oj/hash.h
Examining data/ruby-oj-3.10.13/ext/oj/saj.c
Examining data/ruby-oj-3.10.13/ext/oj/string_writer.c
Examining data/ruby-oj-3.10.13/ext/oj/hash_test.c
Examining data/ruby-oj-3.10.13/ext/oj/parse.h
Examining data/ruby-oj-3.10.13/ext/oj/mimic_json.c
Examining data/ruby-oj-3.10.13/ext/oj/reader.h
Examining data/ruby-oj-3.10.13/ext/oj/rails.h
Examining data/ruby-oj-3.10.13/ext/oj/circarray.h
FINAL RESULTS:
data/ruby-oj-3.10.13/ext/oj/code.c:154:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.before_sep);
data/ruby-oj-3.10.13/ext/oj/code.c:159:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.after_sep);
data/ruby-oj-3.10.13/ext/oj/code.c:182:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.before_sep);
data/ruby-oj-3.10.13/ext/oj/code.c:187:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.after_sep);
data/ruby-oj-3.10.13/ext/oj/custom.c:316:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.hash_nl);
data/ruby-oj-3.10.13/ext/oj/custom.c:323:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.indent_str);
data/ruby-oj-3.10.13/ext/oj/custom.c:344:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.before_sep);
data/ruby-oj-3.10.13/ext/oj/custom.c:349:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.after_sep);
data/ruby-oj-3.10.13/ext/oj/custom.c:387:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.hash_nl);
data/ruby-oj-3.10.13/ext/oj/custom.c:394:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.indent_str);
data/ruby-oj-3.10.13/ext/oj/custom.c:428:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.before_sep);
data/ruby-oj-3.10.13/ext/oj/custom.c:433:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.after_sep);
data/ruby-oj-3.10.13/ext/oj/custom.c:488:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(n2, name);
data/ruby-oj-3.10.13/ext/oj/custom.c:663:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.before_sep);
data/ruby-oj-3.10.13/ext/oj/custom.c:668:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.after_sep);
data/ruby-oj-3.10.13/ext/oj/custom.c:764:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.array_nl);
data/ruby-oj-3.10.13/ext/oj/custom.c:770:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.indent_str);
data/ruby-oj-3.10.13/ext/oj/custom.c:786:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.array_nl);
data/ruby-oj-3.10.13/ext/oj/custom.c:793:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.indent_str);
data/ruby-oj-3.10.13/ext/oj/dump.c:568:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, format, ti.year, ti.mon, ti.day, ti.hour, ti.min, ti.sec, (long)nsec);
data/ruby-oj-3.10.13/ext/oj/dump.c:578:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, format, ti.year, ti.mon, ti.day, ti.hour, ti.min, ti.sec, (long)nsec, tzsign, tzhour, tzmin);
data/ruby-oj-3.10.13/ext/oj/dump.c:1099:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, inf_val);
data/ruby-oj-3.10.13/ext/oj/dump.c:1127:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, inf_val);
data/ruby-oj-3.10.13/ext/oj/dump.c:1134:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, ninf_val);
data/ruby-oj-3.10.13/ext/oj/dump.c:1161:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, ninf_val);
data/ruby-oj-3.10.13/ext/oj/dump.c:1168:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, nan_val);
data/ruby-oj-3.10.13/ext/oj/dump.c:1195:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, nan_val);
data/ruby-oj-3.10.13/ext/oj/dump.c:1223:15: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int cnt = snprintf(buf, blen, format, d);
data/ruby-oj-3.10.13/ext/oj/dump.c:1230:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, rb_string_value_ptr((VALUE*)&rstr));
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:41:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.before_sep);
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:46:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.after_sep);
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:76:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.array_nl);
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:83:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.indent_str);
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:98:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.array_nl);
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:105:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.indent_str);
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:174:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.array_nl);
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:180:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.indent_str);
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:196:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.array_nl);
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:203:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.indent_str);
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:345:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.before_sep);
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:350:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.after_sep);
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:361:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.before_sep);
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:366:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.after_sep);
