Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/sphinxsearch-2.2.11/src/sphinxversion.h
Examining data/sphinxsearch-2.2.11/src/yysphinxselect.h
Examining data/sphinxsearch-2.2.11/src/yysphinxselect.c
Examining data/sphinxsearch-2.2.11/src/yysphinxquery.h
Examining data/sphinxsearch-2.2.11/src/yysphinxquery.c
Examining data/sphinxsearch-2.2.11/src/yysphinxql.h
Examining data/sphinxsearch-2.2.11/src/yysphinxql.c
Examining data/sphinxsearch-2.2.11/src/yysphinxjson.h
Examining data/sphinxsearch-2.2.11/src/yysphinxjson.c
Examining data/sphinxsearch-2.2.11/src/yysphinxexpr.h
Examining data/sphinxsearch-2.2.11/src/yysphinxexpr.c
Examining data/sphinxsearch-2.2.11/src/wordbreaker.cpp
Examining data/sphinxsearch-2.2.11/src/udfexample.c
Examining data/sphinxsearch-2.2.11/src/tests.cpp
Examining data/sphinxsearch-2.2.11/src/testrt.cpp
Examining data/sphinxsearch-2.2.11/src/sphinxutils.h
Examining data/sphinxsearch-2.2.11/src/sphinxutils.cpp
Examining data/sphinxsearch-2.2.11/src/sphinxudf.h
Examining data/sphinxsearch-2.2.11/src/sphinxudf.c
Examining data/sphinxsearch-2.2.11/src/sphinxstemru.cpp
Examining data/sphinxsearch-2.2.11/src/sphinxstemen.cpp
Examining data/sphinxsearch-2.2.11/src/sphinxstemcz.cpp
Examining data/sphinxsearch-2.2.11/src/sphinxstemar.cpp
Examining data/sphinxsearch-2.2.11/src/sphinxstem.h
Examining data/sphinxsearch-2.2.11/src/sphinxstd.h
Examining data/sphinxsearch-2.2.11/src/sphinxstd.cpp
Examining data/sphinxsearch-2.2.11/src/sphinxsoundex.cpp
Examining data/sphinxsearch-2.2.11/src/sphinxsort.cpp
Examining data/sphinxsearch-2.2.11/src/sphinxsearch.h
Examining data/sphinxsearch-2.2.11/src/sphinxsearch.cpp
Examining data/sphinxsearch-2.2.11/src/sphinxrt.h
Examining data/sphinxsearch-2.2.11/src/sphinxrt.cpp
Examining data/sphinxsearch-2.2.11/src/sphinxquery.h
Examining data/sphinxsearch-2.2.11/src/sphinxquery.cpp
Examining data/sphinxsearch-2.2.11/src/sphinxplugin.h
Examining data/sphinxsearch-2.2.11/src/sphinxplugin.cpp
Examining data/sphinxsearch-2.2.11/src/sphinxmetaphone.cpp
Examining data/sphinxsearch-2.2.11/src/sphinxjson.h
Examining data/sphinxsearch-2.2.11/src/sphinxjson.cpp
Examining data/sphinxsearch-2.2.11/src/sphinxint.h
Examining data/sphinxsearch-2.2.11/src/sphinxfilter.h
Examining data/sphinxsearch-2.2.11/src/sphinxfilter.cpp
Examining data/sphinxsearch-2.2.11/src/sphinxexpr.h
Examining data/sphinxsearch-2.2.11/src/sphinxexpr.cpp
Examining data/sphinxsearch-2.2.11/src/sphinxexcerpt.h
Examining data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp
Examining data/sphinxsearch-2.2.11/src/sphinxaot.cpp
Examining data/sphinxsearch-2.2.11/src/sphinx.h
Examining data/sphinxsearch-2.2.11/src/spelldump.cpp
Examining data/sphinxsearch-2.2.11/src/searchd.cpp
Examining data/sphinxsearch-2.2.11/src/llsphinxql.c
Examining data/sphinxsearch-2.2.11/src/llsphinxjson.c
Examining data/sphinxsearch-2.2.11/src/indextool.cpp
Examining data/sphinxsearch-2.2.11/src/indexer.cpp
Examining data/sphinxsearch-2.2.11/src/sphinx.cpp
Examining data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc
Examining data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.h
Examining data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc
Examining data/sphinxsearch-2.2.11/api/libsphinxclient/test.c
Examining data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.h
Examining data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c
FINAL RESULTS:
data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:28:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:383:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf ( client->local_error_buf, sizeof(client->local_error_buf), template, ap );
data/sphinxsearch-2.2.11/api/libsphinxclient/test.c:35:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf ( template, ap );
data/sphinxsearch-2.2.11/api/libsphinxclient/test.c:110:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf ( k ? ",%u" : "%u", ( res->attr_types[j]==SPH_ATTR_MULTI ? mva[k] : (unsigned int)sphinx_get_mva64_value ( mva, k ) ) );
data/sphinxsearch-2.2.11/api/libsphinxclient/test.c:366:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf ( ( j==0 ) ? "%s:" : " %s", status[k] );
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:54:10: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:54:19: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:261:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf ( stderr, format, ap );
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:987:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf ( stderr, sFmt, ap );
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:3157:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf ( pCur, sBuf+sizeof(sBuf)-pCur, INT64_FMT, uEntry );
data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:619:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf ( sMessage, MAX_MESSAGE_LENGTH, \
data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:628:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf ( sMessage, MAX_MESSAGE_LENGTH, \
data/sphinxsearch-2.2.11/src/indexer.cpp:29:10: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/sphinxsearch-2.2.11/src/indexer.cpp:29:19: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/sphinxsearch-2.2.11/src/indexer.cpp:30:10: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#define popen _popen
data/sphinxsearch-2.2.11/src/indexer.cpp:787:17: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE * pPipe = popen ( hSource [ "xmlpipe_command" ].cstr(), RMODE );
data/sphinxsearch-2.2.11/src/indexer.cpp:825:17: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE * pPipe = popen ( hSource [ "tsvpipe_command" ].cstr(), RMODE );
data/sphinxsearch-2.2.11/src/indexer.cpp:850:17: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE * pPipe = popen ( hSource [ "csvpipe_command" ].cstr(), RMODE );
data/sphinxsearch-2.2.11/src/indexer.cpp:1743:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf ( stdout, SPHINX_BANNER );
data/sphinxsearch-2.2.11/src/indextool.cpp:493:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf ( stdout, INT64_FMT" documents, " INT64_FMT " words (" INT64_FMT " read, " INT64_FMT " merged, " INT64_FMT " skipped)\n",
data/sphinxsearch-2.2.11/src/indextool.cpp:646:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf ( stdout, INT64_FMT" documents, " INT64_FMT " words (" INT64_FMT " read, " INT64_FMT " merged, " INT64_FMT " skipped)\n",
data/sphinxsearch-2.2.11/src/indextool.cpp:758:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf ( stdout, SPHINX_BANNER );
data/sphinxsearch-2.2.11/src/indextool.cpp:939:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf ( stdout, SPHINX_BANNER );
data/sphinxsearch-2.2.11/src/searchd.cpp:483:18: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int iPrinted = vsnprintf ( m_dBuf.Begin(), m_dBuf.GetLength()-1, sTemplate, ap );
data/sphinxsearch-2.2.11/src/searchd.cpp:1548:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf ( sBuf+iLen, iBufSize, sFmt, ap );
data/sphinxsearch-2.2.11/src/searchd.cpp:1600:69: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void sphFatal ( const char * sFmt, ... ) __attribute__ ( ( format ( printf, 1, 2 ) ) );
data/sphinxsearch-2.2.11/src/searchd.cpp:1686:96: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void SubmitEx ( const char * sIndex, const char * sTemplate, ... ) __attribute__ ( ( format ( printf, 3, 4 ) ) )
data/sphinxsearch-2.2.11/src/searchd.cpp:3007:79: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
virtual void SendErrorReply ( const char *, ... ) __attribute__ ( ( format ( printf, 2, 3 ) ) ) = 0;
data/sphinxsearch-2.2.11/src/searchd.cpp:3026:79: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
virtual void SendErrorReply ( const char *, ... ) __attribute__ ( ( format ( printf, 2, 3 ) ) ) {}
data/sphinxsearch-2.2.11/src/searchd.cpp:3040:79: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
virtual void SendErrorReply ( const char *, ... ) __attribute__ ( ( format ( printf, 2, 3 ) ) );
data/sphinxsearch-2.2.11/src/searchd.cpp:3616:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf ( sBuf, iMaxStrLen, sTemplate, ap );
data/sphinxsearch-2.2.11/src/searchd.cpp:4255:88: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void Fail ( eAgentStats eStat, const char* sMessage, ... ) __attribute__ ( ( format ( printf, 3, 4 ) ) );
data/sphinxsearch-2.2.11/src/searchd.cpp:14130:77: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
bool MatchAddVa ( const char * sTemplate, ... ) __attribute__ ( ( format ( printf, 2, 3 ) ) )
data/sphinxsearch-2.2.11/src/searchd.cpp:15150:14: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int iLen = snprintf ( Get()+1, SPH_MAX_NUMERIC_STR-1, sFormat, tVal );
data/sphinxsearch-2.2.11/src/searchd.cpp:15215:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf ( sBuf, sizeof(sBuf), sTemplate, ap );
data/sphinxsearch-2.2.11/src/searchd.cpp:15279:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf ( sTmp, sizeof(sTmp), INT64_FMT, iRight );
data/sphinxsearch-2.2.11/src/searchd.cpp:15316:77: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
bool MatchAddVa ( const char * sTemplate, ... ) __attribute__ ( ( format ( printf, 2, 3 ) ) )
data/sphinxsearch-2.2.11/src/searchd.cpp:16975:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int iLen = snprintf ( dRows.Get(), SPH_MAX_NUMERIC_STR, nValues>0 ? "%u," : "%u", *pValues++ );
data/sphinxsearch-2.2.11/src/searchd.cpp:16984:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int iLen = snprintf ( dRows.Get(), SPH_MAX_NUMERIC_STR, nValues>2 ? INT64_FMT"," : INT64_FMT, iVal );
data/sphinxsearch-2.2.11/src/searchd.cpp:20001:15: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int iLen = snprintf ( dBuf, sizeof ( dBuf ), "SET GLOBAL %s = ( " INT64_FMT, dUservars[i].m_sName.cstr(), dVals[0] );
data/sphinxsearch-2.2.11/src/searchd.cpp:20004:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
iLen += snprintf ( dBuf+iLen, sizeof ( dBuf ), ", " INT64_FMT, dVals[j] );
data/sphinxsearch-2.2.11/src/searchd.cpp:22027:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf ( stdout,
data/sphinxsearch-2.2.11/src/searchd.cpp:22469:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf ( stdout, ( j==0 ) ? ": " : " " );
data/sphinxsearch-2.2.11/src/searchd.cpp:23215:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf ( stdout, SPHINX_BANNER );
data/sphinxsearch-2.2.11/src/spelldump.cpp:342:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat ( szTmp, m_sAppend.cstr () ); // NOLINT
data/sphinxsearch-2.2.11/src/spelldump.cpp:396:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( szTmp, m_sAppend.cstr() ); // NOLINT
data/sphinxsearch-2.2.11/src/spelldump.cpp:662:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( szAppend, szStrip ); // NOLINT
data/sphinxsearch-2.2.11/src/spelldump.cpp:732:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ( sscanf ( sLine, "%c %s %s %s", &cNewFlag, sRemove, sAppend, sCondition )==4 ) // NOLINT
data/sphinxsearch-2.2.11/src/sphinx.cpp:84:10: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#define popen _popen
data/sphinxsearch-2.2.11/src/sphinx.cpp:86:10: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/sphinxsearch-2.2.11/src/sphinx.cpp:86:19: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/sphinxsearch-2.2.11/src/sphinx.cpp:169:73: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void sphWarn ( const char * sTemplate, ... ) __attribute__ ( ( format ( printf, 1, 2 ) ) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:1702:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf ( stdout, sTemplate, ap );
data/sphinxsearch-2.2.11/src/sphinx.cpp:1849:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf ( sExp, sizeof(sExp), DOCID_FMT, uValue );
data/sphinxsearch-2.2.11/src/sphinx.cpp:1874:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( sOut, sExp ); sOut += iExp; // NOLINT
data/sphinxsearch-2.2.11/src/sphinx.cpp:1880:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( sOut, sLast ); // NOLINT
data/sphinxsearch-2.2.11/src/sphinx.cpp:2864:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( (char*)m_sBuf+m_iFirst+1, (const char*)pSecond ); //NOLINT
data/sphinxsearch-2.2.11/src/sphinx.cpp:16869:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf ( INT64_FMT". id=" DOCID_FMT "\n", iRow+1, DOCINFO2ID ( pDocinfo ) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:17931:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf ( buf_all, "lemmatize_%s_all", AOT_LANGUAGES[j] ); // NOLINT
data/sphinxsearch-2.2.11/src/sphinx.cpp:19788:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf _args; \
data/sphinxsearch-2.2.11/src/sphinx.cpp:20809:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf ( fp, INT64_FMT"/" INT64_FMT "\r", iRow, iRowsTotal );
data/sphinxsearch-2.2.11/src/sphinx.cpp:20981:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf ( fp, INT64_FMT"/" INT64_FMT "\r", iIndexEntry, m_iDocinfo );
data/sphinxsearch-2.2.11/src/sphinx.cpp:21359:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( (char *)pWord, m_dNormalForms[*pIndex].m_sWord.cstr() ); // NOLINT
data/sphinxsearch-2.2.11/src/sphinx.cpp:21494:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf ( buf, "lemmatize_%s", AOT_LANGUAGES[j] ); // NOLINT
data/sphinxsearch-2.2.11/src/sphinx.cpp:21495:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf ( buf_all, "lemmatize_%s_all", AOT_LANGUAGES[j] ); // NOLINT
data/sphinxsearch-2.2.11/src/sphinx.cpp:21904:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( dList.Begin(), sFiles ); // NOLINT
data/sphinxsearch-2.2.11/src/sphinx.cpp:22023:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat ( szReport, sString.cstr() ); // NOLINT
data/sphinxsearch-2.2.11/src/sphinx.cpp:26986:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( sDst, dValues[i] ); // NOLINT
data/sphinxsearch-2.2.11/src/sphinx.cpp:27028:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf ( sValues[0], iBufSize, DOCID_FMT, m_uCurrentID );
data/sphinxsearch-2.2.11/src/sphinx.cpp:27029:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf ( sValues[1], iBufSize, DOCID_FMT, uNextID );
data/sphinxsearch-2.2.11/src/sphinx.cpp:27051:17: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE * pPipe = popen ( szCommand, "r" );
data/sphinxsearch-2.2.11/src/sphinx.cpp:27086:17: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE * pPipe = popen ( szCommand, "r" );
data/sphinxsearch-2.2.11/src/sphinx.cpp:27110:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf ( sValue, sizeof(sValue), DOCID_FMT, uLastIndexed );
data/sphinxsearch-2.2.11/src/sphinx.cpp:27114:17: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE * pPipe = popen ( pCmd, "r" );
data/sphinxsearch-2.2.11/src/sphinx.cpp:28334:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf ( stdout, bRes ? "SQL-CONNECT: ok\n" : "SQL-CONNECT: FAIL\n" );
data/sphinxsearch-2.2.11/src/sphinx.cpp:29022:74: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void Error ( const char * sTemplate, ... ) __attribute__ ( ( format ( printf, 2, 3 ) ) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:29023:96: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
const char * DecorateMessage ( const char * sTemplate, ... ) const __attribute__ ( ( format ( printf, 2, 3 ) ) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:29239:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf ( szBufStart, iLeft, sTemplate, ap );
data/sphinxsearch-2.2.11/src/sphinx.cpp:30732:96: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
const char * DecorateMessage ( const char * sTemplate, ... ) const __attribute__ ( ( format ( printf, 2, 3 ) ) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:31005:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf ( m_dError.Begin(), m_dError.GetLength(), sTemplate, ap );
data/sphinxsearch-2.2.11/src/sphinxaot.cpp:964:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( (char*)pWord, (char*)sBuf ); // NOLINT
data/sphinxsearch-2.2.11/src/sphinxaot.cpp:1023:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( (char*)pWord, (char*)sBuf ); // NOLINT
data/sphinxsearch-2.2.11/src/sphinxaot.cpp:1092:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( (char*)pWord, (char*)sBuf ); // NOLINT
data/sphinxsearch-2.2.11/src/sphinxexpr.cpp:2901:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf ( INT64_FMT, tNode.m_iConst );
data/sphinxsearch-2.2.11/src/sphinxexpr.cpp:2916:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf ( ( tNode.m_iToken<256 ) ? " %c " : " op-%d ", tNode.m_iToken );
data/sphinxsearch-2.2.11/src/sphinxjson.cpp:502:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf ( INT64_FMT"%s", sphJsonLoadBigint ( &p ), i<iLen-1 ? "," : "]\n" );
data/sphinxsearch-2.2.11/src/sphinxjson.cpp:889:15: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int iLen = snprintf ( (char *)dOut.Begin()+iOff, 32, INT64_FMT, sphJsonLoadBigint ( &p ) ); // NOLINT
data/sphinxsearch-2.2.11/src/sphinxjson.cpp:936:36: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
case JSON_INT64_VECTOR: iLen = snprintf ( b, 32, INT64_FMT, sphJsonLoadBigint ( &p ) ); break; // NOLINT
data/sphinxsearch-2.2.11/src/sphinxmetaphone.cpp:111:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat ( (char*)pPrimary, szAddPrimary ); // NOLINT
data/sphinxsearch-2.2.11/src/sphinxmetaphone.cpp:112:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat ( (char*)pSecondary, szAddSecondary ); // NOLINT
data/sphinxsearch-2.2.11/src/sphinxmetaphone.cpp:659:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( (char*)pWord, (char*)sPrimary ); // NOLINT
data/sphinxsearch-2.2.11/src/sphinxquery.cpp:54:74: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
bool Error ( const char * sTemplate, ... ) __attribute__ ( ( format ( printf, 2, 3 ) ) );
data/sphinxsearch-2.2.11/src/sphinxquery.cpp:55:76: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void Warning ( const char * sTemplate, ... ) __attribute__ ( ( format ( printf, 2, 3 ) ) );
data/sphinxsearch-2.2.11/src/sphinxquery.cpp:446:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf ( sBuf+iPrefix, sizeof(sBuf)-iPrefix, sTemplate, ap );
data/sphinxsearch-2.2.11/src/sphinxquery.cpp:465:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf ( sBuf+iPrefix, sizeof(sBuf)-iPrefix, sTemplate, ap );
data/sphinxsearch-2.2.11/src/sphinxquery.cpp:4308:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf ( sHeader );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:4560:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf _args; \
data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:8905:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( &(dVal[iValLen]), sTmp ); //NOLINT
data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:8918:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( &(dVal[iValLen]), sTmp ); //NOLINT
data/sphinxsearch-2.2.11/src/sphinxstd.cpp:127:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( pTrace, sTrace ); //NOLINT
