Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/ruby-oj-3.10.13/ext/oj/strict.c Examining data/ruby-oj-3.10.13/ext/oj/val_stack.c Examining data/ruby-oj-3.10.13/ext/oj/code.c Examining data/ruby-oj-3.10.13/ext/oj/trace.c Examining data/ruby-oj-3.10.13/ext/oj/dump_object.c Examining data/ruby-oj-3.10.13/ext/oj/rails.c Examining data/ruby-oj-3.10.13/ext/oj/sparse.c Examining data/ruby-oj-3.10.13/ext/oj/reader.c Examining data/ruby-oj-3.10.13/ext/oj/dump.c Examining data/ruby-oj-3.10.13/ext/oj/util.c Examining data/ruby-oj-3.10.13/ext/oj/dump_leaf.c Examining data/ruby-oj-3.10.13/ext/oj/resolve.h Examining data/ruby-oj-3.10.13/ext/oj/dump_strict.c Examining data/ruby-oj-3.10.13/ext/oj/scp.c Examining data/ruby-oj-3.10.13/ext/oj/cache8.h Examining data/ruby-oj-3.10.13/ext/oj/circarray.c Examining data/ruby-oj-3.10.13/ext/oj/wab.c Examining data/ruby-oj-3.10.13/ext/oj/encode.h Examining data/ruby-oj-3.10.13/ext/oj/stream_writer.c Examining data/ruby-oj-3.10.13/ext/oj/trace.h Examining data/ruby-oj-3.10.13/ext/oj/oj.h Examining data/ruby-oj-3.10.13/ext/oj/util.h Examining data/ruby-oj-3.10.13/ext/oj/err.h Examining data/ruby-oj-3.10.13/ext/oj/err.c Examining data/ruby-oj-3.10.13/ext/oj/rxclass.c Examining data/ruby-oj-3.10.13/ext/oj/rxclass.h Examining data/ruby-oj-3.10.13/ext/oj/code.h Examining data/ruby-oj-3.10.13/ext/oj/fast.c Examining data/ruby-oj-3.10.13/ext/oj/dump.h Examining data/ruby-oj-3.10.13/ext/oj/cache8.c Examining data/ruby-oj-3.10.13/ext/oj/dump_compat.c Examining data/ruby-oj-3.10.13/ext/oj/buf.h Examining data/ruby-oj-3.10.13/ext/oj/parse.c Examining data/ruby-oj-3.10.13/ext/oj/hash.c Examining data/ruby-oj-3.10.13/ext/oj/compat.c Examining data/ruby-oj-3.10.13/ext/oj/custom.c Examining data/ruby-oj-3.10.13/ext/oj/val_stack.h Examining data/ruby-oj-3.10.13/ext/oj/odd.h Examining data/ruby-oj-3.10.13/ext/oj/object.c Examining data/ruby-oj-3.10.13/ext/oj/oj.c Examining data/ruby-oj-3.10.13/ext/oj/odd.c Examining data/ruby-oj-3.10.13/ext/oj/resolve.c Examining data/ruby-oj-3.10.13/ext/oj/hash.h Examining data/ruby-oj-3.10.13/ext/oj/saj.c Examining data/ruby-oj-3.10.13/ext/oj/string_writer.c Examining data/ruby-oj-3.10.13/ext/oj/hash_test.c Examining data/ruby-oj-3.10.13/ext/oj/parse.h Examining data/ruby-oj-3.10.13/ext/oj/mimic_json.c Examining data/ruby-oj-3.10.13/ext/oj/reader.h Examining data/ruby-oj-3.10.13/ext/oj/rails.h Examining data/ruby-oj-3.10.13/ext/oj/circarray.h FINAL RESULTS: data/ruby-oj-3.10.13/ext/oj/code.c:154:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.before_sep); data/ruby-oj-3.10.13/ext/oj/code.c:159:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.after_sep); data/ruby-oj-3.10.13/ext/oj/code.c:182:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.before_sep); data/ruby-oj-3.10.13/ext/oj/code.c:187:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.after_sep); data/ruby-oj-3.10.13/ext/oj/custom.c:316:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.hash_nl); data/ruby-oj-3.10.13/ext/oj/custom.c:323:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.indent_str); data/ruby-oj-3.10.13/ext/oj/custom.c:344:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.before_sep); data/ruby-oj-3.10.13/ext/oj/custom.c:349:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.after_sep); data/ruby-oj-3.10.13/ext/oj/custom.c:387:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.hash_nl); data/ruby-oj-3.10.13/ext/oj/custom.c:394:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.indent_str); data/ruby-oj-3.10.13/ext/oj/custom.c:428:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.before_sep); data/ruby-oj-3.10.13/ext/oj/custom.c:433:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.after_sep); data/ruby-oj-3.10.13/ext/oj/custom.c:488:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(n2, name); data/ruby-oj-3.10.13/ext/oj/custom.c:663:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.before_sep); data/ruby-oj-3.10.13/ext/oj/custom.c:668:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.after_sep); data/ruby-oj-3.10.13/ext/oj/custom.c:764:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.array_nl); data/ruby-oj-3.10.13/ext/oj/custom.c:770:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.indent_str); data/ruby-oj-3.10.13/ext/oj/custom.c:786:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.array_nl); data/ruby-oj-3.10.13/ext/oj/custom.c:793:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.indent_str); data/ruby-oj-3.10.13/ext/oj/dump.c:568:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, format, ti.year, ti.mon, ti.day, ti.hour, ti.min, ti.sec, (long)nsec); data/ruby-oj-3.10.13/ext/oj/dump.c:578:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, format, ti.year, ti.mon, ti.day, ti.hour, ti.min, ti.sec, (long)nsec, tzsign, tzhour, tzmin); data/ruby-oj-3.10.13/ext/oj/dump.c:1099:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, inf_val); data/ruby-oj-3.10.13/ext/oj/dump.c:1127:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, inf_val); data/ruby-oj-3.10.13/ext/oj/dump.c:1134:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, ninf_val); data/ruby-oj-3.10.13/ext/oj/dump.c:1161:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, ninf_val); data/ruby-oj-3.10.13/ext/oj/dump.c:1168:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, nan_val); data/ruby-oj-3.10.13/ext/oj/dump.c:1195:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, nan_val); data/ruby-oj-3.10.13/ext/oj/dump.c:1223:15: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int cnt = snprintf(buf, blen, format, d); data/ruby-oj-3.10.13/ext/oj/dump.c:1230:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, rb_string_value_ptr((VALUE*)&rstr)); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:41:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.before_sep); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:46:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.after_sep); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:76:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.array_nl); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:83:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.indent_str); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:98:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.array_nl); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:105:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.indent_str); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:174:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.array_nl); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:180:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.indent_str); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:196:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.array_nl); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:203:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.indent_str); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:345:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.before_sep); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:350:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.after_sep); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:361:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.before_sep); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:366:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.after_sep); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:407:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.before_sep); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:412:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.after_sep); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:640:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, rb_string_value_ptr((VALUE*)&rstr)); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:664:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.hash_nl); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:670:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.indent_str); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:692:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.before_sep); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:697:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.after_sep); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:739:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.hash_nl); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:746:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.indent_str); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:842:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.before_sep); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:847:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.after_sep); data/ruby-oj-3.10.13/ext/oj/dump_object.c:154:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.array_nl); data/ruby-oj-3.10.13/ext/oj/dump_object.c:160:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.indent_str); data/ruby-oj-3.10.13/ext/oj/dump_object.c:177:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.array_nl); data/ruby-oj-3.10.13/ext/oj/dump_object.c:184:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.indent_str); data/ruby-oj-3.10.13/ext/oj/dump_object.c:333:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.hash_nl); data/ruby-oj-3.10.13/ext/oj/dump_object.c:340:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.indent_str); data/ruby-oj-3.10.13/ext/oj/dump_object.c:473:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(n2, name); data/ruby-oj-3.10.13/ext/oj/dump_strict.c:64:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, inf_val); data/ruby-oj-3.10.13/ext/oj/dump_strict.c:80:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, ninf_val); data/ruby-oj-3.10.13/ext/oj/dump_strict.c:96:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, nan_val); data/ruby-oj-3.10.13/ext/oj/dump_strict.c:151:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.array_nl); data/ruby-oj-3.10.13/ext/oj/dump_strict.c:157:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.indent_str); data/ruby-oj-3.10.13/ext/oj/dump_strict.c:178:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.array_nl); data/ruby-oj-3.10.13/ext/oj/dump_strict.c:185:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.indent_str); data/ruby-oj-3.10.13/ext/oj/dump_strict.c:224:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.hash_nl); data/ruby-oj-3.10.13/ext/oj/dump_strict.c:230:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.indent_str); data/ruby-oj-3.10.13/ext/oj/dump_strict.c:242:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.before_sep); data/ruby-oj-3.10.13/ext/oj/dump_strict.c:247:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.after_sep); data/ruby-oj-3.10.13/ext/oj/dump_strict.c:292:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.hash_nl); data/ruby-oj-3.10.13/ext/oj/dump_strict.c:299:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.indent_str); data/ruby-oj-3.10.13/ext/oj/err.c:16:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(e->msg, sizeof(e->msg) - 