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:407:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.before_sep);
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:412:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.after_sep);
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:640:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, rb_string_value_ptr((VALUE*)&rstr));
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:664:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.hash_nl);
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:670:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.indent_str);
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:692:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.before_sep);
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:697:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.after_sep);
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:739:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.hash_nl);
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:746:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.indent_str);
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:842:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.before_sep);
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:847:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.after_sep);
data/ruby-oj-3.10.13/ext/oj/dump_object.c:154:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.array_nl);
data/ruby-oj-3.10.13/ext/oj/dump_object.c:160:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.indent_str);
data/ruby-oj-3.10.13/ext/oj/dump_object.c:177:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.array_nl);
data/ruby-oj-3.10.13/ext/oj/dump_object.c:184:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.indent_str);
data/ruby-oj-3.10.13/ext/oj/dump_object.c:333:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.hash_nl);
data/ruby-oj-3.10.13/ext/oj/dump_object.c:340:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.indent_str);
data/ruby-oj-3.10.13/ext/oj/dump_object.c:473:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(n2, name);
data/ruby-oj-3.10.13/ext/oj/dump_strict.c:64:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, inf_val);
data/ruby-oj-3.10.13/ext/oj/dump_strict.c:80:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, ninf_val);
data/ruby-oj-3.10.13/ext/oj/dump_strict.c:96:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, nan_val);
data/ruby-oj-3.10.13/ext/oj/dump_strict.c:151:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.array_nl);
data/ruby-oj-3.10.13/ext/oj/dump_strict.c:157:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.indent_str);
data/ruby-oj-3.10.13/ext/oj/dump_strict.c:178:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.array_nl);
data/ruby-oj-3.10.13/ext/oj/dump_strict.c:185:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.indent_str);
data/ruby-oj-3.10.13/ext/oj/dump_strict.c:224:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.hash_nl);
data/ruby-oj-3.10.13/ext/oj/dump_strict.c:230:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.indent_str);
data/ruby-oj-3.10.13/ext/oj/dump_strict.c:242:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.before_sep);
data/ruby-oj-3.10.13/ext/oj/dump_strict.c:247:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.after_sep);
data/ruby-oj-3.10.13/ext/oj/dump_strict.c:292:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.hash_nl);
data/ruby-oj-3.10.13/ext/oj/dump_strict.c:299:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.indent_str);
data/ruby-oj-3.10.13/ext/oj/err.c:16:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(e->msg, sizeof(e->msg) - 1, format, ap);
data/ruby-oj-3.10.13/ext/oj/fast.c:125:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest, src);
data/ruby-oj-3.10.13/ext/oj/mimic_json.c:124:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copts->dump_opts.indent_str, StringValuePtr(v));
data/ruby-oj-3.10.13/ext/oj/mimic_json.c:133:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copts->dump_opts.after_sep, StringValuePtr(v));
data/ruby-oj-3.10.13/ext/oj/mimic_json.c:142:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copts->dump_opts.before_sep, StringValuePtr(v));
data/ruby-oj-3.10.13/ext/oj/mimic_json.c:151:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copts->dump_opts.hash_nl, StringValuePtr(v));
data/ruby-oj-3.10.13/ext/oj/mimic_json.c:160:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copts->dump_opts.array_nl, StringValuePtr(v));
data/ruby-oj-3.10.13/ext/oj/mimic_json.c:661:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char*)oj_default_options.create_id, StringValuePtr(id));
data/ruby-oj-3.10.13/ext/oj/oj.c:470:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copts->dump_opts.indent_str, StringValuePtr(v));
data/ruby-oj-3.10.13/ext/oj/oj.c:602:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char*)copts->create_id, str);
data/ruby-oj-3.10.13/ext/oj/oj.c:632:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copts->dump_opts.after_sep, StringValuePtr(v));
data/ruby-oj-3.10.13/ext/oj/oj.c:645:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copts->dump_opts.before_sep, StringValuePtr(v));