data/sphinxsearch-2.2.11/src/sphinxstd.cpp:698:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf ( sBuf, sizeof(sBuf), sTemplate, ap );
data/sphinxsearch-2.2.11/src/sphinxstd.cpp:717:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf ( sBuf, sizeof(sBuf), sTemplate, ap );
data/sphinxsearch-2.2.11/src/sphinxstd.h:33:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/sphinxsearch-2.2.11/src/sphinxstd.h:123:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/sphinxsearch-2.2.11/src/sphinxstd.h:123:20: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/sphinxsearch-2.2.11/src/sphinxstd.h:285:73: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void sphDie ( const char * sMessage, ... ) __attribute__ ( ( format ( printf, 1, 2 ) ) );
data/sphinxsearch-2.2.11/src/sphinxstd.h:288:80: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void sphDieRestart ( const char * sMessage, ... ) __attribute__ ( ( format ( printf, 1, 2 ) ) );
data/sphinxsearch-2.2.11/src/sphinxstd.h:1719:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( m_sValue, sString ); // NOLINT
data/sphinxsearch-2.2.11/src/sphinxstd.h:1750:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( m_sValue, rhs.m_sValue ); // NOLINT
data/sphinxsearch-2.2.11/src/sphinxstd.h:1799:91: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
const CSphString & SetSprintf ( const char * sTemplate, ... ) __attribute__ ( ( format ( printf, 2, 3 ) ) )
data/sphinxsearch-2.2.11/src/sphinxstd.h:1805:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf ( sBuf, sizeof(sBuf), sTemplate, ap );
data/sphinxsearch-2.2.11/src/sphinxstd.h:1815:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf ( sBuf, sizeof(sBuf), sTemplate, ap );
data/sphinxsearch-2.2.11/src/sphinxstd.h:1970:89: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
CSphStringBuilder & Appendf ( const char * sTemplate, ... ) __attribute__ ( ( format ( printf, 2, 3 ) ) )
data/sphinxsearch-2.2.11/src/sphinxstd.h:1982:19: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int iPrinted = vsnprintf ( m_sBuffer+m_iUsed, iLeft, sTemplate, ap );
data/sphinxsearch-2.2.11/src/sphinxstd.h:2288:63: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void sphWarn ( const char *, ... ) __attribute__ ( ( format ( printf, 1, 2 ) ) );
data/sphinxsearch-2.2.11/src/sphinxstemcz.cpp:134:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat ( (char*)word, (char*)Rule.m_szAppend ); // NOLINT strcat
data/sphinxsearch-2.2.11/src/sphinxutils.cpp:877:4: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl ( pBuffer, pBuffer, pArgs, szFilename, (char*)NULL );
data/sphinxsearch-2.2.11/src/sphinxutils.cpp:879:4: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl ( pBuffer, pBuffer, szFilename, (char*)NULL );
data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1026:32: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define LOC_ERROR2(_msg,_a) { snprintf ( m_sError, sizeof(m_sError), _msg, _a ); break; }
data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1027:35: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define LOC_ERROR3(_msg,_a,_b) { snprintf ( m_sError, sizeof(m_sError), _msg, _a, _b ); break; }
data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1028:38: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define LOC_ERROR4(_msg,_a,_b,_c) { snprintf ( m_sError, sizeof(m_sError), _msg, _a, _b, _c ); break; }
data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1565:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf ( buf_all, "lemmatize_%s_all", AOT_LANGUAGES[j] ); //NOLINT
data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1751:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf ( stdout, sFmt, ap );
data/sphinxsearch-2.2.11/src/sphinxutils.cpp:2240:3: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp ( g_pArgv[0], const_cast<char **> ( g_pArgv ) ); // using execvp instead execv to auto find addr2line in directories
data/sphinxsearch-2.2.11/src/sphinxutils.h:184:66: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void sphWarning ( const char * sFmt, ... ) __attribute__((format(printf,1,2))); //NOLINT
data/sphinxsearch-2.2.11/src/sphinxutils.h:185:63: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void sphInfo ( const char * sFmt, ... ) __attribute__((format(printf,1,2))); //NOLINT
data/sphinxsearch-2.2.11/src/sphinxutils.h:186:67: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void sphLogFatal ( const char * sFmt, ... ) __attribute__((format(printf,1,2))); //NOLINT
data/sphinxsearch-2.2.11/src/sphinxutils.h:187:67: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void sphLogDebug ( const char * sFmt, ... ) __attribute__((format(printf,1,2))); //NOLINT
data/sphinxsearch-2.2.11/src/sphinxutils.h:188:68: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void sphLogDebugv ( const char * sFmt, ... ) __attribute__((format(printf,1,2))); //NOLINT
data/sphinxsearch-2.2.11/src/sphinxutils.h:189:69: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void sphLogDebugvv ( const char * sFmt, ... ) __attribute__((format(printf,1,2))); //NOLINT
data/sphinxsearch-2.2.11/src/tests.cpp:3714:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf ( INT64_FMT" us sphere\n", sphMicroTimer()-tm );
data/sphinxsearch-2.2.11/src/tests.cpp:3720:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf ( INT64_FMT" us flat\n", sphMicroTimer()-tm );
data/sphinxsearch-2.2.11/src/tests.cpp:3726:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf ( INT64_FMT" us adaptive\n", sphMicroTimer()-tm );
data/sphinxsearch-2.2.11/src/udfexample.c:27:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/sphinxsearch-2.2.11/src/udfexample.c:27:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/sphinxsearch-2.2.11/src/yysphinxexpr.c:828:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/sphinxsearch-2.2.11/src/yysphinxjson.c:585:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/sphinxsearch-2.2.11/src/yysphinxql.c:2171:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/sphinxsearch-2.2.11/src/yysphinxquery.c:657:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/sphinxsearch-2.2.11/src/yysphinxselect.c:851:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/sphinxsearch-2.2.11/src/sphinxplugin.cpp:124:9: [3] (misc) LoadLibraryEx:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
return LoadLibraryEx ( libname, NULL, 0 );
data/sphinxsearch-2.2.11/src/tests.cpp:1611:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand ( 0 );
data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local_error_buf[256]; ///< buffer to store 'local' error messages (eg. connect() error)
data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:187:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * reqs [ MAX_REQS ];
data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:421:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( entry, ptr, len );
data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:1395:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sBuf [ 256 ];
data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:1534:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( &sa.sin_addr, hp->h_addr_list[0], hp->h_length );
data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:1592:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( uaddr.sun_path, client->host, len + 1 );
data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:1772:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( &v, *cur, sizeof(unsigned short) );
data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:1781:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( &v, *cur, sizeof(unsigned int) );
data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:1824:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header_buf[32], *cur, *response;
data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:1916:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16], *pbuf;
data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:1980:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char req_header[32], *req, *p, *pmax;
data/sphinxsearch-2.2.11/api/libsphinxclient/test.c:61:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * field_names[2];
data/sphinxsearch-2.2.11/api/libsphinxclient/test.c:236:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( docs[0], words, sizeof(words)-1 );
data/sphinxsearch-2.2.11/api/libsphinxclient/test.c:240:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( doc, filler, sizeof(filler)-1 );
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:403:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_sLastMessage[1024];
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:437:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_sQuery[MAX_QUERY_LEN];
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:580:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * m_sIndexWeight[SPHINXSE_MAX_FILTERS]; ///< points to query buffer; do NOT delete
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:583:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * m_sFieldWeight[SPHINXSE_MAX_FILTERS]; ///< points to query buffer; do NOT delete
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:611:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_sParseError[256];
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:831:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[IO_SIZE];
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:833:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[IO_SIZE];
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:949:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sRes, sSrc, iLen );
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1026:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
share->m_sTableField = new char * [ share->m_iTableFields ];
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1097:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iPort = atoi(sPort);
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1131:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iPort = atoi(sPort);
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1312:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_sQueryBuffer, sQuery, iLength );
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1454:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int iValue = atoi ( sValue );
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1682:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pWeights[*pCount] = atoi(sVal);
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1866:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_pCur, pBytes, iBytes );
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2098:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int ha_sphinx::open ( const char * name, int, uint )
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2154:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( &sin.sin_addr, &ip_addr, sizeof(ip_addr) );
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2171:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff2 [ GETHOSTBYNAME_BUFF_SIZE ];
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2182:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sError[256];
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2213:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sError[512];
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2246:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sError[512];
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2324:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sQueryBuf[1024];
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2325:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sValueBuf[1024];
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2432:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sQueryBuf[1024];
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2440:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sValue[32];
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2532:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sRes, m_pCur, iLen );
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2571:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sError[1024];
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2580:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
m_dFields = new char * [ m_iFields ];
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2842:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sError[256];
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2925:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sHeader[8];
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:3132:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf[1024]; // FIXME! magic size
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:3395:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sError[256];
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:3634:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sBuffer, sConvert.c_ptr(), sConvert.length() + 1 );
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.h:84:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open ( const char * name, int mode, uint test_if_locked );
data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:106:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sRes, sSrc, iLen );
data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:113:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sError[256];
data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:234:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_pCurrent, pBytes, iBytes );
data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:339:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_iPort = atoi(sPort);
data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:384:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( &sin.sin_addr, &ip_addr, sizeof(ip_addr) );
data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:401:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff2 [ GETHOSTBYNAME_BUFF_SIZE ];
data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:412:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sError[256];
data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:481:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sError[1024];
data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:521:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sHeader[8];
data/sphinxsearch-2.2.11/src/indexer.cpp:62:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * g_dExt[EXT_COUNT] = { "sph", "spa", "spi", "spd", "spp", "spm", "spk", "sps", "spe" };
data/sphinxsearch-2.2.11/src/indexer.cpp:65:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char g_sMinidump[256];
data/sphinxsearch-2.2.11/src/indexer.cpp:243:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen ( sOutput, "w+" );
data/sphinxsearch-2.2.11/src/indexer.cpp:1381:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sFrom [ SPH_MAX_FILENAME_LEN ];
data/sphinxsearch-2.2.11/src/indexer.cpp:1382:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sTo [ SPH_MAX_FILENAME_LEN ];
data/sphinxsearch-2.2.11/src/indexer.cpp:1548:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen ( hSearchd["pid_file"].cstr(), "r" );
data/sphinxsearch-2.2.11/src/indexer.cpp:1562:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPipeName[64];
data/sphinxsearch-2.2.11/src/indexer.cpp:1664:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_iTopStops = atoi ( argv[i+2] );
data/sphinxsearch-2.2.11/src/indexer.cpp:1895:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpDumpRows = fopen ( sDumpRows.cstr(), "wb+" );
data/sphinxsearch-2.2.11/src/indextool.cpp:41:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuffer[1024];
data/sphinxsearch-2.2.11/src/indextool.cpp:48:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( &dBuffer[iPos], sBuffer, iLen );
data/sphinxsearch-2.2.11/src/indextool.cpp:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuffer[READ_BUFFER_SIZE];
data/sphinxsearch-2.2.11/src/indextool.cpp:71:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( &dInBuffer[iPos], sBuffer, iLen );
data/sphinxsearch-2.2.11/src/indextool.cpp:91:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( &dOutBuffer[iPos], sToken, iLen+1 );
data/sphinxsearch-2.2.11/src/indextool.cpp:212:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int iFD = ::open ( sHeader.cstr(), SPH_O_BINARY | O_RDWR, 0644 );
data/sphinxsearch-2.2.11/src/indextool.cpp:368:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char StringBuffer_t [ 3*SPH_MAX_WORD_LEN+16+128 ]; // { dict-keyowrd, 32bit number, 32bit number, 64bit number }
data/sphinxsearch-2.2.11/src/indextool.cpp:425:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int iDocuments = atoi ( p1+1 );
data/sphinxsearch-2.2.11/src/indextool.cpp:438:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iTotalDocuments += atoi ( sBuffer+strlen(sSearch) );
data/sphinxsearch-2.2.11/src/indextool.cpp:702:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * sTypes[iNumTypes] = { "rt_attr_uint", "rt_attr_bigint", "rt_attr_float", "rt_attr_timestamp", "rt_attr_string" };
data/sphinxsearch-2.2.11/src/indextool.cpp:1254:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen ( sFoldFile.cstr(), "rb" );
data/sphinxsearch-2.2.11/src/searchd.cpp:179:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * g_dProtoNames[PROTO_TOTAL] =
data/sphinxsearch-2.2.11/src/searchd.cpp:278:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char g_sLogFilter[SPH_MAX_FILENAME_LEN] = "\0";
data/sphinxsearch-2.2.11/src/searchd.cpp:427:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * g_dThdStates[THD_STATE_TOTAL] = {
data/sphinxsearch-2.2.11/src/searchd.cpp:511:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char g_sMysqlHandshake[128];
data/sphinxsearch-2.2.11/src/searchd.cpp:707:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * g_dApiCommands[SEARCHD_COMMAND_TOTAL] =
data/sphinxsearch-2.2.11/src/searchd.cpp:778:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * m_sNames[eMaxStat];
data/sphinxsearch-2.2.11/src/searchd.cpp:1424:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * sWeekday[7] = { "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat" };
data/sphinxsearch-2.2.11/src/searchd.cpp:1425:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * sMonth[12] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
data/sphinxsearch-2.2.11/src/searchd.cpp:1525:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sTimeBuf[128];
data/sphinxsearch-2.2.11/src/searchd.cpp:1534:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf [ 1024 ];
data/sphinxsearch-2.2.11/src/searchd.cpp:1576:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sLast[256];
data/sphinxsearch-2.2.11/src/searchd.cpp:1804:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdStopwait = ::open ( sPipeName.cstr(), O_WRONLY | O_NONBLOCK );
data/sphinxsearch-2.2.11/src/searchd.cpp:2072:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char g_sCrashInfo [SPH_TIME_PID_MAX_SIZE] = "[][]\n";