1, format, ap); data/ruby-oj-3.10.13/ext/oj/fast.c:125:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dest, src); data/ruby-oj-3.10.13/ext/oj/mimic_json.c:124:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(copts->dump_opts.indent_str, StringValuePtr(v)); data/ruby-oj-3.10.13/ext/oj/mimic_json.c:133:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(copts->dump_opts.after_sep, StringValuePtr(v)); data/ruby-oj-3.10.13/ext/oj/mimic_json.c:142:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(copts->dump_opts.before_sep, StringValuePtr(v)); data/ruby-oj-3.10.13/ext/oj/mimic_json.c:151:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(copts->dump_opts.hash_nl, StringValuePtr(v)); data/ruby-oj-3.10.13/ext/oj/mimic_json.c:160:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(copts->dump_opts.array_nl, StringValuePtr(v)); data/ruby-oj-3.10.13/ext/oj/mimic_json.c:661:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*)oj_default_options.create_id, StringValuePtr(id)); data/ruby-oj-3.10.13/ext/oj/oj.c:470:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(copts->dump_opts.indent_str, StringValuePtr(v)); data/ruby-oj-3.10.13/ext/oj/oj.c:602:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*)copts->create_id, str); data/ruby-oj-3.10.13/ext/oj/oj.c:632:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(copts->dump_opts.after_sep, StringValuePtr(v)); data/ruby-oj-3.10.13/ext/oj/oj.c:645:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(copts->dump_opts.before_sep, StringValuePtr(v)); data/ruby-oj-3.10.13/ext/oj/oj.c:658:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(copts->dump_opts.hash_nl, StringValuePtr(v)); data/ruby-oj-3.10.13/ext/oj/oj.c:671:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(copts->dump_opts.array_nl, StringValuePtr(v)); data/ruby-oj-3.10.13/ext/oj/parse.c:907:10: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. p += vsnprintf(msg, sizeof(msg) - 1, format, ap); data/ruby-oj-3.10.13/ext/oj/rails.c:181:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.before_sep); data/ruby-oj-3.10.13/ext/oj/rails.c:186:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.after_sep); data/ruby-oj-3.10.13/ext/oj/rails.c:280:8: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. len = sprintf(buf, format, ti.year, ti.mon, ti.day, ti.hour, ti.min, ti.sec, nsec); data/ruby-oj-3.10.13/ext/oj/rails.c:289:8: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. len = sprintf(buf, format, ti.year, ti.mon, ti.day, ti.hour, ti.min, ti.sec, nsec, tzsign, tzhour, tzmin); data/ruby-oj-3.10.13/ext/oj/rails.c:386:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.array_nl); data/ruby-oj-3.10.13/ext/oj/rails.c:392:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.indent_str); data/ruby-oj-3.10.13/ext/oj/rails.c:410:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.array_nl); data/ruby-oj-3.10.13/ext/oj/rails.c:417:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.indent_str); data/ruby-oj-3.10.13/ext/oj/rails.c:459:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.array_nl); data/ruby-oj-3.10.13/ext/oj/rails.c:465:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.indent_str); data/ruby-oj-3.10.13/ext/oj/rails.c:482:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.array_nl); data/ruby-oj-3.10.13/ext/oj/rails.c:489:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.indent_str); data/ruby-oj-3.10.13/ext/oj/rails.c:1226:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, rb_string_value_ptr((VALUE*)&rstr)); data/ruby-oj-3.10.13/ext/oj/rails.c:1271:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.array_nl); data/ruby-oj-3.10.13/ext/oj/rails.c:1277:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.indent_str); data/ruby-oj-3.10.13/ext/oj/rails.c:1293:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.array_nl); data/ruby-oj-3.10.13/ext/oj/rails.c:1300:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.indent_str); data/ruby-oj-3.10.13/ext/oj/rails.c:1340:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.hash_nl); data/ruby-oj-3.10.13/ext/oj/rails.c:1346:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.indent_str); data/ruby-oj-3.10.13/ext/oj/rails.c:1358:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.before_sep); data/ruby-oj-3.10.13/ext/oj/rails.c:1363:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.after_sep); data/ruby-oj-3.10.13/ext/oj/rails.c:1408:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.hash_nl); data/ruby-oj-3.10.13/ext/oj/rails.c:1415:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out->cur, out->opts->dump_opts.indent_str); data/ruby-oj-3.10.13/ext/oj/reader.c:173:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(reader->tail, str); data/ruby-oj-3.10.13/ext/oj/reader.c:195:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(reader->tail, str); data/ruby-oj-3.10.13/ext/oj/saj.c:75:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s at line %d, column %d [%s:%d]", msg, jline, col, file, line); data/ruby-oj-3.10.13/ext/oj/saj.c:678:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(json, StringValuePtr(input)); data/ruby-oj-3.10.13/ext/oj/saj.c:687:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(json, rb_string_value_cstr((VALUE*)&s)); data/ruby-oj-3.10.13/ext/oj/saj.c:705:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(json, rb_string_value_cstr((VALUE*)&s)); data/ruby-oj-3.10.13/ext/oj/trace.c:31:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fmt, "#0:%%13s:%%3d:Oj:%c:%%%ds %%s %%s\n", where, depth); data/ruby-oj-3.10.13/ext/oj/trace.c:32:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(fmt, file, line, indent, func, rb_obj_classname(obj)); data/ruby-oj-3.10.13/ext/oj/trace.c:42:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fmt, "#0:%%13s:%%3d:Oj:-:%%%ds %%s %%s\n", depth); data/ruby-oj-3.10.13/ext/oj/trace.c:43:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(fmt, file, line, indent, func, rb_obj_classname(obj)); data/ruby-oj-3.10.13/ext/oj/trace.c:53:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fmt, "#0:%%13s:%%3d:Oj:}:%%%ds %%s\n", depth); data/ruby-oj-3.10.13/ext/oj/trace.c:54:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(fmt, file, line, indent, func); data/ruby-oj-3.10.13/ext/oj/trace.c:66:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fmt, "#0:%%13s:%%3d:Oj:{:%%%ds hash_end %%s\n", depth); data/ruby-oj-3.10.13/ext/oj/trace.c:67:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(fmt, file, line, indent, rb_obj_classname(obj)); data/ruby-oj-3.10.13/ext/oj/trace.c:77:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fmt, "#0:%%13s:%%3d:Oj:{:%%%ds array_ned\n", depth); data/ruby-oj-3.10.13/ext/oj/trace.c:78:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(fmt, file, line, indent); data/ruby-oj-3.10.13/ext/oj/buf.h:40:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char base[1024]; data/ruby-oj-3.10.13/ext/oj/buf.h:71:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf->head, buf->base, len); data/ruby-oj-3.10.13/ext/oj/buf.h:78:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf->tail, s, slen); data/ruby-oj-3.10.13/ext/oj/buf.h:91:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf->head, buf->base, len); data/ruby-oj-3.10.13/ext/oj/circarray.c:42:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ca->objs, ca->obj_array, sizeof(VALUE) * ca->cnt); data/ruby-oj-3.10.13/ext/oj/code.c:22:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char class_name[1024]; data/ruby-oj-3.10.13/ext/oj/code.c:150:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->cur, out->opts->create_id, out->opts->create_id_len); data/ruby-oj-3.10.13/ext/oj/code.c:163:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->cur, classname, len); data/ruby-oj-3.10.13/ext/oj/code.c:178:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->cur, attrs->name, attrs->len); data/ruby-oj-3.10.13/ext/oj/code.c:200:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/ruby-oj-3.10.13/ext/oj/custom.c:424:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->cur, out->opts->create_id, out->opts->create_id_len); data/ruby-oj-3.10.13/ext/oj/custom.c:437:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->cur, classname, clen); data/ruby-oj-3.10.13/ext/oj/custom.c:456:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->cur, name, nlen); data/ruby-oj-3.10.13/ext/oj/custom.c:460:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->cur, s, len); data/ruby-oj-3.10.13/ext/oj/custom.c:477:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nbuf[256]; data/ruby-oj-3.10.13/ext/oj/custom.c:543:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->cur, s, len); data/ruby-oj-3.10.13/ext/oj/custom.c:626:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/ruby-oj-3.10.13/ext/oj/custom.c:659:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->cur, out->opts->create_id, out->opts->create_id_len); data/ruby-oj-3.10.13/ext/oj/custom.c:672:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->cur, classname, len); data/ruby-oj-3.10.13/ext/oj/custom.c:815:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char num_id[32]; data/ruby-oj-3.10.13/ext/oj/custom.c:873:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->cur, name, len); data/ruby-oj-3.10.13/ext/oj/dump.c:36:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char hex_chars[17] = "0123456789abcdef"; data/ruby-oj-3.10.13/ext/oj/dump.c:39:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char newline_friendly_chars[256] = "\ data/ruby-oj-3.10.13/ext/oj/dump.c:50:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char hibit_friendly_chars[256] = "\ data/ruby-oj-3.10.13/ext/oj/dump.c:62:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ascii_friendly_chars[256] = "\ data/ruby-oj-3.10.13/ext/oj/dump.c:73:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char xss_friendly_chars[256] = "\ data/ruby-oj-3.10.13/ext/oj/dump.c:84:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char hixss_friendly_chars[256] = "\ data/ruby-oj-3.10.13/ext/oj/dump.c:95:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char rails_xss_friendly_chars[256] = "\ data/ruby-oj-3.10.13/ext/oj/dump.c:106:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char rails_friendly_chars[256] = "\ data/ruby-oj-3.10.13/ext/oj/dump.c:255:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[len + 1]; data/ruby-oj-3.10.13/ext/oj/dump.c:257:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code[32]; data/ruby-oj-3.10.13/ext/oj/dump.c:389:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/ruby-oj-3.10.13/ext/oj/dump.c:480:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->cur, b, size); data/ruby-oj-3.10.13/ext/oj/dump.c:494:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/ruby-oj-3.10.13/ext/oj/dump.c:553:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%04d-%02d-%02dT%02d:%02d:%02dZ", ti.year, ti.mon, ti.day, ti.hour, ti.min, ti.sec); data/ruby-oj-3.10.13/ext/oj/dump.c:556:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%04d-%02d-%02dT%02d:%02d:%02d%c%02d:%02d", ti.year, ti.mon, ti.day, ti.hour, ti.min, ti.sec, data/ruby-oj-3.10.13/ext/oj/dump.c:561:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char format[64] = "%04d-%02d-%02dT%02d:%02d:%02d.%09ldZ"; data/ruby-oj-3.10.13/ext/oj/dump.c:571:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char format[64] = "%04d-%02d-%02dT%02d:%02d:%02d.