data/ruby-oj-3.10.13/ext/oj/oj.c:658:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copts->dump_opts.hash_nl, StringValuePtr(v));
data/ruby-oj-3.10.13/ext/oj/oj.c:671:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copts->dump_opts.array_nl, StringValuePtr(v));
data/ruby-oj-3.10.13/ext/oj/parse.c:907:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
p += vsnprintf(msg, sizeof(msg) - 1, format, ap);
data/ruby-oj-3.10.13/ext/oj/rails.c:181:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.before_sep);
data/ruby-oj-3.10.13/ext/oj/rails.c:186:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.after_sep);
data/ruby-oj-3.10.13/ext/oj/rails.c:280:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
len = sprintf(buf, format, ti.year, ti.mon, ti.day, ti.hour, ti.min, ti.sec, nsec);
data/ruby-oj-3.10.13/ext/oj/rails.c:289:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
len = sprintf(buf, format, ti.year, ti.mon, ti.day, ti.hour, ti.min, ti.sec, nsec, tzsign, tzhour, tzmin);
data/ruby-oj-3.10.13/ext/oj/rails.c:386:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.array_nl);
data/ruby-oj-3.10.13/ext/oj/rails.c:392:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.indent_str);
data/ruby-oj-3.10.13/ext/oj/rails.c:410:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.array_nl);
data/ruby-oj-3.10.13/ext/oj/rails.c:417:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.indent_str);
data/ruby-oj-3.10.13/ext/oj/rails.c:459:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.array_nl);
data/ruby-oj-3.10.13/ext/oj/rails.c:465:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.indent_str);
data/ruby-oj-3.10.13/ext/oj/rails.c:482:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.array_nl);
data/ruby-oj-3.10.13/ext/oj/rails.c:489:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.indent_str);
data/ruby-oj-3.10.13/ext/oj/rails.c:1226:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, rb_string_value_ptr((VALUE*)&rstr));
data/ruby-oj-3.10.13/ext/oj/rails.c:1271:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.array_nl);
data/ruby-oj-3.10.13/ext/oj/rails.c:1277:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.indent_str);
data/ruby-oj-3.10.13/ext/oj/rails.c:1293:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.array_nl);
data/ruby-oj-3.10.13/ext/oj/rails.c:1300:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.indent_str);
data/ruby-oj-3.10.13/ext/oj/rails.c:1340:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.hash_nl);
data/ruby-oj-3.10.13/ext/oj/rails.c:1346:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.indent_str);
data/ruby-oj-3.10.13/ext/oj/rails.c:1358:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.before_sep);
data/ruby-oj-3.10.13/ext/oj/rails.c:1363:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.after_sep);
data/ruby-oj-3.10.13/ext/oj/rails.c:1408:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.hash_nl);
data/ruby-oj-3.10.13/ext/oj/rails.c:1415:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out->cur, out->opts->dump_opts.indent_str);
data/ruby-oj-3.10.13/ext/oj/reader.c:173:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(reader->tail, str);
data/ruby-oj-3.10.13/ext/oj/reader.c:195:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(reader->tail, str);
data/ruby-oj-3.10.13/ext/oj/saj.c:75:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s at line %d, column %d [%s:%d]", msg, jline, col, file, line);
data/ruby-oj-3.10.13/ext/oj/saj.c:678:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(json, StringValuePtr(input));
data/ruby-oj-3.10.13/ext/oj/saj.c:687:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(json, rb_string_value_cstr((VALUE*)&s));
data/ruby-oj-3.10.13/ext/oj/saj.c:705:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(json, rb_string_value_cstr((VALUE*)&s));
data/ruby-oj-3.10.13/ext/oj/trace.c:31:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fmt, "#0:%%13s:%%3d:Oj:%c:%%%ds %%s %%s\n", where, depth);
data/ruby-oj-3.10.13/ext/oj/trace.c:32:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fmt, file, line, indent, func, rb_obj_classname(obj));
data/ruby-oj-3.10.13/ext/oj/trace.c:42:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fmt, "#0:%%13s:%%3d:Oj:-:%%%ds %%s %%s\n", depth);
data/ruby-oj-3.10.13/ext/oj/trace.c:43:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fmt, file, line, indent, func, rb_obj_classname(obj));
data/ruby-oj-3.10.13/ext/oj/trace.c:53:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fmt, "#0:%%13s:%%3d:Oj:}:%%%ds %%s\n", depth);
data/ruby-oj-3.10.13/ext/oj/trace.c:54:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fmt, file, line, indent, func);
data/ruby-oj-3.10.13/ext/oj/trace.c:66:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fmt, "#0:%%13s:%%3d:Oj:{:%%%ds hash_end %%s\n", depth);
data/ruby-oj-3.10.13/ext/oj/trace.c:67:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fmt, file, line, indent, rb_obj_classname(obj));
data/ruby-oj-3.10.13/ext/oj/trace.c:77:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fmt, "#0:%%13s:%%3d:Oj:{:%%%ds array_ned\n", depth);
data/ruby-oj-3.10.13/ext/oj/trace.c:78:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fmt, file, line, indent);
data/ruby-oj-3.10.13/ext/oj/buf.h:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base[1024];