data/sphinxsearch-2.2.11/src/searchd.cpp:2076:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char g_sMinidump[SPH_TIME_PID_MAX_SIZE] = "";
data/sphinxsearch-2.2.11/src/searchd.cpp:2235:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sTimeBuf[SPH_TIME_PID_MAX_SIZE];
data/sphinxsearch-2.2.11/src/searchd.cpp:2366:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sBuf [ 256 ];
data/sphinxsearch-2.2.11/src/searchd.cpp:2434:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( &uAddr, ppAddrs[0], sizeof(DWORD) );
data/sphinxsearch-2.2.11/src/searchd.cpp:2438:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf [ SPH_ADDRESS_SIZE ];
data/sphinxsearch-2.2.11/src/searchd.cpp:2460:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( uaddr.sun_path, sPath, len + 1 );
data/sphinxsearch-2.2.11/src/searchd.cpp:2484:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sAddress[SPH_ADDRESS_SIZE];
data/sphinxsearch-2.2.11/src/searchd.cpp:2624:11: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iPort = atol(sPart);
data/sphinxsearch-2.2.11/src/searchd.cpp:2663:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tRes.m_iPort = atol ( sParts[1].cstr() );
data/sphinxsearch-2.2.11/src/searchd.cpp:3226:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_pBufferPtr, pMy, iLen );
data/sphinxsearch-2.2.11/src/searchd.cpp:3359:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pNew, m_pBuffer, iOldBufferSize );
data/sphinxsearch-2.2.11/src/searchd.cpp:3460:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pBuf, m_pCur, iLen );
data/sphinxsearch-2.2.11/src/searchd.cpp:3568:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pNew, m_pCur, iCur );
data/sphinxsearch-2.2.11/src/searchd.cpp:3601:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dBuf [ 2048 ];
data/sphinxsearch-2.2.11/src/searchd.cpp:3945:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( dWeights.Begin(), m_pWeights, sizeof(dWeights[0]) * dWeights.GetLength() );
data/sphinxsearch-2.2.11/src/searchd.cpp:3951:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_pWeights, dWeights.Begin(), sizeof(dWeights[0]) * dWeights.GetLength() );
data/sphinxsearch-2.2.11/src/searchd.cpp:4068:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( dWeights.Begin(), m_pWeights, sizeof(dWeights[0]) * dWeights.GetLength() );
data/sphinxsearch-2.2.11/src/searchd.cpp:4074:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_pWeights, dWeights.Begin (), sizeof ( dWeights[0] ) * dWeights.GetLength () );
data/sphinxsearch-2.2.11/src/searchd.cpp:6652:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sSetError[MAX_ERROR_SET_BUFFER];
data/sphinxsearch-2.2.11/src/searchd.cpp:6779:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf[256];
data/sphinxsearch-2.2.11/src/searchd.cpp:6912:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sTimeBuf [ SPH_TIME_PID_MAX_SIZE ];
data/sphinxsearch-2.2.11/src/searchd.cpp:7023:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sTimeBuf[SPH_TIME_PID_MAX_SIZE];
data/sphinxsearch-2.2.11/src/searchd.cpp:7043:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * sModes [ SPH_MATCH_TOTAL ] = { "all", "any", "phr", "bool", "ext", "scan", "ext2" };
data/sphinxsearch-2.2.11/src/searchd.cpp:7044:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * sSort [ SPH_SORT_TOTAL ] = { "rel", "attr-", "attr+", "tsegs", "ext", "expr" };
data/sphinxsearch-2.2.11/src/searchd.cpp:7225:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * sOps[2][2] = { { "<", "<=" }, { ">=", ">" } };
data/sphinxsearch-2.2.11/src/searchd.cpp:7231:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * sOps[2][2] = { { ">", ">=" }, { "<", "<=" } };
data/sphinxsearch-2.2.11/src/searchd.cpp:7246:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * sOps[2][2] = { { "<", "<=" }, { ">=", ">" } };
data/sphinxsearch-2.2.11/src/searchd.cpp:7252:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * sOps[2][2] = { { ">", ">=" }, { "<", "<=" } };
data/sphinxsearch-2.2.11/src/searchd.cpp:7445:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sTimeBuf[SPH_TIME_PID_MAX_SIZE];
data/sphinxsearch-2.2.11/src/searchd.cpp:7614:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sTimeBuf[SPH_TIME_PID_MAX_SIZE];
data/sphinxsearch-2.2.11/src/searchd.cpp:9269:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf[64];
data/sphinxsearch-2.2.11/src/searchd.cpp:9272:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sBuf, sStr, iLen );
data/sphinxsearch-2.2.11/src/searchd.cpp:9275:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi ( sBuf );
data/sphinxsearch-2.2.11/src/searchd.cpp:10646:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( dQuery.Begin()+iOff, tQuery.m_sQuery.cstr(), iLen );
data/sphinxsearch-2.2.11/src/searchd.cpp:11571:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_iOffset = atoi ( dArgs[1].cstr() );
data/sphinxsearch-2.2.11/src/searchd.cpp:11572:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_iLimit = atoi ( dArgs[2].cstr() );
data/sphinxsearch-2.2.11/src/searchd.cpp:13610:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
iRespLen += 4 + strlen ( (const char *)dQueries[i].m_dRes.Begin() );
data/sphinxsearch-2.2.11/src/searchd.cpp:13620:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
tOut.SendString ( (const char *)dQueries[i].m_dRes.Begin() );
data/sphinxsearch-2.2.11/src/searchd.cpp:15060:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sVarLen[20] = {0}; // max 18 for packed number, +1 more just for fun
data/sphinxsearch-2.2.11/src/searchd.cpp:15112:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pBuf, m_pBuf ? m_pBuf : m_dBuf, m_iLen );
data/sphinxsearch-2.2.11/src/searchd.cpp:15166:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pStr, sMsg, iLen );
data/sphinxsearch-2.2.11/src/searchd.cpp:15211:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf[1024];
data/sphinxsearch-2.2.11/src/searchd.cpp:15278:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sTmp[SPH_MAX_NUMERIC_STR];
data/sphinxsearch-2.2.11/src/searchd.cpp:15284:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_dBuf[4096];
data/sphinxsearch-2.2.11/src/searchd.cpp:15801:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
dResults[i] = (const char *)dQueries[i].m_dRes.Begin();
data/sphinxsearch-2.2.11/src/searchd.cpp:15885:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf[16];
data/sphinxsearch-2.2.11/src/searchd.cpp:15978:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sTmp[SPH_MAX_WORD_LEN];
data/sphinxsearch-2.2.11/src/searchd.cpp:17043:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pOutStr, pStr, iLen );
data/sphinxsearch-2.2.11/src/searchd.cpp:17068:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pOutStr, pString, iLen );
data/sphinxsearch-2.2.11/src/searchd.cpp:17094:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pOutStr, pStr, iLen );
data/sphinxsearch-2.2.11/src/searchd.cpp:17124:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pOutStr, dTmp.Begin(), iLen );
data/sphinxsearch-2.2.11/src/searchd.cpp:17662:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( g_sLogFilter, tStmt.m_sSetValue.cstr(), iLen );
data/sphinxsearch-2.2.11/src/searchd.cpp:18197:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * dStates [ SPH_QSTATE_TOTAL ] = { SPH_QUERY_STATES };
data/sphinxsearch-2.2.11/src/searchd.cpp:18217:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sTime[32];
data/sphinxsearch-2.2.11/src/searchd.cpp:18286:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sFileName[SPH_MAX_FILENAME_LEN];
data/sphinxsearch-2.2.11/src/searchd.cpp:19121:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sFrom [ SPH_MAX_FILENAME_LEN ];
data/sphinxsearch-2.2.11/src/searchd.cpp:19122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sTo [ SPH_MAX_FILENAME_LEN ];
data/sphinxsearch-2.2.11/src/searchd.cpp:19155:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sFile [ SPH_MAX_FILENAME_LEN ];
data/sphinxsearch-2.2.11/src/searchd.cpp:19170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sHeaderName [ SPH_MAX_FILENAME_LEN ];
data/sphinxsearch-2.2.11/src/searchd.cpp:19187:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sFile [ SPH_MAX_FILENAME_LEN ];
data/sphinxsearch-2.2.11/src/searchd.cpp:19247:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf [ SPH_MAX_FILENAME_LEN ];
data/sphinxsearch-2.2.11/src/searchd.cpp:19633:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sNewPath[SPH_MAX_FILENAME_LEN];
data/sphinxsearch-2.2.11/src/searchd.cpp:19696:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sOld [ SPH_MAX_FILENAME_LEN ];
data/sphinxsearch-2.2.11/src/searchd.cpp:19698:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sCurTest [ SPH_MAX_FILENAME_LEN ];
data/sphinxsearch-2.2.11/src/searchd.cpp:19844:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sNewPath [ SPH_MAX_FILENAME_LEN ];
data/sphinxsearch-2.2.11/src/searchd.cpp:19942:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dBuf[512];
data/sphinxsearch-2.2.11/src/searchd.cpp:20318:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sOld [ SPH_MAX_FILENAME_LEN ];
data/sphinxsearch-2.2.11/src/searchd.cpp:20320:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sCurTest [ SPH_MAX_FILENAME_LEN ];
data/sphinxsearch-2.2.11/src/searchd.cpp:20697:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pCurrent->m_iPort = atoi ( pAnchor );
data/sphinxsearch-2.2.11/src/searchd.cpp:20798:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tDesc.m_bBlackhole = ( atoi ( sOptValue )!=0 );
data/sphinxsearch-2.2.11/src/searchd.cpp:21264:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf [ 8192 ];
data/sphinxsearch-2.2.11/src/searchd.cpp:21267:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen ( g_sConfigFile.cstr (), "rb" );
data/sphinxsearch-2.2.11/src/searchd.cpp:21283:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sError [ 1024 ];
data/sphinxsearch-2.2.11/src/searchd.cpp:21679:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int iFD = ::open ( g_sLogFile.cstr(), O_CREAT | O_RDWR | O_APPEND, S_IREAD | S_IWRITE );
data/sphinxsearch-2.2.11/src/searchd.cpp:21695:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int iFD = ::open ( g_sQueryLogFile.cstr(), O_CREAT | O_RDWR | O_APPEND, S_IREAD | S_IWRITE );
data/sphinxsearch-2.2.11/src/searchd.cpp:21856:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sBuf[1024];
data/sphinxsearch-2.2.11/src/searchd.cpp:21902:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sBuf, sArg, iToCopy );
data/sphinxsearch-2.2.11/src/searchd.cpp:21942:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szBinary[MAX_PATH];
data/sphinxsearch-2.2.11/src/searchd.cpp:21946:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MAX_PATH];
data/sphinxsearch-2.2.11/src/searchd.cpp:22362:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf [ SPH_ADDRESS_SIZE ];
data/sphinxsearch-2.2.11/src/searchd.cpp:22363:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sListen [ 256 ];
data/sphinxsearch-2.2.11/src/searchd.cpp:22392:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( uaddr.sun_path, tDesc.m_sUnix.cstr(), len+1 );
data/sphinxsearch-2.2.11/src/searchd.cpp:22662:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sClientIP[SPH_ADDRPORT_SIZE];
data/sphinxsearch-2.2.11/src/searchd.cpp:22761:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sClientName[SPH_ADDRPORT_SIZE];
data/sphinxsearch-2.2.11/src/searchd.cpp:22877:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int iValue = atoi ( sValue.cstr() );
data/sphinxsearch-2.2.11/src/searchd.cpp:23045:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( p, sHandshake1, sizeof(sHandshake1)-1 );
data/sphinxsearch-2.2.11/src/searchd.cpp:23046:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( p+sizeof(sHandshake1)-1, sVersion, iLen+1 );
data/sphinxsearch-2.2.11/src/searchd.cpp:23047:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( p+sizeof(sHandshake1)+iLen, sHandshake2, sizeof(sHandshake2)-1 );
data/sphinxsearch-2.2.11/src/searchd.cpp:23165:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
g_iLogFile = open ( sLog, O_CREAT | O_RDWR | O_APPEND, S_IREAD | S_IWRITE );
data/sphinxsearch-2.2.11/src/searchd.cpp:23204:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPipeName[64];
data/sphinxsearch-2.2.11/src/searchd.cpp:23286:57: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
OPT ( "-p", "--port" ) { bOptPort = true; iOptPort = atoi ( argv[++i] ); }
data/sphinxsearch-2.2.11/src/searchd.cpp:23390:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen ( sPid, "r" );
data/sphinxsearch-2.2.11/src/searchd.cpp:23394:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf[16];
data/sphinxsearch-2.2.11/src/searchd.cpp:23399:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int iPid = atoi(sBuf);
data/sphinxsearch-2.2.11/src/searchd.cpp:23408:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPipeName[64];
data/sphinxsearch-2.2.11/src/searchd.cpp:23461:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdPipe = ::open ( sPipeName.cstr(), O_RDONLY | O_NONBLOCK );
data/sphinxsearch-2.2.11/src/searchd.cpp:23575:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int iDevNull = open ( "/dev/null", O_RDWR );
data/sphinxsearch-2.2.11/src/searchd.cpp:23592:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
g_iPidFD = ::open ( g_sPidFile.scstr(), O_CREAT | O_WRONLY, S_IREAD | S_IWRITE );
data/sphinxsearch-2.2.11/src/searchd.cpp:23630:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
g_iQueryLogFile = open ( hSearchd["query_log"].cstr(), O_CREAT | O_RDWR | O_APPEND, S_IREAD | S_IWRITE );
data/sphinxsearch-2.2.11/src/searchd.cpp:23820:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sPid[16];
data/sphinxsearch-2.2.11/src/spelldump.cpp:32:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szBuf[3];
data/sphinxsearch-2.2.11/src/spelldump.cpp:33:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( szBuf, szSet+2, 2 );
data/sphinxsearch-2.2.11/src/spelldump.cpp:141:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * pFile = fopen ( szFilename, "rt" );
data/sphinxsearch-2.2.11/src/spelldump.cpp:145:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szWordBuffer [MAX_STR_LENGTH];
data/sphinxsearch-2.2.11/src/spelldump.cpp:327:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char szTmp [ MAX_STR_LENGTH];
data/sphinxsearch-2.2.11/src/spelldump.cpp:386:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char szTmp [MAX_STR_LENGTH];
data/sphinxsearch-2.2.11/src/spelldump.cpp:450:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_dCharset [256];
data/sphinxsearch-2.2.11/src/spelldump.cpp:484:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuffer [MAX_STR_LENGTH];
data/sphinxsearch-2.2.11/src/spelldump.cpp:517:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * pFile = fopen ( szFilename, "rt" );
data/sphinxsearch-2.2.11/src/spelldump.cpp:556:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szBuffer [ MAX_STR_LENGTH ];
data/sphinxsearch-2.2.11/src/spelldump.cpp:557:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szCondition [ MAX_STR_LENGTH ];
data/sphinxsearch-2.2.11/src/spelldump.cpp:558:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szStrip [ MAX_STR_LENGTH ];
data/sphinxsearch-2.2.11/src/spelldump.cpp:559:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szAppend [ MAX_STR_LENGTH ];
data/sphinxsearch-2.2.11/src/spelldump.cpp:681:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuffer [MAX_STR_LENGTH];
data/sphinxsearch-2.2.11/src/spelldump.cpp:682:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sCondition [MAX_STR_LENGTH];
data/sphinxsearch-2.2.11/src/spelldump.cpp:683:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sRemove [MAX_STR_LENGTH];
data/sphinxsearch-2.2.11/src/spelldump.cpp:684:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sAppend [MAX_STR_LENGTH];
data/sphinxsearch-2.2.11/src/spelldump.cpp:886:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * pFile = fopen ( m_sCharsetFile.cstr (), "rt" );
data/sphinxsearch-2.2.11/src/spelldump.cpp:892:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szBuffer [MAX_CHARSET_LENGTH];
data/sphinxsearch-2.2.11/src/spelldump.cpp:922:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dLocaleC[256], dLocaleUser[256];
data/sphinxsearch-2.2.11/src/spelldump.cpp:966:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_sRules[3];
data/sphinxsearch-2.2.11/src/spelldump.cpp:1069:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * pFile = fopen ( sResult.cstr (), "wt" );
data/sphinxsearch-2.2.11/src/sphinx.cpp:417:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_iFD = ::open ( sName.cstr(), iMode, 0644 );
data/sphinxsearch-2.2.11/src/sphinx.cpp:419:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_iFD = ::open ( sName.cstr(), iMode, 0644 );
data/sphinxsearch-2.2.11/src/sphinx.cpp:1848:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sExp[32];
data/sphinxsearch-2.2.11/src/sphinx.cpp:1996:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int iFD = ::open ( sPath, O_RDONLY );
data/sphinxsearch-2.2.11/src/sphinx.cpp:2012:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int iFD = ::open ( sFile, SPH_O_READ, 0644 );
data/sphinxsearch-2.2.11/src/sphinx.cpp:2321:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( d.AddN ( dMappings.GetLength() ), dMappings.Begin(), dMappings.GetLength() );
data/sphinxsearch-2.2.11/src/sphinx.cpp:2385:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( dMappings.AddN ( iLen+1 ), pNode->m_sTo.cstr(), iLen+1 );
data/sphinxsearch-2.2.11/src/sphinx.cpp:2734:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( &m_dWords [ iPos+1 ], dWords[i].cstr(), iLen );
data/sphinxsearch-2.2.11/src/sphinx.cpp:2829:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_sBuf, pFirst, m_iFirst+1 );
data/sphinxsearch-2.2.11/src/sphinx.cpp:3083:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pCurDocPtr, pToken, iTokenLen );
data/sphinxsearch-2.2.11/src/sphinx.cpp:3118:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_dLargeBuffer.Begin(), szBuffer, iBufferLength );
data/sphinxsearch-2.2.11/src/sphinx.cpp:3574:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_dBuffer.Begin(), pBufPtr, iBufSize );
data/sphinxsearch-2.2.11/src/sphinx.cpp:3845:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_pData, pLC->m_pData, sizeof(int)*m_iChunks*CHUNK_SIZE ); // NOLINT sizeof(int)
data/sphinxsearch-2.2.11/src/sphinx.cpp:3908:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_pChunk[i], pOldChunk, sizeof(int)*CHUNK_SIZE ); // NOLINT sizeof(int)
data/sphinxsearch-2.2.11/src/sphinx.cpp:3997:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_sError [ 1024 ];
data/sphinxsearch-2.2.11/src/sphinx.cpp:4037:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sErrorBuffer[32];
data/sphinxsearch-2.2.11/src/sphinx.cpp:4867:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sErrBuf[SPH_UDF_ERROR_LEN+1];