%09ld%c%02d:%02d"; data/ruby-oj-3.10.13/ext/oj/dump.c:634:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/ruby-oj-3.10.13/ext/oj/dump.c:646:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (0 == (f = fopen(path, "w"))) { data/ruby-oj-3.10.13/ext/oj/dump.c:666:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/ruby-oj-3.10.13/ext/oj/dump.c:729:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/ruby-oj-3.10.13/ext/oj/dump.c:738:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. b += sprintf(b, " %02x", *s); data/ruby-oj-3.10.13/ext/oj/dump.c:957:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->cur, str, cnt); data/ruby-oj-3.10.13/ext/oj/dump.c:977:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, out->buf, out->end - out->buf + BUFFER_EXTRA); data/ruby-oj-3.10.13/ext/oj/dump.c:1020:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/ruby-oj-3.10.13/ext/oj/dump.c:1074:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->cur, rb_string_value_ptr((VALUE*)&rs), cnt); data/ruby-oj-3.10.13/ext/oj/dump.c:1085:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/ruby-oj-3.10.13/ext/oj/dump.c:1118:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "Infinity"); data/ruby-oj-3.10.13/ext/oj/dump.c:1122:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "null"); data/ruby-oj-3.10.13/ext/oj/dump.c:1152:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "-Infinity"); data/ruby-oj-3.10.13/ext/oj/dump.c:1156:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "null"); data/ruby-oj-3.10.13/ext/oj/dump.c:1186:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "NaN"); data/ruby-oj-3.10.13/ext/oj/dump.c:1190:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "null"); data/ruby-oj-3.10.13/ext/oj/dump.h:78:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/ruby-oj-3.10.13/ext/oj/dump_compat.c:37:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->cur, out->opts->create_id, out->opts->create_id_len); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:50:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->cur, classname, len); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:138:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->cur, s, len); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:603:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/ruby-oj-3.10.13/ext/oj/dump_compat.c:617:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "Infinity"); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:623:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "-Infinity"); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:629:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "NaN"); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:891:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->cur, rb_string_value_ptr((VALUE*)&rs), cnt); data/ruby-oj-3.10.13/ext/oj/dump_leaf.c:28:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, out->buf, out->end - out->buf + BUFFER_EXTRA); data/ruby-oj-3.10.13/ext/oj/dump_leaf.c:44:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->cur, s, size); data/ruby-oj-3.10.13/ext/oj/dump_leaf.c:229:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/ruby-oj-3.10.13/ext/oj/dump_leaf.c:240:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (0 == (f = fopen(path, "w"))) { data/ruby-oj-3.10.13/ext/oj/dump_object.c:10:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char hex_chars[17] = "0123456789abcdef"; data/ruby-oj-3.10.13/ext/oj/dump_object.c:380:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/ruby-oj-3.10.13/ext/oj/dump_object.c:441:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->cur, name, nlen); data/ruby-oj-3.10.13/ext/oj/dump_object.c:445:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->cur, s, len); data/ruby-oj-3.10.13/ext/oj/dump_object.c:462:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nbuf[256]; data/ruby-oj-3.10.13/ext/oj/dump_object.c:642:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/ruby-oj-3.10.13/ext/oj/dump_object.c:726:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->cur, name, len); data/ruby-oj-3.10.13/ext/oj/dump_object.c:734:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->cur, class_name, len); data/ruby-oj-3.10.13/ext/oj/dump_strict.c:34:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/ruby-oj-3.10.13/ext/oj/dump_strict.c:59:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "null"); data/ruby-oj-3.10.13/ext/oj/dump_strict.c:75:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "null"); data/ruby-oj-3.10.13/ext/oj/dump_strict.c:91:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "null"); data/ruby-oj-3.10.13/ext/oj/err.h:44:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/ruby-oj-3.10.13/ext/oj/fast.c:152:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/ruby-oj-3.10.13/ext/oj/fast.c:898:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(stack, doc->where_path, sizeof(Leaf) * (cnt + 1)); data/ruby-oj-3.10.13/ext/oj/fast.c:1176:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(json, StringValuePtr(str), len); data/ruby-oj-3.10.13/ext/oj/fast.c:1215:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (0 == (f = fopen(path, "r"))) { data/ruby-oj-3.10.13/ext/oj/fast.c:1453:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(save_path, doc->where_path, sizeof(Leaf) * (wlen + 1)); data/ruby-oj-3.10.13/ext/oj/fast.c:1464:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(doc->where_path, save_path, sizeof(Leaf) * (wlen + 1)); data/ruby-oj-3.10.13/ext/oj/fast.c:1471:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(doc->where_path, save_path, sizeof(Leaf) * (wlen + 