data/ruby-oj-3.10.13/ext/oj/buf.h:71:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->head, buf->base, len);
data/ruby-oj-3.10.13/ext/oj/buf.h:78:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->tail, s, slen);
data/ruby-oj-3.10.13/ext/oj/buf.h:91:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->head, buf->base, len);
data/ruby-oj-3.10.13/ext/oj/circarray.c:42:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ca->objs, ca->obj_array, sizeof(VALUE) * ca->cnt);
data/ruby-oj-3.10.13/ext/oj/code.c:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char class_name[1024];
data/ruby-oj-3.10.13/ext/oj/code.c:150:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->cur, out->opts->create_id, out->opts->create_id_len);
data/ruby-oj-3.10.13/ext/oj/code.c:163:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->cur, classname, len);
data/ruby-oj-3.10.13/ext/oj/code.c:178:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->cur, attrs->name, attrs->len);
data/ruby-oj-3.10.13/ext/oj/code.c:200:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/ruby-oj-3.10.13/ext/oj/custom.c:424:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->cur, out->opts->create_id, out->opts->create_id_len);
data/ruby-oj-3.10.13/ext/oj/custom.c:437:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->cur, classname, clen);
data/ruby-oj-3.10.13/ext/oj/custom.c:456:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->cur, name, nlen);
data/ruby-oj-3.10.13/ext/oj/custom.c:460:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->cur, s, len);
data/ruby-oj-3.10.13/ext/oj/custom.c:477:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nbuf[256];
data/ruby-oj-3.10.13/ext/oj/custom.c:543:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->cur, s, len);
data/ruby-oj-3.10.13/ext/oj/custom.c:626:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/ruby-oj-3.10.13/ext/oj/custom.c:659:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->cur, out->opts->create_id, out->opts->create_id_len);
data/ruby-oj-3.10.13/ext/oj/custom.c:672:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->cur, classname, len);
data/ruby-oj-3.10.13/ext/oj/custom.c:815:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num_id[32];
data/ruby-oj-3.10.13/ext/oj/custom.c:873:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->cur, name, len);
data/ruby-oj-3.10.13/ext/oj/dump.c:36:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char hex_chars[17] = "0123456789abcdef";
data/ruby-oj-3.10.13/ext/oj/dump.c:39:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char newline_friendly_chars[256] = "\
data/ruby-oj-3.10.13/ext/oj/dump.c:50:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hibit_friendly_chars[256] = "\
data/ruby-oj-3.10.13/ext/oj/dump.c:62:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ascii_friendly_chars[256] = "\
data/ruby-oj-3.10.13/ext/oj/dump.c:73:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char xss_friendly_chars[256] = "\
data/ruby-oj-3.10.13/ext/oj/dump.c:84:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hixss_friendly_chars[256] = "\
data/ruby-oj-3.10.13/ext/oj/dump.c:95:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rails_xss_friendly_chars[256] = "\
data/ruby-oj-3.10.13/ext/oj/dump.c:106:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rails_friendly_chars[256] = "\
data/ruby-oj-3.10.13/ext/oj/dump.c:255:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[len + 1];
data/ruby-oj-3.10.13/ext/oj/dump.c:257:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[32];
data/ruby-oj-3.10.13/ext/oj/dump.c:389:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/ruby-oj-3.10.13/ext/oj/dump.c:480:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->cur, b, size);
data/ruby-oj-3.10.13/ext/oj/dump.c:494:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/ruby-oj-3.10.13/ext/oj/dump.c:553:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%04d-%02d-%02dT%02d:%02d:%02dZ", ti.year, ti.mon, ti.day, ti.hour, ti.min, ti.sec);
data/ruby-oj-3.10.13/ext/oj/dump.c:556:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%04d-%02d-%02dT%02d:%02d:%02d%c%02d:%02d", ti.year, ti.mon, ti.day, ti.hour, ti.min, ti.sec,
data/ruby-oj-3.10.13/ext/oj/dump.c:561:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[64] = "%04d-%02d-%02dT%02d:%02d:%02d.%09ldZ";
data/ruby-oj-3.10.13/ext/oj/dump.c:571:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[64] = "%04d-%02d-%02dT%02d:%02d:%02d.%09ld%c%02d:%02d";
data/ruby-oj-3.10.13/ext/oj/dump.c:634:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/ruby-oj-3.10.13/ext/oj/dump.c:646:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (0 == (f = fopen(path, "w"))) {
data/ruby-oj-3.10.13/ext/oj/dump.c:666:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/ruby-oj-3.10.13/ext/oj/dump.c:729:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/ruby-oj-3.10.13/ext/oj/dump.c:738:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
b += sprintf(b, " %02x", *s);
data/ruby-oj-3.10.13/ext/oj/dump.c:957:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->cur, str, cnt);
data/ruby-oj-3.10.13/ext/oj/dump.c:977:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, out->buf, out->end - out->buf + BUFFER_EXTRA);
data/ruby-oj-3.10.13/ext/oj/dump.c:1020:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/ruby-oj-3.10.13/ext/oj/dump.c:1074:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->cur, rb_string_value_ptr((VALUE*)&rs), cnt);