data/sphinxsearch-2.2.11/src/sphinx.cpp:4876:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sErrBuf[SPH_UDF_ERROR_LEN+1];
data/sphinxsearch-2.2.11/src/sphinx.cpp:5154:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sDst, sSrc, iLen );
data/sphinxsearch-2.2.11/src/sphinx.cpp:5171:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sDst, sSrc, iLen );
data/sphinxsearch-2.2.11/src/sphinx.cpp:5314:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuffer[1024];
data/sphinxsearch-2.2.11/src/sphinx.cpp:6502:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
pWordforms = m_pMultiWordforms->m_Hash ( (const char *)m_dStoredTokens[m_iStart+1].m_sToken );
data/sphinxsearch-2.2.11/src/sphinx.cpp:6518:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
pWordforms = m_pMultiWordforms->m_Hash ( (const char *)m_dStoredTokens[m_iStart].m_sToken );
data/sphinxsearch-2.2.11/src/sphinx.cpp:7046:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szNumber[256];
data/sphinxsearch-2.2.11/src/sphinx.cpp:7228:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pCopy, pData, uDataSize );
data/sphinxsearch-2.2.11/src/sphinx.cpp:7733:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_iFD = ::open ( m_sName.cstr(), SPH_O_NEW, 0644 );
data/sphinxsearch-2.2.11/src/sphinx.cpp:7824:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_pPool, pBuf, iPut );
data/sphinxsearch-2.2.11/src/sphinx.cpp:8230:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pOut, m_pBuff+m_iBuffPos, iLen );
data/sphinxsearch-2.2.11/src/sphinx.cpp:8253:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pOut, m_pBuff+m_iBuffPos, iLen );
data/sphinxsearch-2.2.11/src/sphinx.cpp:8269:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pOut, m_pBuff+m_iBuffPos, iSize );
data/sphinxsearch-2.2.11/src/sphinx.cpp:8435:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf[64];
data/sphinxsearch-2.2.11/src/sphinx.cpp:8457:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_iFD = ::open ( sFilename.cstr(), SPH_O_READ, 0644 );
data/sphinxsearch-2.2.11/src/sphinx.cpp:8701:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pDest, m_pCurrent, iBytes );
data/sphinxsearch-2.2.11/src/sphinx.cpp:10619:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( DOCINFO2ATTRS ( pTmpDocinfo ), pAttrs, (iOldStride - DOCINFO_IDSIZE)*sizeof(DWORD) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:11561:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pBuf+1, pKeyword, iLen );
data/sphinxsearch-2.2.11/src/sphinx.cpp:13052:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( DOCINFO2ATTRS ( pDocinfo ), pSource->m_tDocInfo.m_pDynamic, sizeof(CSphRowitem)*m_tSchema.GetRowSize() );
data/sphinxsearch-2.2.11/src/sphinx.cpp:13077:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pHits, pDocHits->First(), iDocHits*sizeof(CSphWordHit) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:13116:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( DOCINFO2ATTRS ( pDocinfo ), pSource->m_tDocInfo.m_pDynamic, sizeof(CSphRowitem)*m_tSchema.GetRowSize() );
data/sphinxsearch-2.2.11/src/sphinx.cpp:13163:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( DOCINFO2ATTRS ( pDocinfo ), pSrc, sizeof(CSphRowitem)*m_tSchema.GetRowSize() );
data/sphinxsearch-2.2.11/src/sphinx.cpp:13229:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pHits, pJoinedHits->First(), iJoinedHits*sizeof(CSphWordHit) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:13495:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( dMvaPool.Begin(), pEntry, iDocinfoStride * sizeof(DWORD) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:13527:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pDocinfo, pEntry, iDocinfoStride*sizeof(DWORD) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:14157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_sWord[MAX_KEYWORD_BYTES];
data/sphinxsearch-2.2.11/src/sphinx.cpp:14864:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( dRow.Begin(), pDstRow, iStride * sizeof ( CSphRowitem ) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:14889:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( dRow.Begin(), pSrcRow, iStride * sizeof ( CSphRowitem ) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:14961:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( dPhantomKiller.Begin()+iOldLen, dKillList.Begin(), sizeof(SphDocID_t)*iKillLen );
data/sphinxsearch-2.2.11/src/sphinx.cpp:14978:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( dMinRow.Begin(), pDstIndex->m_dMinRow.Begin(), sizeof(CSphRowitem)*dMinRow.GetLength() );
data/sphinxsearch-2.2.11/src/sphinx.cpp:15093:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf [ 16+3*SPH_MAX_WORD_LEN ];
data/sphinxsearch-2.2.11/src/sphinx.cpp:15107:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sBuf, pWord, iLen+1 );
data/sphinxsearch-2.2.11/src/sphinx.cpp:15145:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf [ 16+3*SPH_MAX_WORD_LEN ];
data/sphinxsearch-2.2.11/src/sphinx.cpp:15180:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sBuf, pWord, iLen );
data/sphinxsearch-2.2.11/src/sphinx.cpp:15192:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sBuf, pWord+1, iLen-- ); // chops star, copies trailing zero, updates iLen
data/sphinxsearch-2.2.11/src/sphinx.cpp:15196:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sBuf+1, pWord, ++iLen ); // copies everything incl trailing zero, updates iLen
data/sphinxsearch-2.2.11/src/sphinx.cpp:15229:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sBuf+1, pWord, iLen );
data/sphinxsearch-2.2.11/src/sphinx.cpp:15237:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sBuf, pWord, iLen );
data/sphinxsearch-2.2.11/src/sphinx.cpp:15377:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_pKillList.GetWritePtr(), pKillist, sizeof(SphDocID_t)*iCount );
data/sphinxsearch-2.2.11/src/sphinx.cpp:16220:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_iLockFD = ::open ( sName.cstr(), SPH_O_NEW, 0644 );
data/sphinxsearch-2.2.11/src/sphinx.cpp:17435:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pTarget + DOCINFO_IDSIZE, pSource + 1, iStride * sizeof(DWORD) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:17552:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sFrom [ SPH_MAX_FILENAME_LEN ];
data/sphinxsearch-2.2.11/src/sphinx.cpp:17553:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sTo [ SPH_MAX_FILENAME_LEN ];
data/sphinxsearch-2.2.11/src/sphinx.cpp:17930:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_all[20];
data/sphinxsearch-2.2.11/src/sphinx.cpp:17994:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strncpy ( (char *)sTokenized, dKeywords[iTokenized].m_sNormalized.scstr(), sizeof(sTokenized) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:18012:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strncpy ( (char *)sTmp, dChildren[iChild]->m_dWords[iAotKeyword].m_sWord.scstr(), sizeof(sTmp) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:18014:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strncpy ( (char *)sTmp2, dKeywords[iTokenized].m_sTokenized.scstr(), sizeof(sTmp2) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:18147:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sWord, tInfo.m_sTokenized.cstr(), iLen );
data/sphinxsearch-2.2.11/src/sphinx.cpp:18657:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sFixed [ MAX_KEYWORD_BYTES ];
data/sphinxsearch-2.2.11/src/sphinx.cpp:18661:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sFixed+1, sPrefix, iPrefix );
data/sphinxsearch-2.2.11/src/sphinx.cpp:18959:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf [ MAX_KEYWORD_BYTES ];
data/sphinxsearch-2.2.11/src/sphinx.cpp:18989:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf [ MAX_KEYWORD_BYTES ];
data/sphinxsearch-2.2.11/src/sphinx.cpp:19626:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sFile [ SPH_MAX_FILENAME_LEN ];
data/sphinxsearch-2.2.11/src/sphinx.cpp:19904:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sWord[MAX_KEYWORD_BYTES], sLastWord[MAX_KEYWORD_BYTES];
data/sphinxsearch-2.2.11/src/sphinx.cpp:20071:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sArenaWord, sWord, iLen );
data/sphinxsearch-2.2.11/src/sphinx.cpp:21238:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * pFile = fopen ( szFilename, "rb" );
data/sphinxsearch-2.2.11/src/sphinx.cpp:21359:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strcpy ( (char *)pWord, m_dNormalForms[*pIndex].m_sWord.cstr() ); // NOLINT
data/sphinxsearch-2.2.11/src/sphinx.cpp:21492:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/sphinxsearch-2.2.11/src/sphinx.cpp:21493:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_all[20];
data/sphinxsearch-2.2.11/src/sphinx.cpp:21939:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen ( sName, "rb" );
data/sphinxsearch-2.2.11/src/sphinx.cpp:22320:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pBuf, dTokens[0].cstr(), dTokens[0].Length()+1 );
data/sphinxsearch-2.2.11/src/sphinx.cpp:22377:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( dNewCharset.Begin(), tSettings.m_sCaseFolding.cstr(), dNewCharset.GetLength() );
data/sphinxsearch-2.2.11/src/sphinx.cpp:22421:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuffer [ 6*SPH_MAX_WORD_LEN + 512 ]; // enough to hold 2 UTF-8 words, plus some whitespace overhead
data/sphinxsearch-2.2.11/src/sphinx.cpp:22572:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szBuf [ MAX_KEYWORD_BYTES ];
data/sphinxsearch-2.2.11/src/sphinx.cpp:22654:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pWord, sStemmed, iLen );
data/sphinxsearch-2.2.11/src/sphinx.cpp:23209:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_dBlocksWords.Begin()+iOff, sKey, iAppendBytes );
data/sphinxsearch-2.2.11/src/sphinx.cpp:23420:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_sClippedWord[MAX_KEYWORD_BYTES]; ///< keyword storage for cliiped word
data/sphinxsearch-2.2.11/src/sphinx.cpp:23519:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_pKeywordChunk, sWord, iLen );
data/sphinxsearch-2.2.11/src/sphinx.cpp:23537:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_sClippedWord, sWord, MAX_KEYWORD_BYTES-4 );
data/sphinxsearch-2.2.11/src/sphinx.cpp:23850:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sClone, tWord.m_sKeyword, iLen+1 );
data/sphinxsearch-2.2.11/src/sphinx.cpp:24070:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_pKeywordChunk, tEntry.m_sKeyword, iLen );
data/sphinxsearch-2.2.11/src/sphinx.cpp:24240:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pTemp, dChunk[0], ( dChunk[1]-dChunk[0] )*sizeof(CSphWordHit) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:24242:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( dChunk[0] + ( dChunk[2]-dChunk[1] ), pTemp, ( dChunk[1]-dChunk[0] )*sizeof(CSphWordHit) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:24261:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pOut, dChunk[iChunk], iChunkHits*sizeof(CSphWordHit) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:24266:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( dChunk[0], pTemp, ( dChunk.Last()-dChunk[0] )*sizeof(CSphWordHit) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:24407:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_dPackedKeywords.Begin()+iOff+1, pWord, iLen );
data/sphinxsearch-2.2.11/src/sphinx.cpp:24586:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sTag[256], sAttr[256];
data/sphinxsearch-2.2.11/src/sphinx.cpp:26064:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sMinibuffer[8192];
data/sphinxsearch-2.2.11/src/sphinx.cpp:26474:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sBuf + 1, sWord, iBytes );
data/sphinxsearch-2.2.11/src/sphinx.cpp:26509:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sBuf + 1, sWord, iBytes );
data/sphinxsearch-2.2.11/src/sphinx.cpp:26622:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sBuf + 1, sWord, iBytes );
data/sphinxsearch-2.2.11/src/sphinx.cpp:26632:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sBuf + 1, sWord, iBytes );
data/sphinxsearch-2.2.11/src/sphinx.cpp:26814:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szBuf [MAX_NUMBER_LEN];
data/sphinxsearch-2.2.11/src/sphinx.cpp:26934:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf [ 1024 ];
data/sphinxsearch-2.2.11/src/sphinx.cpp:27025:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sValues [ MACRO_COUNT ] [ iBufSize ];
data/sphinxsearch-2.2.11/src/sphinx.cpp:27026:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * pValues [ MACRO_COUNT ];
data/sphinxsearch-2.2.11/src/sphinx.cpp:27091:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dBuf [MAX_BUF_SIZE];
data/sphinxsearch-2.2.11/src/sphinx.cpp:27108:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sValue[32];
data/sphinxsearch-2.2.11/src/sphinx.cpp:28412:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf [ 1024 ];
data/sphinxsearch-2.2.11/src/sphinx.cpp:28604:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf [ 1024 ];
data/sphinxsearch-2.2.11/src/sphinx.cpp:28645:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sPort[64];
data/sphinxsearch-2.2.11/src/sphinx.cpp:29126:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dOut[4];
data/sphinxsearch-2.2.11/src/sphinx.cpp:29232:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sBuf[1024];
data/sphinxsearch-2.2.11/src/sphinx.cpp:29981:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( dBuf.Begin()+dBuf.GetLength(), m_pFieldBuffer, m_iFieldBufferLen );
data/sphinxsearch-2.2.11/src/sphinx.cpp:30047:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_pFieldBuffer + m_iFieldBufferLen, pCharacters, iLen );
data/sphinxsearch-2.2.11/src/sphinx.cpp:30328:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szColumnName[MAX_NAME_LEN];
data/sphinxsearch-2.2.11/src/sphinx.cpp:30418:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szOutConn [2048];
data/sphinxsearch-2.2.11/src/sphinx.cpp:30641:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf [ 1024 ];
data/sphinxsearch-2.2.11/src/sphinx.cpp:30657:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szState[16] = "";
data/sphinxsearch-2.2.11/src/sphinx.cpp:30658:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szMessageText[1024] = "";
data/sphinxsearch-2.2.11/src/sphinx.cpp:30673:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szDriver[MAX_LEN];
data/sphinxsearch-2.2.11/src/sphinx.cpp:30674:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szDriverAttrs[MAX_LEN];
data/sphinxsearch-2.2.11/src/sphinx.cpp:31489:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sBuf[256];
data/sphinxsearch-2.2.11/src/sphinx.cpp:31771:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_sWord + iMatch, m_pBuf, iDelta );
data/sphinxsearch-2.2.11/src/sphinx.cpp:31885:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_sBuf.Begin()+iOff, sName, iLen );
data/sphinxsearch-2.2.11/src/sphinx.cpp:31938:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_dWordBuf.Begin() + iOff + 1, tWord.m_sKeyword, iWordLen );
data/sphinxsearch-2.2.11/src/sphinx.cpp:32089:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dInfixBuf[3*SPH_MAX_WORD_LEN+4];
data/sphinxsearch-2.2.11/src/sphinx.cpp:32090:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( dInfixBuf, sInfix, iBytes );
data/sphinxsearch-2.2.11/src/sphinx.cpp:32978:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sInfix[256];
data/sphinxsearch-2.2.11/src/sphinx.cpp:33244:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf [ 3*SPH_MAX_WORD_LEN+4 ];
data/sphinxsearch-2.2.11/src/sphinx.h:1395:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_pDynamic, rhs.m_pDynamic, iDynamic*sizeof(CSphRowitem) );
data/sphinxsearch-2.2.11/src/sphinx.h:2233:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * const MACRO_VALUES [ MACRO_COUNT ];
data/sphinxsearch-2.2.11/src/sphinxaot.cpp:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_Prefix[4];
data/sphinxsearch-2.2.11/src/sphinxaot.cpp:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_Flexia[24];
data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:553:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_sTmpWord, sWord, iLen );
data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:594:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( &m_dStarBuffer[iOff], sWord, iLen );
data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:706:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( &dResult[iOutLen], pSrc, iLen );
data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:712:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf[16];
data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:718:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( dResult.Begin()+iOutLen, sBuf, iPassLen );
data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:720:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( dResult.Begin()+iOutLen+iPassLen, pPost, iPostLen );
data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:3417:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( &dResult[iOutLen], sChunkSeparator.cstr(), iSeparatorLen );
data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:3437:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( &dResult[iOutLen], &(dPassageText[dPassageHeads[iBest]]), iLen );
data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:3441:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( &dResult[iOutLen], sChunkSeparator.cstr(), iSeparatorLen );
data/sphinxsearch-2.2.11/src/sphinxexpr.cpp:310:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pData, pEntry->m_pData, uDataLen );
data/sphinxsearch-2.2.11/src/sphinxexpr.cpp:2965:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
tArgs.arg_values = new char * [ tArgs.arg_count ];
data/sphinxsearch-2.2.11/src/sphinxexpr.cpp:6093:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sError [ SPH_UDF_ERROR_LEN ];
data/sphinxsearch-2.2.11/src/sphinxfilter.cpp:561:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_dVal.Begin()+iPacked, sVal, iLen );
data/sphinxsearch-2.2.11/src/sphinxfilter.cpp:565:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_dVal.Begin(), sVal, iLen );
data/sphinxsearch-2.2.11/src/sphinxfilter.cpp:621:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_dVal.Begin() + iOfs + iPacked, sRef.cstr(), iLen );
data/sphinxsearch-2.2.11/src/sphinxfilter.cpp:625:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_dVal.Begin() + iOfs, sRef.cstr(), iLen );
data/sphinxsearch-2.2.11/src/sphinxfilter.cpp:1201:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_dVal.Begin()+iPacked, pRef->cstr(), iLen );
data/sphinxsearch-2.2.11/src/sphinxfilter.cpp:1316:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_dMerged.Begin()+iOff, m_dExt[i].m_pBegin, sizeof ( m_dMerged[0] ) * m_dExt[i].m_iLen );
data/sphinxsearch-2.2.11/src/sphinxint.h:2009:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_sLastKeyword, pWord, iLen );
data/sphinxsearch-2.2.11/src/sphinxint.h:2405:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pPtr, m_pMarkerTokenized, PROXY_MARKER_LEN );