1)); data/ruby-oj-3.10.13/ext/oj/fast.c:1529:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(save_path, doc->where_path, sizeof(Leaf) * (wlen + 1)); data/ruby-oj-3.10.13/ext/oj/fast.c:1540:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(doc->where_path, save_path, sizeof(Leaf) * (wlen + 1)); data/ruby-oj-3.10.13/ext/oj/fast.c:1557:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(doc->where_path, save_path, sizeof(Leaf) * (wlen + 1)); data/ruby-oj-3.10.13/ext/oj/fast.c:1637:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/ruby-oj-3.10.13/ext/oj/hash.c:159:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d, s, len); data/ruby-oj-3.10.13/ext/oj/mimic_json.c:198:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/ruby-oj-3.10.13/ext/oj/mimic_json.c:366:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/ruby-oj-3.10.13/ext/oj/mimic_json.c:480:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(copts.dump_opts.indent_str, " "); data/ruby-oj-3.10.13/ext/oj/mimic_json.c:740:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/ruby-oj-3.10.13/ext/oj/object.c:419:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attr[256]; data/ruby-oj-3.10.13/ext/oj/object.c:493:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/ruby-oj-3.10.13/ext/oj/object.c:498:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, key, klen); data/ruby-oj-3.10.13/ext/oj/object.c:549:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/ruby-oj-3.10.13/ext/oj/object.c:554:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, key, klen); data/ruby-oj-3.10.13/ext/oj/object.c:623:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/ruby-oj-3.10.13/ext/oj/object.c:628:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, key, klen); data/ruby-oj-3.10.13/ext/oj/odd.c:196:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(odds, _odds, sizeof(struct _odd) * odd_cnt); data/ruby-oj-3.10.13/ext/oj/odd.h:26:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *attr_names[MAX_ODD_ARGS]; // NULL terminated attr names data/ruby-oj-3.10.13/ext/oj/oj.c:499:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(copts->float_fmt, "%%0.%dg", n); data/ruby-oj-3.10.13/ext/oj/oj.c:969:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (0 == (fd = open(path, O_RDONLY))) { data/ruby-oj-3.10.13/ext/oj/oj.c:1060:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/ruby-oj-3.10.13/ext/oj/oj.c:1115:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/ruby-oj-3.10.13/ext/oj/oj.h:115:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indent_str[16]; data/ruby-oj-3.10.13/ext/oj/oj.h:116:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char before_sep[16]; data/ruby-oj-3.10.13/ext/oj/oj.h:117:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char after_sep[16]; data/ruby-oj-3.10.13/ext/oj/oj.h:118:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hash_nl[16]; data/ruby-oj-3.10.13/ext/oj/oj.h:119:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char array_nl[16]; data/ruby-oj-3.10.13/ext/oj/oj.h:162:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char float_fmt[7]; // float format for dumping, if empty use Ruby data/ruby-oj-3.10.13/ext/oj/parse.c:292:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*)parent->key, buf.head, parent->klen); data/ruby-oj-3.10.13/ext/oj/parse.c:831:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/ruby-oj-3.10.13/ext/oj/parse.c:833:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, ni->str, ni->len); data/ruby-oj-3.10.13/ext/oj/parse.c:839:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, ni->str, ni->len); data/ruby-oj-3.10.13/ext/oj/parse.c:900:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[256]; data/ruby-oj-3.10.13/ext/oj/parse.c:928:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, vp->key, vp->klen); data/ruby-oj-3.10.13/ext/oj/rails.c:84:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->table, src->table, sizeof(struct _rOpt) * dest->alen); data/ruby-oj-3.10.13/ext/oj/rails.c:110:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/ruby-oj-3.10.13/ext/oj/rails.c:177:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->cur, name, len); data/ruby-oj-3.10.13/ext/oj/rails.c:229:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/ruby-oj-3.10.13/ext/oj/rails.c:265:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. len = sprintf(buf, "%04d/%02d/%02d %02d:%02d:%02d %c%02d%02d", ti.year, ti.mon, ti.day, ti.hour, ti.min, ti.sec, tzsign, tzhour, tzmin); data/ruby-oj-3.10.13/ext/oj/rails.c:268:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. len = sprintf(buf, "%04d-%02d-%02dT%02d:%02d:%02dZ", ti.year, ti.mon, ti.day, ti.hour, ti.min, ti.sec); data/ruby-oj-3.10.13/ext/oj/rails.c:270:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. len = sprintf(buf, "%04d-%02d-%02dT%02d:%02d:%02d%c%02d:%02d", ti.year, ti.mon, ti.day, ti.hour, ti.min, ti.sec, tzsign, tzhour, tzmin); data/ruby-oj-3.10.13/ext/oj/rails.c:273:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char format[64] = "%04d-%02d-%02dT%02d:%02d:%02d.%09ldZ"; data/ruby-oj-3.10.13/ext/oj/rails.c:282:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char format[64] = "%04d-%02d-%02dT%02d:%02d:%02d.