data/ruby-oj-3.10.13/ext/oj/dump.c:1085:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/ruby-oj-3.10.13/ext/oj/dump.c:1118:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "Infinity");
data/ruby-oj-3.10.13/ext/oj/dump.c:1122:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "null");
data/ruby-oj-3.10.13/ext/oj/dump.c:1152:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "-Infinity");
data/ruby-oj-3.10.13/ext/oj/dump.c:1156:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "null");
data/ruby-oj-3.10.13/ext/oj/dump.c:1186:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "NaN");
data/ruby-oj-3.10.13/ext/oj/dump.c:1190:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "null");
data/ruby-oj-3.10.13/ext/oj/dump.h:78:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:37:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->cur, out->opts->create_id, out->opts->create_id_len);
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:50:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->cur, classname, len);
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:138:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->cur, s, len);
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:603:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:617:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "Infinity");
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:623:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "-Infinity");
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:629:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "NaN");
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:891:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->cur, rb_string_value_ptr((VALUE*)&rs), cnt);
data/ruby-oj-3.10.13/ext/oj/dump_leaf.c:28:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, out->buf, out->end - out->buf + BUFFER_EXTRA);
data/ruby-oj-3.10.13/ext/oj/dump_leaf.c:44:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->cur, s, size);
data/ruby-oj-3.10.13/ext/oj/dump_leaf.c:229:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/ruby-oj-3.10.13/ext/oj/dump_leaf.c:240:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (0 == (f = fopen(path, "w"))) {
data/ruby-oj-3.10.13/ext/oj/dump_object.c:10:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char hex_chars[17] = "0123456789abcdef";
data/ruby-oj-3.10.13/ext/oj/dump_object.c:380:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/ruby-oj-3.10.13/ext/oj/dump_object.c:441:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->cur, name, nlen);
data/ruby-oj-3.10.13/ext/oj/dump_object.c:445:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->cur, s, len);
data/ruby-oj-3.10.13/ext/oj/dump_object.c:462:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nbuf[256];
data/ruby-oj-3.10.13/ext/oj/dump_object.c:642:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/ruby-oj-3.10.13/ext/oj/dump_object.c:726:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->cur, name, len);
data/ruby-oj-3.10.13/ext/oj/dump_object.c:734:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->cur, class_name, len);
data/ruby-oj-3.10.13/ext/oj/dump_strict.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/ruby-oj-3.10.13/ext/oj/dump_strict.c:59:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "null");
data/ruby-oj-3.10.13/ext/oj/dump_strict.c:75:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "null");
data/ruby-oj-3.10.13/ext/oj/dump_strict.c:91:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "null");
data/ruby-oj-3.10.13/ext/oj/err.h:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[128];
data/ruby-oj-3.10.13/ext/oj/fast.c:152:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/ruby-oj-3.10.13/ext/oj/fast.c:898:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stack, doc->where_path, sizeof(Leaf) * (cnt + 1));
data/ruby-oj-3.10.13/ext/oj/fast.c:1176:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(json, StringValuePtr(str), len);
data/ruby-oj-3.10.13/ext/oj/fast.c:1215:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (0 == (f = fopen(path, "r"))) {
data/ruby-oj-3.10.13/ext/oj/fast.c:1453:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(save_path, doc->where_path, sizeof(Leaf) * (wlen + 1));
data/ruby-oj-3.10.13/ext/oj/fast.c:1464:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(doc->where_path, save_path, sizeof(Leaf) * (wlen + 1));
data/ruby-oj-3.10.13/ext/oj/fast.c:1471:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(doc->where_path, save_path, sizeof(Leaf) * (wlen + 1));
data/ruby-oj-3.10.13/ext/oj/fast.c:1529:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(save_path, doc->where_path, sizeof(Leaf) * (wlen + 1));
data/ruby-oj-3.10.13/ext/oj/fast.c:1540:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(doc->where_path, save_path, sizeof(Leaf) * (wlen + 1));
data/ruby-oj-3.10.13/ext/oj/fast.c:1557:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(doc->where_path, save_path, sizeof(Leaf) * (wlen + 1));
data/ruby-oj-3.10.13/ext/oj/fast.c:1637:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/ruby-oj-3.10.13/ext/oj/hash.c:159:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, s, len);