data/sphinxsearch-2.2.11/src/sphinxint.h:2414:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pPtr, pToken, iTokenLen+1 );
data/sphinxsearch-2.2.11/src/sphinxint.h:2444:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp [256];
data/sphinxsearch-2.2.11/src/sphinxint.h:2488:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pCurDocPtr, szTmp, iLen );
data/sphinxsearch-2.2.11/src/sphinxint.h:2501:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
m_dFieldLengths[i] = strlen ( (const char *)pFields[i] );
data/sphinxsearch-2.2.11/src/sphinxint.h:2512:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pDoc->m_dFieldStorage[i].Begin(), pFields[i], iFieldLen+1 );
data/sphinxsearch-2.2.11/src/sphinxint.h:2533:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pCurDocPtr, pToken, iTokenLen );
data/sphinxsearch-2.2.11/src/sphinxint.h:2571:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int iDoc = atoi ( (const char*)pToken );
data/sphinxsearch-2.2.11/src/sphinxint.h:2630:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pCurDoc->m_dFieldStorage[iField].Begin()+iStoredLen-1, szTmp, iTmpLen+1 );
data/sphinxsearch-2.2.11/src/sphinxint.h:2709:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( tTo.m_pDynamic, tFrom.m_pDynamic, iDynamic*sizeof(CSphRowitem) );
data/sphinxsearch-2.2.11/src/sphinxjson.cpp:135:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( p, s, iLen );
data/sphinxsearch-2.2.11/src/sphinxjson.cpp:154:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf[8] = { 0 };
data/sphinxsearch-2.2.11/src/sphinxjson.cpp:171:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sBuf, s+2, 4 );
data/sphinxsearch-2.2.11/src/sphinxjson.cpp:1141:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sVal[32];
data/sphinxsearch-2.2.11/src/sphinxjson.cpp:1142:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sVal, s, iLen );
data/sphinxsearch-2.2.11/src/sphinxmetaphone.cpp:597:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sOriginal, pWord, iLength + 1 );
data/sphinxsearch-2.2.11/src/sphinxmetaphone.cpp:610:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat ( (char *) sOriginal, " " ); // NOLINT
data/sphinxsearch-2.2.11/src/sphinxplugin.cpp:78:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * g_dPluginTypes[PLUGIN_TOTAL] = { "udf", "ranker", "index_token_filter", "query_token_filter" };
data/sphinxsearch-2.2.11/src/sphinxplugin.cpp:136:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sError[256];
data/sphinxsearch-2.2.11/src/sphinxplugin.h:151:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char * g_dPluginTypes[PLUGIN_TOTAL];
data/sphinxsearch-2.2.11/src/sphinxquery.cpp:438:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf[256];
data/sphinxsearch-2.2.11/src/sphinxquery.cpp:442:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sBuf, sPrefix, iPrefix );
data/sphinxsearch-2.2.11/src/sphinxquery.cpp:457:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf[256];
data/sphinxsearch-2.2.11/src/sphinxquery.cpp:461:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sBuf, sPrefix, iPrefix );
data/sphinxsearch-2.2.11/src/sphinxquery.cpp:768:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sNumberBuf[NUMBER_BUF_LEN];
data/sphinxsearch-2.2.11/src/sphinxquery.cpp:771:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sNumberBuf, sToken, iNumberLen );
data/sphinxsearch-2.2.11/src/sphinxquery.cpp:776:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_tPendingToken.tInt.iValue = atoi ( sNumberBuf );
data/sphinxsearch-2.2.11/src/sphinxquery.cpp:1731:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szError [ SPH_UDF_ERROR_LEN ];
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:301:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( dKlist.Begin()+iOff, m_dLargeKlist.Begin(), sizeof(m_dLargeKlist[0]) * m_dLargeKlist.GetLength() );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:317:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_dLargeKlist.Begin()+iOff, pDocs, sizeof(m_dLargeKlist[0]) * iCount );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:602:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pOut->Begin()+iOff, pData, iLen );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:741:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_tPackedWord+1+iMatch, pIn, iDelta );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:1781:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( &m_dStrings[iOff], dLen, iLenPacked );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:1782:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( &m_dStrings[iOff+iLenPacked], pStr, iLen );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:1799:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_dMvas.Begin()+iDst, dMvas.Begin()+iMva, (iCount+1)*sizeof(dMvas[0]) );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:2386:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( dDst.Begin() + uOff, pSrc, uWriteLen );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:2405:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( dDst.Begin()+iLen, pSrc, ( uCount+1 )*sizeof(DWORD) );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:3084:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( dSegmentKlist.Begin() + iAdded, pSeg->GetKlist().Begin(), sizeof(dSegmentKlist[0]) * pSeg->GetKlist().GetLength() );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:3089:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pKlist->m_dKilled.Begin(), dSegmentKlist.Begin(), sizeof(dSegmentKlist[0]) * dSegmentKlist.GetLength() );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:3114:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_dNewSegmentKlist.Begin()+iOff, dAccKlist.Begin(), sizeof(SphDocID_t)*iDiskLiveKLen );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:3140:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_dRamChunks.Begin() + m_iDoubleBuffer, dSegments.Begin(), sizeof(dSegments[0]) * dSegments.GetLength() );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:3421:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pFixedRow, pRow, iStride*sizeof(CSphRowitem) );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:3490:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sphDictCmpStrictly ( (const char *)pWords[i]->m_sWord+1, *pWords[i]->m_sWord, (const char *)pWord->m_sWord+1, *pWord->m_sWord )<0 ) )
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:3509:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sphDictCmpStrictly ( (const char *)pWords[i]->m_sWord+1, *pWords[i]->m_sWord, (const char *)pWord->m_sWord+1, *pWord->m_sWord )==0 ) ) )
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:3677:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sMinWord[SPH_MAX_KEYWORD_LEN];
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:3683:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sMinWord, pWord->m_sWord+1, iMinWordLen );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:3690:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
|| ( m_bKeywordDict && sphDictCmpStrictly ( (const char *)pWords[i]->m_sWord+1, pWords[i]->m_sWord[0], sMinWord, iMinWordLen )==0 ) ) )
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:4048:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_iLockFD = ::open ( sLock.cstr(), SPH_O_NEW, 0644 );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:4483:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pSeg->m_pKlist->m_dKilled.Begin(), dLegacy.Begin(), sizeof(pSeg->m_pKlist->m_dKilled[0]) * dLegacy.GetLength() );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:4710:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sWord+1+iMatch, pIn, iDelta );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:4757:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sLastWord, sWord, iWordLen+2 );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:4813:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( (void *)tCP.m_sWord, sWord+1, sWord[0]+1 );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:6079:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_dWordBuf.Begin() + iOff, pWord->m_sWord, iWordLen );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:6470:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_pStorage, STATIC2DOCINFO ( pMatch->m_pStatic ), sizeof(CSphRowitem)*m_iStaticSize );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:6645:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( tGuard.m_dRamChunks.Begin(), m_dRamChunks.Begin(), sizeof(m_dRamChunks[0]) * m_dRamChunks.GetLength() );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:6646:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( tGuard.m_dDiskChunks.Begin(), m_dDiskChunks.Begin(), sizeof(m_dDiskChunks[0]) * m_dDiskChunks.GetLength() );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:7491:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sWord, tInfo.m_sTokenized.cstr(), iLen );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:7837:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pDst, pSrc, sizeof(DWORD)*(uCount+1) );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:7955:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sFrom [ SPH_MAX_FILENAME_LEN ];
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:7956:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sTo [ SPH_MAX_FILENAME_LEN ];
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:8030:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sFileName[SPH_MAX_FILENAME_LEN];
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:8110:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( DOCINFO2ATTRS ( pNewDocinfo ), pAttrs, m_tSchema.GetRowSize()*sizeof(CSphRowitem) );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:8219:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pCombined+iCount, pIndex->GetKillList(), sizeof(SphDocID_t) * pIndex->GetKillListSize() );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:8435:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( dKlist.Begin()+iOff, pIndex->GetKillList(), sizeof(SphDocID_t)*pIndex->GetKillListSize() );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:8578:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sFile [ SPH_MAX_FILENAME_LEN ];
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:9421:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
const int iLockFD = ::open ( sName.cstr(), SPH_O_NEW, 0644 );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:10133:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * sTypes[iNumTypes] = { "rt_attr_uint", "rt_attr_bigint", "rt_attr_float", "rt_attr_timestamp", "rt_attr_string", "rt_attr_multi", "rt_attr_multi_64", "rt_attr_json", "rt_attr_bool" };
data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:1186:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( *ppRow, tSrc.m_pDocinfo, iStride*sizeof(CSphRowitem) );
data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:5651:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_tTestMatch.m_pDynamic, pCand->m_pDocinfo, m_iInlineRowitems*sizeof(CSphRowitem) );
data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:6635:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sErrorBuf [ SPH_UDF_ERROR_LEN ];
data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:8601:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pPack, m_dFieldTF.Begin(), m_dFieldTF.GetLength()*sizeof(m_dFieldTF[0]) );
data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:8885:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sTmp[MAX_STR_LEN];
data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:9467:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( &m_InlineAttrs[iLen], pChunk->m_pDocinfo, iStride*sizeof(CSphRowitem) );
data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:9566:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( &m_dDocs[0], &m_pNode->m_Docs[m_iDocIndex], sizeof(ExtDoc_t)*iDoc );
data/sphinxsearch-2.2.11/src/sphinxsort.cpp:780:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
inline static char * FormatInt ( char sBuf[32], T v )
data/sphinxsearch-2.2.11/src/sphinxsort.cpp:780:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
inline static char * FormatInt ( char sBuf[32], T v )
data/sphinxsearch-2.2.11/src/sphinxsort.cpp:1482:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sNew, sDst, iDst );
data/sphinxsearch-2.2.11/src/sphinxsort.cpp:1484:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sNew+iDst+1, sSrc, iSrc );
data/sphinxsearch-2.2.11/src/sphinxsort.cpp:1553:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_dRowBuf.Begin(), pOld->m_pDynamic, sizeof(m_dRowBuf[0]) * m_dRowBuf.GetLength() );
data/sphinxsearch-2.2.11/src/sphinxsort.cpp:2902:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf[32];
data/sphinxsearch-2.2.11/src/sphinxsort.cpp:4285:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pDst, pVal, iElemLen );
data/sphinxsearch-2.2.11/src/sphinxsort.cpp:4294:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pDst, pVal, iElemLen );
data/sphinxsearch-2.2.11/src/sphinxsort.cpp:4467:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sBuf1, pStr1, iLen );
data/sphinxsearch-2.2.11/src/sphinxsort.cpp:4468:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sBuf2, pStr2, iLen );
data/sphinxsearch-2.2.11/src/sphinxsort.cpp:4477:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pBuf1, pStr1, iLen );
data/sphinxsearch-2.2.11/src/sphinxsort.cpp:4478:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pBuf2, pStr2, iLen );
data/sphinxsearch-2.2.11/src/sphinxsort.cpp:4741:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_dBuf.Begin(), pStr, iLen );
data/sphinxsearch-2.2.11/src/sphinxstd.cpp:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuffer [ 1024 ];
data/sphinxsearch-2.2.11/src/sphinxstd.cpp:694:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf[1024];
data/sphinxsearch-2.2.11/src/sphinxstd.cpp:713:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf[1024];
data/sphinxsearch-2.2.11/src/sphinxstd.cpp:1295:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[64];
data/sphinxsearch-2.2.11/src/sphinxstd.h:1785:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_sValue, sValue, iLen );
data/sphinxsearch-2.2.11/src/sphinxstd.h:1801:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf[1024];
data/sphinxsearch-2.2.11/src/sphinxstd.h:1814:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf[1024];
data/sphinxsearch-2.2.11/src/sphinxstd.h:2024:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_sBuffer+m_iUsed, sText, iLen+1 );
data/sphinxsearch-2.2.11/src/sphinxstd.h:2037:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( m_sBuffer, rhs.m_sBuffer, m_iUsed+1 );
data/sphinxsearch-2.2.11/src/sphinxstd.h:2087:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pNew, m_sBuffer, m_iUsed+1 );
data/sphinxsearch-2.2.11/src/sphinxstd.h:2126:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
, m_iValue ( sString ? atoi ( sString ) : 0 )
data/sphinxsearch-2.2.11/src/sphinxstemcz.cpp:179:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
RemoveChars ( (char *) pRules[i].m_szSuffix, '!' );
data/sphinxsearch-2.2.11/src/sphinxstemcz.cpp:188:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
RemoveChars ( (char *) g_dPalatalizeRules[i].m_szSuffix, '!' );
data/sphinxsearch-2.2.11/src/sphinxstemcz.cpp:189:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
RemoveChars ( (char *) g_dPalatalizeRules[i].m_szAppend, '!' );
data/sphinxsearch-2.2.11/src/sphinxudf.c:146:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( out->field_tf, in, fields*sizeof(int) );
data/sphinxsearch-2.2.11/src/sphinxutils.cpp:358:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sMemLimit[256];
data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1000:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen ( sFileName, "rb" );
data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1013:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf [ L_BUFFER ] = { 0 };
data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1015:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sToken [ L_TOKEN ] = { 0 };
data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1242:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sStepback [ L_STEPBACK+1 ];
data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1243:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sStepback, sCtx, iCtx );
data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1564:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_all[20];
data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1854:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CBuf[uMaxIndex+1];
data/sphinxsearch-2.2.11/src/sphinxutils.cpp:2030:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char g_sSafeInfoBuf [ 1024 ];
data/sphinxsearch-2.2.11/src/sphinxutils.cpp:2061:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char g_pBacktrace[4096];
data/sphinxsearch-2.2.11/src/sphinxutils.cpp:2063:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * g_pArgv[128] = { "addr2line", "-e", "./searchd", "0x0", NULL };
data/sphinxsearch-2.2.11/src/sphinxutils.cpp:2355:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sFileName[SPH_MAX_FILENAME_LEN];
data/sphinxsearch-2.2.11/src/sphinxutils.h:127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_sError [ 1024 ];
data/sphinxsearch-2.2.11/src/testrt.cpp:182:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
COMMIT_STEP = atoi ( argv[1] );
data/sphinxsearch-2.2.11/src/tests.cpp:48:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen ( g_sTmpfile, "w+" );
data/sphinxsearch-2.2.11/src/tests.cpp:246:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
for ( int iCur=0; dTests[iCur] && atoi ( dTests[iCur++] )<=iRun; )
data/sphinxsearch-2.2.11/src/tests.cpp:301:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sTok4[SPH_MAX_WORD_LEN+1];
data/sphinxsearch-2.2.11/src/tests.cpp:572:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen ( sName, "rb" );
data/sphinxsearch-2.2.11/src/tests.cpp:735:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen ( "doc/sphinx.html", "rb" );
data/sphinxsearch-2.2.11/src/tests.cpp:749:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sRef, sBuf, iLen+1 );
data/sphinxsearch-2.2.11/src/tests.cpp:763:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( sBuf, sRef, iLen+1 );
data/sphinxsearch-2.2.11/src/tests.cpp:2018:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fpRes = fopen ( "benchsort/res.csv", "w+" );
data/sphinxsearch-2.2.11/src/tests.cpp:2046:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen ( sFile.cstr(), "w+" );
data/sphinxsearch-2.2.11/src/tests.cpp:2067:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen ( sHits, "rb+" );
data/sphinxsearch-2.2.11/src/tests.cpp:2515:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_dFields[m_iMaxFields][m_iMaxFieldLen];