%09ld%c%02d:%02d"; data/ruby-oj-3.10.13/ext/oj/rails.c:688:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char class_name[1024]; data/ruby-oj-3.10.13/ext/oj/rails.c:907:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/ruby-oj-3.10.13/ext/oj/rails.c:1203:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/ruby-oj-3.10.13/ext/oj/rails.c:1217:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "null"); data/ruby-oj-3.10.13/ext/oj/reader.c:113:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*)reader->head, old, size); data/ruby-oj-3.10.13/ext/oj/reader.h:10:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char base[0x00001000]; data/ruby-oj-3.10.13/ext/oj/resolve.c:35:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char class_name[1024]; data/ruby-oj-3.10.13/ext/oj/rxclass.c:24:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src[256]; data/ruby-oj-3.10.13/ext/oj/rxclass.c:103:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/ruby-oj-3.10.13/ext/oj/rxclass.c:117:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, str, len); data/ruby-oj-3.10.13/ext/oj/rxclass.h:17:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[128]; data/ruby-oj-3.10.13/ext/oj/saj.c:62:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/ruby-oj-3.10.13/ext/oj/sparse.c:301:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*)parent->key, buf.head, parent->klen); data/ruby-oj-3.10.13/ext/oj/sparse.c:364:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(parent->karray, pi->rd.str, parent->klen); data/ruby-oj-3.10.13/ext/oj/trace.c:26:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[64]; data/ruby-oj-3.10.13/ext/oj/trace.c:27:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indent[MAX_INDENT]; data/ruby-oj-3.10.13/ext/oj/trace.c:37:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[64]; data/ruby-oj-3.10.13/ext/oj/trace.c:38:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indent[MAX_INDENT]; data/ruby-oj-3.10.13/ext/oj/trace.c:48:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[64]; data/ruby-oj-3.10.13/ext/oj/trace.c:49:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indent[MAX_INDENT]; data/ruby-oj-3.10.13/ext/oj/trace.c:59:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[64]; data/ruby-oj-3.10.13/ext/oj/trace.c:60:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indent[MAX_INDENT]; data/ruby-oj-3.10.13/ext/oj/trace.c:72:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[64]; data/ruby-oj-3.10.13/ext/oj/trace.c:73:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indent[MAX_INDENT]; data/ruby-oj-3.10.13/ext/oj/val_stack.h:58:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char karray[32]; data/ruby-oj-3.10.13/ext/oj/val_stack.h:109:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(head, stack->base, sizeof(struct _val) * len); data/ruby-oj-3.10.13/ext/oj/wab.c:23:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char hex_chars[256] = "\ data/ruby-oj-3.10.13/ext/oj/wab.c:91:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/ruby-oj-3.10.13/ext/oj/wab.c:198:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/ruby-oj-3.10.13/ext/oj/wab.c:223:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. len = sprintf(buf, "%04d-%02d-%02dT%02d:%02d:%02d.%09ldZ", ti.year, ti.mon, ti.day, ti.hour, ti.min, ti.sec, (long)nsec); data/ruby-oj-3.10.13/ext/oj/code.c:140:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(classname); data/ruby-oj-3.10.13/ext/oj/custom.c:417:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int clen = (int)strlen(classname); data/ruby-oj-3.10.13/ext/oj/custom.c:450:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t nlen = strlen(name); data/ruby-oj-3.10.13/ext/oj/custom.c:471:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlen = strlen(name); data/ruby-oj-3.10.13/ext/oj/custom.c:624:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oj_dump_cstr(attr, strlen(attr), 0, 0, out); data/ruby-oj-3.10.13/ext/oj/custom.c:629:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf + 1, attr, sizeof(buf) - 2); data/ruby-oj-3.10.13/ext/oj/custom.c:631:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oj_dump_cstr(buf, strlen(buf), 0, 0, out); data/ruby-oj-3.10.13/ext/oj/custom.c:653:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(classname); data/ruby-oj-3.10.13/ext/oj/dump.c:274:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, str, len); data/ruby-oj-3.10.13/ext/oj/dump.c:944:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oj_dump_cstr(s, strlen(s), 0, 0, out); data/ruby-oj-3.10.13/ext/oj/dump.c:1209:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, rb_string_value_ptr((VALUE*)&rstr), cnt); data/ruby-oj-3.10.13/ext/oj/dump_compat.c:29:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(classname); data/ruby-oj-3.10.13/ext/oj/dump_leaf.c:53:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oj_dump_cstr(leaf->str, strlen(leaf->str), 0, 0, out); data/ruby-oj-3.10.13/ext/oj/dump_leaf.c:69:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dump_chars(leaf->str, strlen(leaf->str), out); data/ruby-oj-3.10.13/ext/oj/dump_leaf.c:89:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dump_chars(leaf->str, strlen(leaf->str), out); data/ruby-oj-3.10.13/ext/oj/dump_leaf.c:161:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oj_dump_cstr(e->key, strlen(e->key), 0, 0, out); data/ruby-oj-3.10.13/ext/oj/dump_object.c:97:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(s); data/ruby-oj-3.10.13/ext/oj/dump_object.c:378:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oj_dump_cstr(attr, strlen(attr), 0, 0, out); data/ruby-oj-3.10.13/ext/oj/dump_object.c:383:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf + 1, attr, sizeof(buf) - 2); data/ruby-oj-3.10.13/ext/oj/dump_object.c:385:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oj_dump_cstr(buf, strlen(buf), 0, 0, out); data/ruby-oj-3.10.13/ext/oj/dump_object.c:414:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int clen = (int)strlen(class_name); data/ruby-oj-3.10.13/ext/oj/dump_object.c:435:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t nlen = strlen(name); data/ruby-oj-3.10.13/ext/oj/dump_object.c:456:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlen = strlen(name); data/ruby-oj-3.10.13/ext/oj/dump_object.c:517:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int clen = (int)strlen(class_name); data/ruby-oj-3.10.13/ext/oj/dump_object.c:640:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oj_dump_cstr(attr, strlen(attr), 0, 0, out); data/ruby-oj-3.10.13/ext/oj/dump_object.c:645:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf + 1, attr, sizeof(buf) - 2); data/ruby-oj-3.10.13/ext/oj/dump_object.c:647:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oj_dump_cstr(buf, strlen(attr) + 1, 0, 0, out); data/ruby-oj-3.10.13/ext/oj/dump_object.c:697:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(class_name); data/ruby-oj-3.10.13/ext/oj/dump_strict.c:109:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, rb_string_value_ptr((VALUE*)&rstr), cnt); data/ruby-oj-3.10.13/ext/oj/fast.c:123:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t cnt = strlen(src); data/ruby-oj-3.10.13/ext/oj/fast.c:984:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). klen = (int)strlen(key); data/ruby-oj-3.10.13/ext/oj/fast.c:1094:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). klen = (int)strlen(key); data/ruby-oj-3.10.13/ext/oj/mimic_json.c:481:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). copts.dump_opts.indent_size = (uint8_t)strlen(copts.dump_opts.indent_str); data/ruby-oj-3.10.13/ext/oj/mimic_json.c:482:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(copts.dump_opts.before_sep, ""); data/ruby-oj-3.10.13/ext/oj/mimic_json.c:483:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). copts.dump_opts.before_size = (uint8_t)strlen(copts.dump_opts.before_sep); data/ruby-oj-3.10.13/ext/oj/mimic_json.c:484:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(copts.dump_opts.after_sep, " "); data/ruby-oj-3.10.13/ext/oj/mimic_json.c:485:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). copts.dump_opts.after_size = (uint8_t)strlen(copts.dump_opts.after_sep); data/ruby-oj-3.10.13/ext/oj/mimic_json.c:486:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(copts.dump_opts.hash_nl, "\n"); data/ruby-oj-3.10.13/ext/oj/mimic_json.c:487:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). copts.dump_opts.hash_size = (uint8_t)strlen(copts.dump_opts.hash_nl); data/ruby-oj-3.10.13/ext/oj/mimic_json.c:488:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(copts.dump_opts.array_nl, "\n"); data/ruby-oj-3.10.13/ext/oj/mimic_json.c:489:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). copts.dump_opts.array_size = (uint8_t)strlen(copts.dump_opts.array_nl); data/ruby-oj-3.10.13/ext/oj/object.c:425:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, key + 1, klen - 1); data/ruby-oj-3.10.13/ext/oj/object.c:429:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf + 1, key, klen); data/ruby-oj-3.10.13/ext/oj/object.c:436:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(attr, key + 1, klen - 1); data/ruby-oj-3.10.13/ext/oj/object.c:440:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(attr + 1, key, klen); data/ruby-oj-3.10.13/ext/oj/odd.c:27:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). odd->clen = strlen(classname); data/ruby-oj-3.10.13/ext/oj/odd.c:205:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). odd->clen = strlen(odd->classname); data/ruby-oj-3.10.13/ext/oj/parse.c:1028:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (0 >= (cnt = read(fd, (char*)pi->json, len)) || cnt != (ssize_t)len) { data/ruby-oj-3.10.13/ext/oj/rails.c:108:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oj_dump_cstr(attr, strlen(attr), 0, 0, out); data/ruby-oj-3.10.13/ext/oj/rails.c:113:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf + 1, attr, sizeof(buf) - 2); data/ruby-oj-3.10.13/ext/oj/rails.c:115:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oj_dump_cstr(buf, strlen(buf), 0, 0, out); data/ruby-oj-3.10.13/ext/oj/reader.c:216:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cnt = read(reader->fd, reader->tail, max); data/ruby-oj-3.10.13/ext/oj/rxclass.c:72:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (sizeof(rxc->src) <= strlen(expr)) { data/ruby-oj-3.10.13/ext/oj/saj.c:696:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (0 >= (cnt = read(fd, json, len)) || cnt != (ssize_t)len) { data/ruby-oj-3.10.13/ext/oj/string_writer.c:101:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oj_dump_cstr(key, strlen(key), 0, 0, &sw->out); data/ruby-oj-3.10.13/ext/oj/string_writer.c:122:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oj_dump_cstr(key, strlen(key), 0, 0, &sw->out); data/ruby-oj-3.10.13/ext/oj/string_writer.c:146:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oj_dump_cstr(key, strlen(key), 0, 0, &sw->out); data/ruby-oj-3.10.13/ext/oj/string_writer.c:171:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oj_dump_cstr(key, strlen(key), 0, 0, out); data/ruby-oj-3.10.13/ext/oj/string_writer.c:201:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oj_dump_cstr(key, strlen(key), 0, 0, &sw->out); data/ruby-oj-3.10.13/ext/oj/string_writer.c:205:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oj_dump_raw(json, strlen(json), &sw->out); ANALYSIS SUMMARY: Hits = 348 Lines analyzed = 20393 in approximately 0.54 seconds (37488 lines/second) Physical Source Lines of Code (SLOC) = 16588 Hits@level = [0] 22 [1] 60 [2] 160 [3] 0 [4] 128 [5] 0 Hits@level+ = [0+] 370 [1+] 348 [2+] 288 [3+] 128 [4+] 128 [5+] 0 Hits/KSLOC@level+ = [0+] 22.3053 [1+] 20.979 [2+] 17.3619 [3+] 7.71642 [4+] 7.71642 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.