data/ruby-oj-3.10.13/ext/oj/mimic_json.c:198:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/ruby-oj-3.10.13/ext/oj/mimic_json.c:366:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/ruby-oj-3.10.13/ext/oj/mimic_json.c:480:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(copts.dump_opts.indent_str, " ");
data/ruby-oj-3.10.13/ext/oj/mimic_json.c:740:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/ruby-oj-3.10.13/ext/oj/object.c:419:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attr[256];
data/ruby-oj-3.10.13/ext/oj/object.c:493:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ruby-oj-3.10.13/ext/oj/object.c:498:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, key, klen);
data/ruby-oj-3.10.13/ext/oj/object.c:549:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ruby-oj-3.10.13/ext/oj/object.c:554:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, key, klen);
data/ruby-oj-3.10.13/ext/oj/object.c:623:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ruby-oj-3.10.13/ext/oj/object.c:628:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, key, klen);
data/ruby-oj-3.10.13/ext/oj/odd.c:196:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(odds, _odds, sizeof(struct _odd) * odd_cnt);
data/ruby-oj-3.10.13/ext/oj/odd.h:26:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *attr_names[MAX_ODD_ARGS]; // NULL terminated attr names
data/ruby-oj-3.10.13/ext/oj/oj.c:499:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(copts->float_fmt, "%%0.%dg", n);
data/ruby-oj-3.10.13/ext/oj/oj.c:969:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (0 == (fd = open(path, O_RDONLY))) {
data/ruby-oj-3.10.13/ext/oj/oj.c:1060:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/ruby-oj-3.10.13/ext/oj/oj.c:1115:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/ruby-oj-3.10.13/ext/oj/oj.h:115:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indent_str[16];
data/ruby-oj-3.10.13/ext/oj/oj.h:116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char before_sep[16];
data/ruby-oj-3.10.13/ext/oj/oj.h:117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char after_sep[16];
data/ruby-oj-3.10.13/ext/oj/oj.h:118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hash_nl[16];
data/ruby-oj-3.10.13/ext/oj/oj.h:119:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char array_nl[16];
data/ruby-oj-3.10.13/ext/oj/oj.h:162:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char float_fmt[7]; // float format for dumping, if empty use Ruby
data/ruby-oj-3.10.13/ext/oj/parse.c:292:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)parent->key, buf.head, parent->klen);
data/ruby-oj-3.10.13/ext/oj/parse.c:831:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ruby-oj-3.10.13/ext/oj/parse.c:833:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ni->str, ni->len);
data/ruby-oj-3.10.13/ext/oj/parse.c:839:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ni->str, ni->len);
data/ruby-oj-3.10.13/ext/oj/parse.c:900:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/ruby-oj-3.10.13/ext/oj/parse.c:928:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, vp->key, vp->klen);
data/ruby-oj-3.10.13/ext/oj/rails.c:84:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->table, src->table, sizeof(struct _rOpt) * dest->alen);
data/ruby-oj-3.10.13/ext/oj/rails.c:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/ruby-oj-3.10.13/ext/oj/rails.c:177:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->cur, name, len);
data/ruby-oj-3.10.13/ext/oj/rails.c:229:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/ruby-oj-3.10.13/ext/oj/rails.c:265:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(buf, "%04d/%02d/%02d %02d:%02d:%02d %c%02d%02d", ti.year, ti.mon, ti.day, ti.hour, ti.min, ti.sec, tzsign, tzhour, tzmin);
data/ruby-oj-3.10.13/ext/oj/rails.c:268:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(buf, "%04d-%02d-%02dT%02d:%02d:%02dZ", ti.year, ti.mon, ti.day, ti.hour, ti.min, ti.sec);
data/ruby-oj-3.10.13/ext/oj/rails.c:270:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(buf, "%04d-%02d-%02dT%02d:%02d:%02d%c%02d:%02d", ti.year, ti.mon, ti.day, ti.hour, ti.min, ti.sec, tzsign, tzhour, tzmin);
data/ruby-oj-3.10.13/ext/oj/rails.c:273:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[64] = "%04d-%02d-%02dT%02d:%02d:%02d.%09ldZ";
data/ruby-oj-3.10.13/ext/oj/rails.c:282:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[64] = "%04d-%02d-%02dT%02d:%02d:%02d.%09ld%c%02d:%02d";
data/ruby-oj-3.10.13/ext/oj/rails.c:688:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char class_name[1024];
data/ruby-oj-3.10.13/ext/oj/rails.c:907:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/ruby-oj-3.10.13/ext/oj/rails.c:1203:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/ruby-oj-3.10.13/ext/oj/rails.c:1217:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "null");
data/ruby-oj-3.10.13/ext/oj/reader.c:113:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)reader->head, old, size);
data/ruby-oj-3.10.13/ext/oj/reader.h:10:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base[0x00001000];
data/ruby-oj-3.10.13/ext/oj/resolve.c:35:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char class_name[1024];
data/ruby-oj-3.10.13/ext/oj/rxclass.c:24:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[256];
data/ruby-oj-3.10.13/ext/oj/rxclass.c:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/ruby-oj-3.10.13/ext/oj/rxclass.c:117:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, str, len);