data/sphinxsearch-2.2.11/src/tests.cpp:3047:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen ( CORPUS, "rb" );
data/sphinxsearch-2.2.11/src/tests.cpp:3111:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( p+1, pSnow->p, pSnow->l );
data/sphinxsearch-2.2.11/src/tests.cpp:3115:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/sphinxsearch-2.2.11/src/tests.cpp:3116:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( buf, p+1, *p+1 );
data/sphinxsearch-2.2.11/src/tests.cpp:3450:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf[64];
data/sphinxsearch-2.2.11/src/tests.cpp:3456:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sTest1[16] = "\xD9\x80\xD9\x80\xD9\x80\xD9\x80\0abcdef";
data/sphinxsearch-2.2.11/src/tests.cpp:3457:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sRef1[16] = "\0\0\0\0\0\0\0\0\0abcdef";
data/sphinxsearch-2.2.11/src/tests.cpp:3471:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( dTest22.Begin() + iOff, sTest2, sizeof(sTest2) );
data/sphinxsearch-2.2.11/src/tests.cpp:3829:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen ( g_sTmpfile, "wb" );
data/sphinxsearch-2.2.11/src/tests.cpp:3835:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen ( g_sTmpfile, "rb" );
data/sphinxsearch-2.2.11/src/tests.cpp:3869:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CSphString sTmp ( (const char *)pFields[i] );
data/sphinxsearch-2.2.11/src/wordbreaker.cpp:233:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen ( sDict, "rb" );
data/sphinxsearch-2.2.11/src/wordbreaker.cpp:238:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf[512];
data/sphinxsearch-2.2.11/src/wordbreaker.cpp:251:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int iFreq = atoi(p);
data/sphinxsearch-2.2.11/src/wordbreaker.cpp:402:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen ( sTestFile, "rb" );
data/sphinxsearch-2.2.11/src/wordbreaker.cpp:406:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf[1024];
data/sphinxsearch-2.2.11/src/wordbreaker.cpp:515:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen ( sBenchFile, "rb" );
data/sphinxsearch-2.2.11/src/wordbreaker.cpp:520:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf[512];
data/sphinxsearch-2.2.11/src/wordbreaker.cpp:563:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf[1024];
data/sphinxsearch-2.2.11/src/yysphinxexpr.c:1075:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/sphinxsearch-2.2.11/src/yysphinxexpr.c:1267:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/sphinxsearch-2.2.11/src/yysphinxjson.c:832:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/sphinxsearch-2.2.11/src/yysphinxjson.c:1024:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/sphinxsearch-2.2.11/src/yysphinxql.c:2418:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/sphinxsearch-2.2.11/src/yysphinxql.c:2610:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/sphinxsearch-2.2.11/src/yysphinxquery.c:904:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/sphinxsearch-2.2.11/src/yysphinxquery.c:1096:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/sphinxsearch-2.2.11/src/yysphinxselect.c:1098:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/sphinxsearch-2.2.11/src/yysphinxselect.c:1290:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:428:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return s ? chain ( client, s, 1+strlen(s) ) : NULL;
data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:1101:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return s ? strlen(s) : 0;
data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:1203:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = s ? (int)strlen(s) : 0;
data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:1585:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen ( client->host );
data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:2306:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(index)
data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:2307:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(words)
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:634:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
void SendString ( const char * v ) { int iLen = strlen(v); SendDword(iLen); SendBytes ( v, iLen ); }
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:846:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stat_print ( thd, sphinx_hton_name, strlen(sphinx_hton_name), _key, _keylen, _val, _vallen );
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:918:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sMessageType, strlen ( sMessageType ),
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:919:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pTls->m_pHeadTable->m_tStats.m_sLastMessage, strlen ( pTls->m_pHeadTable->m_tStats.m_sLastMessage ) );
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:946:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iLen = strlen(sSrc);
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1191:97: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pShare = (CSphSEShare*) sphinx_hash_search ( &sphinx_open_tables, (const uchar *) table_name, strlen(table_name) );
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1194:96: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pShare = (CSphSEShare*) sphinx_hash_search ( &sphinx_open_tables, (const byte *) table_name, strlen(table_name) );
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1196:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pShare = (CSphSEShare*) sphinx_hash_search ( &sphinx_open_tables, table_name, strlen(table_name) );
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1222:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pShare->m_iTableNameLen = strlen(table_name);
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1392:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * p = s + strlen(s);
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1532:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( !strncmp ( sValue, dSortModes[i].m_sName, strlen ( dSortModes[i].m_sName ) ) )
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1535:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_sSortBy = sValue + strlen ( dSortModes[i].m_sName );
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1562:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( !strncmp ( sValue, dGroupModes[i].m_sName, strlen ( dGroupModes[i].m_sName ) ) )
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1565:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_sGroupBy = sValue + strlen ( dGroupModes[i].m_sName );
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1880:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen ( m_sSortBy )
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1881:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen ( m_sQuery )
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1882:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen ( m_sIndex )
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1883:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen ( m_sGroupBy )
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1884:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen ( m_sGroupSortBy )
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1885:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen ( m_sGroupDistinct )
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1886:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen ( m_sComment )
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1887:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen ( m_sSelect );
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1889:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iReqSize += 4 + strlen(m_sRankExpr);
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1893:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iReqSize += 12 + strlen ( tFilter.m_sAttrName ); // string attr-name; int type; int exclude-flag
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1902:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iReqSize += 16 + strlen ( m_sGeoLatAttr ) + strlen ( m_sGeoLongAttr );
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1902:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iReqSize += 16 + strlen ( m_sGeoLatAttr ) + strlen ( m_sGeoLongAttr );
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1904:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iReqSize += 8 + strlen(m_sIndexWeight[i] );
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1906:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iReqSize += 8 + strlen(m_sFieldWeight[i] );
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1913:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iReqSize += strlen ( pOverride->m_sName ) + 12 + uSize*pOverride->m_dIds.elements();
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2206:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( saun.sun_path, sHost, sizeof(saun.sun_path)-1 );
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2292:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( pTable->m_tStats.m_sLastMessage, mysql_error ( pConn ), sizeof ( pTable->m_tStats.m_sLastMessage ) );
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2565:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( pTable->m_tStats.m_sLastMessage, sMessage, sizeof(pTable->m_tStats.m_sLastMessage) );
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2617:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strncmp ( sTableField, sAtPrefix, strlen(sAtPrefix) ) )
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2619:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sTableField += strlen(sAtPrefix);
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2761:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( pTable->m_sQuery, pString->str_value.c_ptr(), sizeof(pTable->m_sQuery) );
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2890:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_iCurrentKeyLen = strlen(pTable->m_sQuery);
data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2988:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( pTable->m_tStats.m_sLastMessage, sMessage, sizeof(pTable->m_tStats.m_sLastMessage) );
data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:103:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iLen = strlen(sSrc);
data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:221:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
void SendString ( const char * v ) { SendString ( v, strlen(v) ); }
data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:275:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iSize = 15 + strlen(m_sHost) + strlen(m_sIndex);
data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:275:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iSize = 15 + strlen(m_sHost) + strlen(m_sIndex);
data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:436:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( saun.sun_path, m_sHost, sizeof(saun.sun_path)-1 );
data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:643:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy ( sMessage, "insufficient arguments", MAX_MESSAGE_LENGTH );
data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:655:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy ( sMessage, "first three arguments must be of string type", MAX_MESSAGE_LENGTH );
data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:665:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy ( sMessage, "failed to parse connection string", MAX_MESSAGE_LENGTH );
data/sphinxsearch-2.2.11/src/indexer.cpp:328:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define LOC_TOKEQ(_arg) ( iTokLen==(int)strlen(_arg) && strncasecmp ( sTok, _arg, iTokLen )==0 )
data/sphinxsearch-2.2.11/src/indexer.cpp:1510:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
::write ( STDERR_FILENO, sFail1, strlen(sFail1) );
data/sphinxsearch-2.2.11/src/indexer.cpp:1511:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
::write ( STDERR_FILENO, g_sMinidump, strlen(g_sMinidump) );
data/sphinxsearch-2.2.11/src/indexer.cpp:1512:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
::write ( STDERR_FILENO, sFail2, strlen(sFail2) );
data/sphinxsearch-2.2.11/src/indexer.cpp:1513:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
::write ( STDERR_FILENO, sFailVer, strlen(sFailVer) );
data/sphinxsearch-2.2.11/src/indextool.cpp:88:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen ( (char *)sToken );
data/sphinxsearch-2.2.11/src/indextool.cpp:438:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iTotalDocuments += atoi ( sBuffer+strlen(sSearch) );
data/sphinxsearch-2.2.11/src/indextool.cpp:480:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( sWord, dWords[i], sizeof ( dWords[i] ) );
data/sphinxsearch-2.2.11/src/llsphinxjson.c:651:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/sphinxsearch-2.2.11/src/llsphinxjson.c:1642:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return yy2_scan_bytes(yystr,strlen(yystr) ,yyscanner);
data/sphinxsearch-2.2.11/src/llsphinxql.c:1069:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/sphinxsearch-2.2.11/src/llsphinxql.c:2669:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return yy_scan_bytes(yystr,strlen(yystr) ,yyscanner);
data/sphinxsearch-2.2.11/src/searchd.cpp:1480:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat ( sBuf, "\n" ); // NOLINT
data/sphinxsearch-2.2.11/src/searchd.cpp:1484:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sphWrite ( g_iLogFile, sTtyBuf, strlen(sTtyBuf) );
data/sphinxsearch-2.2.11/src/searchd.cpp:1486:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sphWrite ( g_iLogFile, sBuf, strlen(sBuf) );
data/sphinxsearch-2.2.11/src/searchd.cpp:1489:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sphWrite ( STDOUT_FILENO, sTtyBuf, strlen(sTtyBuf) );
data/sphinxsearch-2.2.11/src/searchd.cpp:1537:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * sTtyBuf = sBuf + strlen(sBuf);
data/sphinxsearch-2.2.11/src/searchd.cpp:1538:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( sTtyBuf, sBanner, 32 ); // 32 is arbitrary; just something that is enough and keeps lint happy
data/sphinxsearch-2.2.11/src/searchd.cpp:1540:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen(sBuf);
data/sphinxsearch-2.2.11/src/searchd.cpp:1577:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( sLast, sBuf, iLen );
data/sphinxsearch-2.2.11/src/searchd.cpp:2451:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen ( sPath );
data/sphinxsearch-2.2.11/src/searchd.cpp:2472:14: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
int iMask = umask ( 0 );
data/sphinxsearch-2.2.11/src/searchd.cpp:2475:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask ( iMask );
data/sphinxsearch-2.2.11/src/searchd.cpp:2614:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen(sPart);
data/sphinxsearch-2.2.11/src/searchd.cpp:3093:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = sStr ? strlen(sStr) : 0;
data/sphinxsearch-2.2.11/src/searchd.cpp:3113:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen(sStr);
data/sphinxsearch-2.2.11/src/searchd.cpp:3209:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen(sStr);
data/sphinxsearch-2.2.11/src/searchd.cpp:3620:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iStrLen = strlen(sBuf);
data/sphinxsearch-2.2.11/src/searchd.cpp:5876:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen ( sIndexes )
data/sphinxsearch-2.2.11/src/searchd.cpp:6543:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iQueryLen = strlen(szQuery);
data/sphinxsearch-2.2.11/src/searchd.cpp:6571:63: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
case SPH_MATCH_ANY: pQuery->m_eRanker = SPH_RANK_MATCHANY; strncpy ( szRes, "\"/1", 8 ); break;
data/sphinxsearch-2.2.11/src/searchd.cpp:7123:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iLen = strlen ( pSrc );
data/sphinxsearch-2.2.11/src/searchd.cpp:7680:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return iRespLen + 4 +strlen ( pRes->m_sError.cstr() );
data/sphinxsearch-2.2.11/src/searchd.cpp:7683:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iRespLen += 4+strlen ( pRes->m_sWarning.cstr() );
data/sphinxsearch-2.2.11/src/searchd.cpp:7689:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iRespLen += 4 + strlen ( pRes->m_sWarning.cstr() );
data/sphinxsearch-2.2.11/src/searchd.cpp:7702:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iRespLen += 4 + strlen ( pRes->m_tSchema.m_dFields[i].m_sName.cstr() ); // namelen, name
data/sphinxsearch-2.2.11/src/searchd.cpp:7704:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iRespLen += 8 + strlen ( pRes->m_tSchema.GetAttr(i).m_sName.cstr() ); // namelen, name, type
data/sphinxsearch-2.2.11/src/searchd.cpp:7731:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iRespLen += 12 + strlen ( pRes->m_hWordStats.IterateGetKey().cstr() ); // wordlen, word, docs, hits
data/sphinxsearch-2.2.11/src/searchd.cpp:7831:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iRespLen += strlen ( pStr );
data/sphinxsearch-2.2.11/src/searchd.cpp:8147:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen ( pString );
data/sphinxsearch-2.2.11/src/searchd.cpp:13084:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen ( sIndex )
data/sphinxsearch-2.2.11/src/searchd.cpp:13610:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iRespLen += 4 + strlen ( (const char *)dQueries[i].m_dRes.Begin() );
data/sphinxsearch-2.2.11/src/searchd.cpp:13667:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iRespLen += 4 + strlen ( dKeywords[i].m_sTokenized.cstr () );
data/sphinxsearch-2.2.11/src/searchd.cpp:13668:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iRespLen += 4 + strlen ( dKeywords[i].m_sNormalized.cstr () );
data/sphinxsearch-2.2.11/src/searchd.cpp:13727:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iReqSize = 4+strlen(sIndexes); // indexes string
data/sphinxsearch-2.2.11/src/searchd.cpp:13730:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iReqSize += 8 + strlen ( m_tUpd.m_dAttrs[i] );
data/sphinxsearch-2.2.11/src/searchd.cpp:14046:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tOut.SendInt ( 8 + strlen ( sReport.cstr() ) );
data/sphinxsearch-2.2.11/src/searchd.cpp:14065:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_sPattern.Reserve ( 2*strlen ( sPattern ) );
data/sphinxsearch-2.2.11/src/searchd.cpp:14612:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iRespLen += 4 + strlen ( dStatus[i].cstr() );
data/sphinxsearch-2.2.11/src/searchd.cpp:15015:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iErrorLen = strlen(sError)+1; // including the trailing zero
data/sphinxsearch-2.2.11/src/searchd.cpp:15068:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iMsgLen = strlen(sMessage) + 1; // FIXME! does or doesn't the trailing zero necessary in Ok packet?
data/sphinxsearch-2.2.11/src/searchd.cpp:15159:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iLen = strlen ( sMsg );
data/sphinxsearch-2.2.11/src/searchd.cpp:16274:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tOut.SendInt ( strlen ( m_sName ) + 12 + m_iLength );
data/sphinxsearch-2.2.11/src/searchd.cpp:16488:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iReqSize = strlen(sIndexes) + m_sBegin.Length() + m_sEnd.Length(); // indexes string
data/sphinxsearch-2.2.11/src/searchd.cpp:16497:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tOut.SendBytes ( sIndexes, strlen(sIndexes) );
data/sphinxsearch-2.2.11/src/searchd.cpp:17054:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iLen = strlen ( pString );
data/sphinxsearch-2.2.11/src/searchd.cpp:20265:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int iRes = ::read ( m_iFD, pBuf, iCount );
data/sphinxsearch-2.2.11/src/searchd.cpp:20398:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int iRes = ::read ( g_dPipes[i].m_iFD, &uStatus, sizeof(DWORD) );
data/sphinxsearch-2.2.11/src/searchd.cpp:20662:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen ( sSub.cstr() ) + 1 > sizeof(((struct sockaddr_un *)0)->sun_path) )
data/sphinxsearch-2.2.11/src/searchd.cpp:21861:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen(sBuf);
data/sphinxsearch-2.2.11/src/searchd.cpp:21886:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sBuf += strlen(sBuf);
data/sphinxsearch-2.2.11/src/searchd.cpp:21891:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iArgLen = strlen(sArg);
data/sphinxsearch-2.2.11/src/searchd.cpp:22386:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen ( tDesc.m_sUnix.cstr() );
data/sphinxsearch-2.2.11/src/searchd.cpp:22500:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iRespLen = 4 + strlen(sMessage);
data/sphinxsearch-2.2.11/src/searchd.cpp:22621:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy ( sClientName, "(local)", SPH_ADDRESS_SIZE );
data/sphinxsearch-2.2.11/src/searchd.cpp:23034:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen ( sVersion );
data/sphinxsearch-2.2.11/src/searchd.cpp:23036:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_iMysqlHandshake = sizeof(sHandshake1) + strlen(sVersion) + sizeof(sHandshake2) - 1;
data/sphinxsearch-2.2.11/src/searchd.cpp:23040:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_iMysqlHandshake = sizeof(sHandshake1) + strlen(SPHINX_VERSION) + sizeof(sHandshake2) - 1;
data/sphinxsearch-2.2.11/src/searchd.cpp:23157:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask ( 066 );
data/sphinxsearch-2.2.11/src/searchd.cpp:23500:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int iRead = ::read ( fdPipe, &uStatus, sizeof(DWORD) );
data/sphinxsearch-2.2.11/src/searchd.cpp:23822:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iPidLen = strlen(sPid);
data/sphinxsearch-2.2.11/src/spelldump.cpp:153:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iPos = strlen ( szWordBuffer ) - 1;
data/sphinxsearch-2.2.11/src/spelldump.cpp:255:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_iCondLen = szCondition ? strlen ( szCondition ) : 0;
data/sphinxsearch-2.2.11/src/spelldump.cpp:256:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_iStripLen = szStrip ? strlen ( szStrip ) : 0;
data/sphinxsearch-2.2.11/src/spelldump.cpp:257:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_iAppendLen = szAppend ? strlen ( szAppend ) : 0;
data/sphinxsearch-2.2.11/src/spelldump.cpp:269:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_iWordLen = strlen ( sWord.cstr () );
data/sphinxsearch-2.2.11/src/spelldump.cpp:338:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( szTmp, sWord.cstr (), m_iWordLen - m_iStripLen );
data/sphinxsearch-2.2.11/src/spelldump.cpp:398:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( szTmp + m_iAppendLen, sWord.cstr () + m_iStripLen, m_iWordLen - m_iStripLen );
data/sphinxsearch-2.2.11/src/spelldump.cpp:778:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLengthL = strlen ( szRangeL );
data/sphinxsearch-2.2.11/src/spelldump.cpp:779:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLengthU = strlen ( szRangeU );
data/sphinxsearch-2.2.11/src/spelldump.cpp:1094:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iFlagLen = strlen ( pWord->m_sFlags.cstr () );
data/sphinxsearch-2.2.11/src/spelldump.cpp:1164:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iWordLength = strlen ( dWords[i].m_sWord.cstr() );
data/sphinxsearch-2.2.11/src/sphinx.cpp:362:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int64_t iRead = ::read ( iFD, pBuf, iCount );
data/sphinxsearch-2.2.11/src/sphinx.cpp:1491:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pTokenizer->SetBuffer ( (const BYTE*)szQuery, strlen(szQuery) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:1852:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iExp = strlen ( sExp );
data/sphinxsearch-2.2.11/src/sphinx.cpp:1853:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iMacro = strlen ( sMacro );
data/sphinxsearch-2.2.11/src/sphinx.cpp:1857:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iRes = strlen ( sTemplate );
data/sphinxsearch-2.2.11/src/sphinx.cpp:1873:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( sOut, sLast, sCur-sLast ); sOut += sCur-sLast;
data/sphinxsearch-2.2.11/src/sphinx.cpp:1882:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert ( (int)strlen(sRes)==iRes );
data/sphinxsearch-2.2.11/src/sphinx.cpp:2291:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (int)strlen(sFrom) > MAX_KEYWORD_BYTES )
data/sphinxsearch-2.2.11/src/sphinx.cpp:2293:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (int)strlen(sTo)>MAX_KEYWORD_BYTES )
data/sphinxsearch-2.2.11/src/sphinx.cpp:2823:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_iFirst = strlen ( (const char*)pFirst );
data/sphinxsearch-2.2.11/src/sphinx.cpp:2842:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iSecond = strlen ( (const char*)pSecond );
data/sphinxsearch-2.2.11/src/sphinx.cpp:2863:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert ( m_iFirst + strlen ( (const char*)pSecond ) < sizeof(m_sBuf) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:2892:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( (char *)tToken.m_sToken, (const char *)sToken, sizeof(tToken.m_sToken) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:3074:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iTokenLen = strlen ( (const char*)pToken );
data/sphinxsearch-2.2.11/src/sphinx.cpp:3144:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iTokenLen = strlen ( (const char *)pToken );
data/sphinxsearch-2.2.11/src/sphinx.cpp:3344:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (const char*)m_dUTF8Buffer + strlen ( (const char*)m_dUTF8Buffer );
data/sphinxsearch-2.2.11/src/sphinx.cpp:3356:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SetBuffer ( (const BYTE*)sNewPtr, strlen ( sNewPtr ) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:3469:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( (char*)m_dUTF8Buffer, RPL_SPECIAL_STOPWORD, MAX_TOKEN_LEN );
data/sphinxsearch-2.2.11/src/sphinx.cpp:3499:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( (char*)m_dUTF8Buffer, RPL_SPECIAL_STOPWORD, MAX_TOKEN_LEN );
data/sphinxsearch-2.2.11/src/sphinx.cpp:3940:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iSpecials = strlen(sSpecials);
data/sphinxsearch-2.2.11/src/sphinx.cpp:4038:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( sErrorBuffer, m_pCurrent, sizeof(sErrorBuffer) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:5096:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iQueryLen = sQuery ? strlen ( sQuery ) : 0;
data/sphinxsearch-2.2.11/src/sphinx.cpp:5580:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( (char*)m_sAccumBlend, (char*)m_sAccum, sizeof(m_sAccumBlend) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:5912:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return ( iCheck==(int)strlen(sRef) && memcmp ( sCheck, sRef, iCheck )==0 );
data/sphinxsearch-2.2.11/src/sphinx.cpp:6102:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( (char*)m_sAccum, (char*)pMapTo, sizeof(m_sAccum) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:6106:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_iLastTokenLen = strlen ( (char*)m_sAccum );
data/sphinxsearch-2.2.11/src/sphinx.cpp:6455:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( (char *)tStart.m_sToken, m_pCurrentForm->m_dNormalForm[m_iOutputPending].m_sForm.cstr(), sizeof(tStart.m_sToken) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:6602:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( (char *)tEnd.m_sToken, pCurForm->m_dNormalForm[0].m_sForm.cstr(), sizeof(tEnd.m_sToken) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:6624:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( (char *)tDst.m_sToken, pCurForm->m_dNormalForm[0].m_sForm.cstr(), sizeof(tDst.m_sToken) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:7028:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen(sRef);
data/sphinxsearch-2.2.11/src/sphinx.cpp:7049:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( szNumber, m_pStart+pVal->m_iStart, iLen );
data/sphinxsearch-2.2.11/src/sphinx.cpp:7918:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = szString ? strlen ( szString ) : 0;
data/sphinxsearch-2.2.11/src/sphinx.cpp:7937:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert ( strlen(sTag)<64 ); // huge tags are nonsense
data/sphinxsearch-2.2.11/src/sphinx.cpp:7938:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PutBytes ( sTag, strlen(sTag) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:8432:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert ( strlen(sTag)<64 ); // huge tags are nonsense
data/sphinxsearch-2.2.11/src/sphinx.cpp:8434:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen(sTag);
data/sphinxsearch-2.2.11/src/sphinx.cpp:8792:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( (char*)m_sLastKeyword, (char*)m_sKeyword, sizeof(m_sLastKeyword) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:11241:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert ( strlen ( (char *)pHit->m_sKeyword )<sizeof(m_sLastKeyword)-1 );
data/sphinxsearch-2.2.11/src/sphinx.cpp:11242:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( (char*)m_tLastHit.m_sKeyword, (char*)pHit->m_sKeyword, sizeof(m_sLastKeyword) ); // OPTIMIZE?
data/sphinxsearch-2.2.11/src/sphinx.cpp:11380:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen ( tCol.m_sName.cstr() );
data/sphinxsearch-2.2.11/src/sphinx.cpp:11557:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen ( pKeyword ); // OPTIMIZE! remove this and memcpy and check if thats faster
data/sphinxsearch-2.2.11/src/sphinx.cpp:12975:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = sData ? strlen ( sData ) : 0;
data/sphinxsearch-2.2.11/src/sphinx.cpp:14242:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert ( iMatch<=(int)strlen(m_sWord) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:15094:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert ( strlen ( (const char*)pWord ) < 16+3*SPH_MAX_WORD_LEN );
data/sphinxsearch-2.2.11/src/sphinx.cpp:15101:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen ( (const char*)pWord );
data/sphinxsearch-2.2.11/src/sphinx.cpp:15147:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen ( (const char*)pWord );
data/sphinxsearch-2.2.11/src/sphinx.cpp:15172:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iLen = strlen ( (const char*)pWord );
data/sphinxsearch-2.2.11/src/sphinx.cpp:15250:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen ( (const char*)pWord );
data/sphinxsearch-2.2.11/src/sphinx.cpp:16104:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iWordLen = sWord ? strlen ( sWord ) : 0;
data/sphinxsearch-2.2.11/src/sphinx.cpp:16892:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_pTokenizer->SetBuffer ( (BYTE*)sBuf.cstr(), strlen ( sBuf.cstr() ) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:17971:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( (char *)sTokenized, sMultiform ? (const char*)sMultiform : (const char*)sWord, sizeof(sTokenized) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:17994:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( (char *)sTokenized, dKeywords[iTokenized].m_sNormalized.scstr(), sizeof(sTokenized) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:18012:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( (char *)sTmp, dChildren[iChild]->m_dWords[iAotKeyword].m_sWord.scstr(), sizeof(sTmp) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:18014:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( (char *)sTmp2, dKeywords[iTokenized].m_sTokenized.scstr(), sizeof(sTmp2) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:18136:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pTokenizer->SetBuffer ( (const BYTE *)szQuery, strlen(szQuery) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:18612:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int iLen = strlen ( sFull );
data/sphinxsearch-2.2.11/src/sphinx.cpp:18960:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( sBuf, tKeyword.m_sWord.cstr(), sizeof(sBuf) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:18992:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( sBuf, dLemmas[i].cstr(), sizeof(sBuf) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:19979:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int iLastWordLen = strlen(sLastWord);
data/sphinxsearch-2.2.11/src/sphinx.cpp:20007:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int iNewWordLen = strlen(sWord);
data/sphinxsearch-2.2.11/src/sphinx.cpp:20069:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int iLen = strlen ( sWord );
data/sphinxsearch-2.2.11/src/sphinx.cpp:20094:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int iLen = bWordDict ? strlen ( tCP.m_sWord ) : 0;
data/sphinxsearch-2.2.11/src/sphinx.cpp:20100:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i, tCP.m_sWord, (DWORD)strlen ( tCP.m_sWord ), (int64_t)tCP.m_iWordlistOffset,
data/sphinxsearch-2.2.11/src/sphinx.cpp:20101:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tRefCP.m_sWord, (DWORD)strlen ( tRefCP.m_sWord ), (int64_t)tRefCP.m_iWordlistOffset ));
data/sphinxsearch-2.2.11/src/sphinx.cpp:20187:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int iLastWordLen = strlen(sWord);
data/sphinxsearch-2.2.11/src/sphinx.cpp:21812:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLength = strlen ( (const char *)(pWord + 1) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:21868:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLength = strlen ( (const char *)(pWord + 1) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:21903:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSphFixedVector<char> dList ( 1+strlen(sFiles) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:22144:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( GetWordID ( pFrom, strlen ( (const char*)pFrom ), true ) )
data/sphinxsearch-2.2.11/src/sphinx.cpp:22177:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bool bFirstDestIsStop = !GetWordID ( pTo, strlen ( (const char*)pTo ), true );
data/sphinxsearch-2.2.11/src/sphinx.cpp:22186:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bool bStop = ( !GetWordID ( pDestToken, strlen ( (const char*)pDestToken ), true ) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:22651:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const sb_symbol * sStemmed = sb_stemmer_stem ( pStemmer, (sb_symbol*)pWord, strlen ( (const char*)pWord ) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:23176:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wrDict.PutBytes ( g_sTagInfixEntries, strlen ( g_sTagInfixEntries ) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:23316:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wrDict.PutBytes ( g_sTagInfixBlocks, strlen ( g_sTagInfixBlocks ) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:23324:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iBytes = strlen ( m_dBlocks[i].m_sInfix );
data/sphinxsearch-2.2.11/src/sphinx.cpp:23837:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int iLen = strlen ( tWord.m_sKeyword ); // OPTIMIZE?