data/ruby-oj-3.10.13/ext/oj/rxclass.h:17:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[128];
data/ruby-oj-3.10.13/ext/oj/saj.c:62:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/ruby-oj-3.10.13/ext/oj/sparse.c:301:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)parent->key, buf.head, parent->klen);
data/ruby-oj-3.10.13/ext/oj/sparse.c:364:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(parent->karray, pi->rd.str, parent->klen);
data/ruby-oj-3.10.13/ext/oj/trace.c:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[64];
data/ruby-oj-3.10.13/ext/oj/trace.c:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indent[MAX_INDENT];
data/ruby-oj-3.10.13/ext/oj/trace.c:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[64];
data/ruby-oj-3.10.13/ext/oj/trace.c:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indent[MAX_INDENT];
data/ruby-oj-3.10.13/ext/oj/trace.c:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[64];
data/ruby-oj-3.10.13/ext/oj/trace.c:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indent[MAX_INDENT];
data/ruby-oj-3.10.13/ext/oj/trace.c:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[64];
data/ruby-oj-3.10.13/ext/oj/trace.c:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indent[MAX_INDENT];
data/ruby-oj-3.10.13/ext/oj/trace.c:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[64];
data/ruby-oj-3.10.13/ext/oj/trace.c:73:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indent[MAX_INDENT];
data/ruby-oj-3.10.13/ext/oj/val_stack.h:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char karray[32];
data/ruby-oj-3.10.13/ext/oj/val_stack.h:109:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(head, stack->base, sizeof(struct _val) * len);
data/ruby-oj-3.10.13/ext/oj/wab.c:23:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hex_chars[256] = "\
data/ruby-oj-3.10.13/ext/oj/wab.c:91:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/ruby-oj-3.10.13/ext/oj/wab.c:198:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/ruby-oj-3.10.13/ext/oj/wab.c:223:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(buf, "%04d-%02d-%02dT%02d:%02d:%02d.%09ldZ", ti.year, ti.mon, ti.day, ti.hour, ti.min, ti.sec, (long)nsec);
data/ruby-oj-3.10.13/ext/oj/code.c:140:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(classname);
data/ruby-oj-3.10.13/ext/oj/custom.c:417:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int clen = (int)strlen(classname);
data/ruby-oj-3.10.13/ext/oj/custom.c:450:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nlen = strlen(name);
data/ruby-oj-3.10.13/ext/oj/custom.c:471:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen(name);
data/ruby-oj-3.10.13/ext/oj/custom.c:624:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oj_dump_cstr(attr, strlen(attr), 0, 0, out);
data/ruby-oj-3.10.13/ext/oj/custom.c:629:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf + 1, attr, sizeof(buf) - 2);
data/ruby-oj-3.10.13/ext/oj/custom.c:631:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oj_dump_cstr(buf, strlen(buf), 0, 0, out);
data/ruby-oj-3.10.13/ext/oj/custom.c:653:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(classname);
data/ruby-oj-3.10.13/ext/oj/dump.c:274:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, str, len);
data/ruby-oj-3.10.13/ext/oj/dump.c:944:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oj_dump_cstr(s, strlen(s), 0, 0, out);
data/ruby-oj-3.10.13/ext/oj/dump.c:1209:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, rb_string_value_ptr((VALUE*)&rstr), cnt);
data/ruby-oj-3.10.13/ext/oj/dump_compat.c:29:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(classname);
data/ruby-oj-3.10.13/ext/oj/dump_leaf.c:53:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oj_dump_cstr(leaf->str, strlen(leaf->str), 0, 0, out);
data/ruby-oj-3.10.13/ext/oj/dump_leaf.c:69:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dump_chars(leaf->str, strlen(leaf->str), out);
data/ruby-oj-3.10.13/ext/oj/dump_leaf.c:89:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dump_chars(leaf->str, strlen(leaf->str), out);
data/ruby-oj-3.10.13/ext/oj/dump_leaf.c:161:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oj_dump_cstr(e->key, strlen(e->key), 0, 0, out);
data/ruby-oj-3.10.13/ext/oj/dump_object.c:97:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(s);
data/ruby-oj-3.10.13/ext/oj/dump_object.c:378:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oj_dump_cstr(attr, strlen(attr), 0, 0, out);
data/ruby-oj-3.10.13/ext/oj/dump_object.c:383:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf + 1, attr, sizeof(buf) - 2);
data/ruby-oj-3.10.13/ext/oj/dump_object.c:385:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oj_dump_cstr(buf, strlen(buf), 0, 0, out);
data/ruby-oj-3.10.13/ext/oj/dump_object.c:414:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int clen = (int)strlen(class_name);
data/ruby-oj-3.10.13/ext/oj/dump_object.c:435:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nlen = strlen(name);
data/ruby-oj-3.10.13/ext/oj/dump_object.c:456:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen(name);
data/ruby-oj-3.10.13/ext/oj/dump_object.c:517:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int clen = (int)strlen(class_name);
data/ruby-oj-3.10.13/ext/oj/dump_object.c:640:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oj_dump_cstr(attr, strlen(attr), 0, 0, out);
data/ruby-oj-3.10.13/ext/oj/dump_object.c:645:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf + 1, attr, sizeof(buf) - 2);
data/ruby-oj-3.10.13/ext/oj/dump_object.c:647:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oj_dump_cstr(buf, strlen(attr) + 1, 0, 0, out);
data/ruby-oj-3.10.13/ext/oj/dump_object.c:697:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(class_name);
data/ruby-oj-3.10.13/ext/oj/dump_strict.c:109:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, rb_string_value_ptr((VALUE*)&rstr), cnt);
data/ruby-oj-3.10.13/ext/oj/fast.c:123:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cnt = strlen(src);
data/ruby-oj-3.10.13/ext/oj/fast.c:984:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
klen = (int)strlen(key);
data/ruby-oj-3.10.13/ext/oj/fast.c:1094:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
klen = (int)strlen(key);
data/ruby-oj-3.10.13/ext/oj/mimic_json.c:481:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
copts.dump_opts.indent_size = (uint8_t)strlen(copts.dump_opts.indent_str);
data/ruby-oj-3.10.13/ext/oj/mimic_json.c:482:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(copts.dump_opts.before_sep, "");
data/ruby-oj-3.10.13/ext/oj/mimic_json.c:483:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
copts.dump_opts.before_size = (uint8_t)strlen(copts.dump_opts.before_sep);
data/ruby-oj-3.10.13/ext/oj/mimic_json.c:484:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(copts.dump_opts.after_sep, " ");
data/ruby-oj-3.10.13/ext/oj/mimic_json.c:485:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
copts.dump_opts.after_size = (uint8_t)strlen(copts.dump_opts.after_sep);
data/ruby-oj-3.10.13/ext/oj/mimic_json.c:486:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(copts.dump_opts.hash_nl, "\n");
data/ruby-oj-3.10.13/ext/oj/mimic_json.c:487:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
copts.dump_opts.hash_size = (uint8_t)strlen(copts.dump_opts.hash_nl);
data/ruby-oj-3.10.13/ext/oj/mimic_json.c:488:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(copts.dump_opts.array_nl, "\n");
data/ruby-oj-3.10.13/ext/oj/mimic_json.c:489:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
copts.dump_opts.array_size = (uint8_t)strlen(copts.dump_opts.array_nl);
data/ruby-oj-3.10.13/ext/oj/object.c:425:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, key + 1, klen - 1);
data/ruby-oj-3.10.13/ext/oj/object.c:429:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf + 1, key, klen);
data/ruby-oj-3.10.13/ext/oj/object.c:436:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(attr, key + 1, klen - 1);
data/ruby-oj-3.10.13/ext/oj/object.c:440:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(attr + 1, key, klen);
data/ruby-oj-3.10.13/ext/oj/odd.c:27:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
odd->clen = strlen(classname);
data/ruby-oj-3.10.13/ext/oj/odd.c:205:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
odd->clen = strlen(odd->classname);
data/ruby-oj-3.10.13/ext/oj/parse.c:1028:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (0 >= (cnt = read(fd, (char*)pi->json, len)) || cnt != (ssize_t)len) {
data/ruby-oj-3.10.13/ext/oj/rails.c:108:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oj_dump_cstr(attr, strlen(attr), 0, 0, out);
data/ruby-oj-3.10.13/ext/oj/rails.c:113:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf + 1, attr, sizeof(buf) - 2);
data/ruby-oj-3.10.13/ext/oj/rails.c:115:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oj_dump_cstr(buf, strlen(buf), 0, 0, out);
data/ruby-oj-3.10.13/ext/oj/reader.c:216:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cnt = read(reader->fd, reader->tail, max);
data/ruby-oj-3.10.13/ext/oj/rxclass.c:72:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sizeof(rxc->src) <= strlen(expr)) {
data/ruby-oj-3.10.13/ext/oj/saj.c:696:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (0 >= (cnt = read(fd, json, len)) || cnt != (ssize_t)len) {
data/ruby-oj-3.10.13/ext/oj/string_writer.c:101:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oj_dump_cstr(key, strlen(key), 0, 0, &sw->out);
data/ruby-oj-3.10.13/ext/oj/string_writer.c:122:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oj_dump_cstr(key, strlen(key), 0, 0, &sw->out);
data/ruby-oj-3.10.13/ext/oj/string_writer.c:146:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oj_dump_cstr(key, strlen(key), 0, 0, &sw->out);
data/ruby-oj-3.10.13/ext/oj/string_writer.c:171:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oj_dump_cstr(key, strlen(key), 0, 0, out);
data/ruby-oj-3.10.13/ext/oj/string_writer.c:201:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oj_dump_cstr(key, strlen(key), 0, 0, &sw->out);
data/ruby-oj-3.10.13/ext/oj/string_writer.c:205:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oj_dump_raw(json, strlen(json), &sw->out);
ANALYSIS SUMMARY:
Hits = 348
Lines analyzed = 20393 in approximately 0.54 seconds (37488 lines/second)
Physical Source Lines of Code (SLOC) = 16588
Hits@level = [0] 22 [1] 60 [2] 160 [3] 0 [4] 128 [5] 0
Hits@level+ = [0+] 370 [1+] 348 [2+] 288 [3+] 128 [4+] 128 [5+] 0
Hits/KSLOC@level+ = [0+] 22.3053 [1+] 20.979 [2+] 17.3619 [3+] 7.71642 [4+] 7.71642 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.