data/sphinxsearch-2.2.11/src/sphinx.cpp:23913:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int iLen = strlen ( m_dCheckpoints[i].m_sWord );
data/sphinxsearch-2.2.11/src/sphinx.cpp:23992:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen ( pWord->m_sKeyword );
data/sphinxsearch-2.2.11/src/sphinx.cpp:24033:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen ( (char*)tEntry.m_sKeyword ) + 1;
data/sphinxsearch-2.2.11/src/sphinx.cpp:24090:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen ( (const char *)pWord );
data/sphinxsearch-2.2.11/src/sphinx.cpp:24100:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen ( (const char *)pWord );
data/sphinxsearch-2.2.11/src/sphinx.cpp:24110:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen ( (const char *)pWord );
data/sphinxsearch-2.2.11/src/sphinx.cpp:24374:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen ( (const char *)pWord );
data/sphinxsearch-2.2.11/src/sphinx.cpp:24540:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_dTags[i].m_iTagLen = strlen ( dKnown[i] );
data/sphinxsearch-2.2.11/src/sphinx.cpp:24603:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( sTag, s, p-s );
data/sphinxsearch-2.2.11/src/sphinx.cpp:24624:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_dTags.Last().m_iTagLen = strlen ( sTag );
data/sphinxsearch-2.2.11/src/sphinx.cpp:24644:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( sAttr, s, p-s );
data/sphinxsearch-2.2.11/src/sphinx.cpp:24707:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_dTags.Last().m_iTagLen = strlen ( sTag.cstr() );
data/sphinxsearch-2.2.11/src/sphinx.cpp:24743:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dTag.m_iTagLen = strlen(sTag);
data/sphinxsearch-2.2.11/src/sphinx.cpp:25502:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen ( pTag->m_dAttrs[iAttr].cstr() );
data/sphinxsearch-2.2.11/src/sphinx.cpp:25809:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( (char *)dStorage.Begin(), sRe2.c_str(), dStorage.GetLength() );
data/sphinxsearch-2.2.11/src/sphinx.cpp:25828:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if ( strstr ( sSplit + strlen ( sSplitter ), sSplitter ) )
data/sphinxsearch-2.2.11/src/sphinx.cpp:25837:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tRegExp.m_sTo = sSplit + strlen ( sSplitter );
data/sphinxsearch-2.2.11/src/sphinx.cpp:26046:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen(sLine);
data/sphinxsearch-2.2.11/src/sphinx.cpp:26473:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iBytes = strlen ( (const char*)sWord );
data/sphinxsearch-2.2.11/src/sphinx.cpp:26501:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iStemmedLen = strlen ( ( const char *)sBuf );
data/sphinxsearch-2.2.11/src/sphinx.cpp:26621:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iBytes = strlen ( (const char*)sWord );
data/sphinxsearch-2.2.11/src/sphinx.cpp:26631:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iBytes = strlen ( (const char*)sWord );
data/sphinxsearch-2.2.11/src/sphinx.cpp:26719:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iFieldBytes = (int) strlen ( (char*)sField );
data/sphinxsearch-2.2.11/src/sphinx.cpp:26732:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iFieldBytes = (int) strlen ( (char*)sField );
data/sphinxsearch-2.2.11/src/sphinx.cpp:26743:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iFieldBytes = (int) strlen ( (char*)sTextToIndex );
data/sphinxsearch-2.2.11/src/sphinx.cpp:26832:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( szBuf, pDigit, pPtr - pDigit );
data/sphinxsearch-2.2.11/src/sphinx.cpp:26958:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strncmp ( dMacroses[i], sCur, strlen ( dMacroses[i] ) )==0 )
data/sphinxsearch-2.2.11/src/sphinx.cpp:26960:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sCur += strlen ( dMacroses[i] );
data/sphinxsearch-2.2.11/src/sphinx.cpp:26961:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iLen += strlen ( dValues[i] );
data/sphinxsearch-2.2.11/src/sphinx.cpp:26984:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strncmp ( dMacroses[i], sCur, strlen ( dMacroses[i] ) )==0 )
data/sphinxsearch-2.2.11/src/sphinx.cpp:26987:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sCur += strlen ( dMacroses[i] );
data/sphinxsearch-2.2.11/src/sphinx.cpp:26988:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sDst += strlen ( dValues[i] );
data/sphinxsearch-2.2.11/src/sphinx.cpp:29235:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iBufLen = strlen ( sBuf );
data/sphinxsearch-2.2.11/src/sphinx.cpp:29240:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iBufLen = strlen ( sBuf );
data/sphinxsearch-2.2.11/src/sphinx.cpp:29649:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen(szName);
data/sphinxsearch-2.2.11/src/sphinx.cpp:30688:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| !strncmp ( szDriver, "SQL Server Native Client", strlen("SQL Server Native Client") ) )
data/sphinxsearch-2.2.11/src/sphinx.cpp:31604:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iCheckpointOnlySize = (int)(m_iInfixBlocksOffset - strlen ( g_sTagInfixBlocks ) - m_iDictCheckpointsOffset);
data/sphinxsearch-2.2.11/src/sphinx.cpp:31694:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_iWordsEnd = m_dInfixBlocks.Begin()->m_iOffset - strlen ( g_sTagInfixEntries );
data/sphinxsearch-2.2.11/src/sphinx.cpp:31696:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_iWordsEnd -= strlen ( g_sTagInfixEntries );
data/sphinxsearch-2.2.11/src/sphinx.cpp:31769:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert ( iMatch<=(int)strlen ( (char *)m_sWord ) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:32061:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( sphDictCmp ( sSubstring, iSubLen, pCheckpoint->m_sWord, strlen ( pCheckpoint->m_sWord ) )<0 )
data/sphinxsearch-2.2.11/src/sphinx.cpp:32451:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen ( (const char *)sWord );
data/sphinxsearch-2.2.11/src/sphinx.cpp:32680:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iWordsEnd = rdDict.UnzipInt() - strlen ( g_sTagInfixEntries );
data/sphinxsearch-2.2.11/src/sphinx.cpp:32876:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int iLen = strlen ( (const char*)pReader->GetWord() );
data/sphinxsearch-2.2.11/src/sphinx.cpp:32970:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wrDict.PutBytes ( g_sTagInfixBlocks, strlen ( g_sTagInfixBlocks ) );
data/sphinxsearch-2.2.11/src/sphinx.cpp:33247:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( sBuf, sWord.cstr(), sizeof(sBuf) );
data/sphinxsearch-2.2.11/src/sphinxaot.cpp:705:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char * b = a + strlen(a) - 1;
data/sphinxsearch-2.2.11/src/sphinxaot.cpp:1504:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( (char*)m_sToken, (char*)m_sOrigToken, sizeof(m_sToken) );
data/sphinxsearch-2.2.11/src/sphinxaot.cpp:1576:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( (char*)m_sOrigToken, (char*)pToken, sizeof(m_sOrigToken) );
data/sphinxsearch-2.2.11/src/sphinxaot.cpp:1631:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( (char*)m_sToken, (char*)m_sOrigToken, sizeof(m_sToken) );
data/sphinxsearch-2.2.11/src/sphinxaot.cpp:1721:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( (char*)m_sOrigToken, (char*)pToken, sizeof(m_sOrigToken) );
data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:340:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen ( sWord );
data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:443:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iQueryLen = strlen ( sQuery ); // FIXME!!! get length as argument
data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:469:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( (char *)m_sTmpWord, MAGIC_WORD_SENTENCE, sizeof(m_sTmpWord) );
data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:470:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
AddWord ( pDict->GetWordID ( m_sTmpWord ), strlen ( (char*)m_sTmpWord ), iQPos );
data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:475:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( (char *)m_sTmpWord, MAGIC_WORD_PARAGRAPH, sizeof(m_sTmpWord) );
data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:476:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
AddWord ( pDict->GetWordID ( m_sTmpWord ), strlen ( (char*)m_sTmpWord ), iQPos );
data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:484:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
AddWord ( pDict->GetWordID ( m_sTmpWord ), strlen ( (char*)m_sTmpWord ), iQPos );
data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:590:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen ( sWord );
data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:622:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( (char *)m_sTmpWord, tWord.m_sWord.cstr(), sizeof(m_sTmpWord) );
data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:1190:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( (char *)m_sTmpWord, MAGIC_WORD_SENTENCE, sizeof(m_sTmpWord) );
data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:1192:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( (char *)m_sTmpWord, MAGIC_WORD_PARAGRAPH, sizeof(m_sTmpWord) );
data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:1278:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( (char *)m_sTmpWord, tWord.m_sWord.cstr(), sizeof(m_sTmpWord) );
data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:3856:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iDataLen = strlen ( pData );
data/sphinxsearch-2.2.11/src/sphinxexpr.cpp:983:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen ( (const char*) *ppStr );
data/sphinxsearch-2.2.11/src/sphinxexpr.cpp:1915:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iHash = strlen ( sKey );
data/sphinxsearch-2.2.11/src/sphinxexpr.cpp:3137:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = ( pRes ? strlen(pRes) : 0 );
data/sphinxsearch-2.2.11/src/sphinxexpr.cpp:3211:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert ( iNameStart>=0 && iNameLen>0 && iNameStart+iNameLen<=(int)strlen ( m_sExpr ) );
data/sphinxsearch-2.2.11/src/sphinxint.h:1790:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return sphDictCmp ( sWord, iLen, tCP.m_sWord, strlen ( tCP.m_sWord ) );
data/sphinxsearch-2.2.11/src/sphinxint.h:1802:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return sphDictCmpStrictly ( sWord, iLen, tCP.m_sWord, strlen ( tCP.m_sWord ) );
data/sphinxsearch-2.2.11/src/sphinxint.h:2460:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_dFieldLengths[i] = pFields[i] ? strlen ( (const char*)pFields[i] ) : 0;
data/sphinxsearch-2.2.11/src/sphinxint.h:2501:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_dFieldLengths[i] = strlen ( (const char *)pFields[i] );
data/sphinxsearch-2.2.11/src/sphinxint.h:2529:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iTokenLen = strlen ( (const char*)pToken );
data/sphinxsearch-2.2.11/src/sphinxint.h:2568:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iTokenLen = strlen ( (const char *)pToken );
data/sphinxsearch-2.2.11/src/sphinxint.h:2600:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
AppendToField ( pCurDoc, iField, tStored.m_sToken, strlen ( (const char*)tStored.m_sToken ), m_pMarkerMorph );
data/sphinxsearch-2.2.11/src/sphinxjson.cpp:564:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen ( sData );
data/sphinxsearch-2.2.11/src/sphinxmetaphone.cpp:596:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLength = strlen ( (const char *)pWord );
data/sphinxsearch-2.2.11/src/sphinxmetaphone.cpp:617:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Word.iLengthPadded = strlen ( (const char *)sOriginal );
data/sphinxsearch-2.2.11/src/sphinxquery.cpp:441:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iPrefix = strlen(sPrefix);
data/sphinxsearch-2.2.11/src/sphinxquery.cpp:460:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iPrefix = strlen(sPrefix);
data/sphinxsearch-2.2.11/src/sphinxquery.cpp:1075:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( (char*)sTmp, sToken, MAX_TOKEN_BYTES );
data/sphinxsearch-2.2.11/src/sphinxquery.cpp:1711:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int OPTION_RELAXED_LEN = strlen ( OPTION_RELAXED );
data/sphinxsearch-2.2.11/src/sphinxquery.cpp:1745:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_iQueryLen = sQuery ? strlen(sQuery) : 0;
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:1614:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = pStr ? strlen ( pStr ) : 0;
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:1764:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = pStr ? strlen ( pStr ) : 0;
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:4720:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iCalcWordLen = strlen ( (const char *)sWord+1 );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:5091:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int iLen = m_bKeywordDict ? strlen ( tCP.m_sWord ) : 0;
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:5092:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( m_bKeywordDict && ( !tCP.m_sWord || ( !strlen ( tRefCP.m_sWord ) || !strlen ( tCP.m_sWord ) ) ) )
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:5092:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( m_bKeywordDict && ( !tCP.m_sWord || ( !strlen ( tRefCP.m_sWord ) || !strlen ( tCP.m_sWord ) ) ) )
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:5095:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i, iSegment, tCP.m_sWord, (DWORD)strlen ( tCP.m_sWord ), tCP.m_iOffset,
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:5096:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tRefCP.m_sWord, (DWORD)strlen ( tRefCP.m_sWord ), tRefCP.m_iOffset ));
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:6220:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iCheckpointNameLen = strlen ( pCurCheckpoint->m_sWord );
data/sphinxsearch-2.2.11/src/sphinxrt.cpp:7480:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pTokenizer->SetBuffer ( (BYTE *)sQuery, strlen ( sQuery ) );
data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:1212:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( (char*)sTmp, tWord.m_sWord.cstr(), sizeof(sTmp) );
data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:1526:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( (char*)sTmpWord, m_tWord.m_sWord.cstr(), sizeof(sTmpWord) );
data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:7843:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen ( sArgs );
data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:8900:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iValLen = strlen ( dVal.Begin() );
data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:8901:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iTotalLen = iValLen+strlen(sTmp);
data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:8913:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iValLen = strlen ( dVal.Begin() );
data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:8914:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iTotalLen = iValLen+strlen(sTmp);
data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:8971:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen ( szWord );
data/sphinxsearch-2.2.11/src/sphinxsort.cpp:783:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
return strncpy ( sBuf, "-2147483648", 32 );
data/sphinxsearch-2.2.11/src/sphinxsort.cpp:785:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
return strncpy ( sBuf, "-9223372036854775808", 32 );
data/sphinxsearch-2.2.11/src/sphinxsort.cpp:1479:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iSrc = strlen ( sSrc );
data/sphinxsearch-2.2.11/src/sphinxsort.cpp:1480:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iDst = strlen ( sDst );
data/sphinxsearch-2.2.11/src/sphinxsort.cpp:3518:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen(sBuffer);
data/sphinxsearch-2.2.11/src/sphinxsort.cpp:3713:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tState.m_tSubKeys[iField] = JsonKey_t ( pTok, strlen ( pTok ) );
data/sphinxsearch-2.2.11/src/sphinxsort.cpp:3724:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tState.m_tSubKeys[iField] = JsonKey_t ( pTok, strlen ( pTok ) );
data/sphinxsearch-2.2.11/src/sphinxsort.cpp:3737:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tState.m_tSubKeys[iField] = JsonKey_t ( pTok, strlen(pTok) );
data/sphinxsearch-2.2.11/src/sphinxstd.cpp:126:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * pTrace = (char*) ::malloc ( strlen(sTrace) + 1 );
data/sphinxsearch-2.2.11/src/sphinxstd.h:1716:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = 1+strlen(sString);
data/sphinxsearch-2.2.11/src/sphinxstd.h:1747:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = 1+strlen(rhs.m_sValue);
data/sphinxsearch-2.2.11/src/sphinxstd.h:1760:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen(m_sValue);
data/sphinxsearch-2.2.11/src/sphinxstd.h:1768:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( sRes.m_sValue, m_sValue+iStart, iCount );
data/sphinxsearch-2.2.11/src/sphinxstd.h:1853:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strncmp ( m_sValue, sPrefix, strlen(sPrefix) )==0;
data/sphinxsearch-2.2.11/src/sphinxstd.h:1861:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iVal = strlen ( m_sValue );
data/sphinxsearch-2.2.11/src/sphinxstd.h:1862:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iSuffix = strlen ( sSuffix );
data/sphinxsearch-2.2.11/src/sphinxstd.h:1873:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char * sEnd = m_sValue + strlen(m_sValue) - 1;
data/sphinxsearch-2.2.11/src/sphinxstd.h:1883:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return m_sValue ? (int)strlen(m_sValue) : 0;
data/sphinxsearch-2.2.11/src/sphinxstd.h:2019:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen ( sText );
data/sphinxsearch-2.2.11/src/sphinxstemar.cpp:80:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define AR_WORD_LENGTH ((int)(strlen((char*)word) / sizeof(ar_char)))
data/sphinxsearch-2.2.11/src/sphinxstemcz.cpp:125:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iWordLength = strlen ( (char*)word );
data/sphinxsearch-2.2.11/src/sphinxstemcz.cpp:149:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iWordLength = strlen ( (char *)word );
data/sphinxsearch-2.2.11/src/sphinxstemcz.cpp:167:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLength = strlen ( szString );
data/sphinxsearch-2.2.11/src/sphinxutils.cpp:65:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * p = sLine + strlen(sLine) - 1;
data/sphinxsearch-2.2.11/src/sphinxutils.cpp:359:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( sMemLimit, pEntry->cstr(), sizeof(sMemLimit) );
data/sphinxsearch-2.2.11/src/sphinxutils.cpp:362:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen ( sMemLimit );
data/sphinxsearch-2.2.11/src/sphinxutils.cpp:901:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
iBytesRead = read ( iRead, (void*)&(dResult [iTotalRead]), BUFFER_SIZE );
data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1025:28: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define LOC_ERROR(_msg) { strncpy ( m_sError, _msg, sizeof(m_sError) ); break; }
data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1046:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen(sBuf);
data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1233:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(m_sError) )
data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1339:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLen = strlen ( szPathName );
data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1965:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iValue = strlen ( pValue );
data/sphinxsearch-2.2.11/src/tests.cpp:163:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pTokenizer->SetBuffer ( (BYTE*)dTests[iCur], strlen ( dTests[iCur] ) );
data/sphinxsearch-2.2.11/src/tests.cpp:249:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pTokenizer->SetBuffer ( (BYTE*)dTests[iCur], strlen ( dTests[iCur] ) );
data/sphinxsearch-2.2.11/src/tests.cpp:272:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pTokenizer->SetBuffer ( (BYTE*)dTests2[iCur], strlen ( dTests2[iCur] ) );
data/sphinxsearch-2.2.11/src/tests.cpp:305:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pTokenizer->SetBuffer ( (BYTE*)sLine4, strlen(sLine4) );
data/sphinxsearch-2.2.11/src/tests.cpp:329:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pShortTokenizer->SetBuffer ( (BYTE*)(dTestsShort [iCur]), strlen ( (const char*)dTestsShort [iCur] ) );
data/sphinxsearch-2.2.11/src/tests.cpp:351:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pTokenizer->SetBuffer ( (BYTE*)sLine4, strlen(sLine4) );
data/sphinxsearch-2.2.11/src/tests.cpp:364:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pTokenizer->SetBuffer ( (BYTE*)sLine4, strlen(sLine4) );
data/sphinxsearch-2.2.11/src/tests.cpp:379:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pTokenizer->SetBuffer ( (BYTE*)sLine5, strlen(sLine5) );
data/sphinxsearch-2.2.11/src/tests.cpp:390:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pTokenizer->SetBuffer ( (BYTE*)sLine6, strlen(sLine6) );
data/sphinxsearch-2.2.11/src/tests.cpp:429:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pTokenizer->SetBuffer ( (BYTE*)sTest1, strlen(sTest1) );
data/sphinxsearch-2.2.11/src/tests.cpp:440:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pTokenizer->SetBuffer ( (BYTE*)sTest2, strlen(sTest2) );
data/sphinxsearch-2.2.11/src/tests.cpp:449:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pTokenizer->SetBuffer ( (BYTE*)sTest3, strlen(sTest3) );
data/sphinxsearch-2.2.11/src/tests.cpp:467:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pTokenizer->SetBuffer ( (BYTE*)sTest4, strlen(sTest4) );
data/sphinxsearch-2.2.11/src/tests.cpp:477:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pTokenizer->SetBuffer ( (BYTE*)sTest5, strlen(sTest5) );
data/sphinxsearch-2.2.11/src/tests.cpp:487:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pTokenizer->SetBuffer ( (BYTE*)sTest6, strlen(sTest6) );
data/sphinxsearch-2.2.11/src/tests.cpp:497:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pTokenizer->SetBuffer ( (BYTE*)sTest7, strlen(sTest7) );
data/sphinxsearch-2.2.11/src/tests.cpp:515:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pTokenizer->SetBuffer ( (BYTE*)sTest10, strlen(sTest10) );
data/sphinxsearch-2.2.11/src/tests.cpp:532:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pTokenizer->SetBuffer ( (BYTE*)sTest20, strlen(sTest20) );
data/sphinxsearch-2.2.11/src/tests.cpp:2898:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pTok->SetBuffer ( (BYTE*)sTest[i], strlen ( sTest[i] ) );
data/sphinxsearch-2.2.11/src/tests.cpp:3035:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SN_set_current ( pSnow, strlen(test), (const symbol *)test );
data/sphinxsearch-2.2.11/src/tests.cpp:3038:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stem_en ( (BYTE*)test, strlen(test) );
data/sphinxsearch-2.2.11/src/tests.cpp:3119:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ll = strlen ( (char*)p+1 );
data/sphinxsearch-2.2.11/src/tests.cpp:3831:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite ( dTest[iTest], 1, strlen ( dTest[iTest] ), fp );
data/sphinxsearch-2.2.11/src/wordbreaker.cpp:291:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int iLen = strlen(sWord);
data/sphinxsearch-2.2.11/src/wordbreaker.cpp:389:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * e = p + strlen(p) - 1;
data/sphinxsearch-2.2.11/src/wordbreaker.cpp:571:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * pMax = sBuf + strlen(sBuf);
data/sphinxsearch-2.2.11/src/yysphinxexpr.c:975:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/sphinxsearch-2.2.11/src/yysphinxjson.c:732:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/sphinxsearch-2.2.11/src/yysphinxql.c:2318:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/sphinxsearch-2.2.11/src/yysphinxquery.c:804:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/sphinxsearch-2.2.11/src/yysphinxselect.c:998:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
ANALYSIS SUMMARY:
Hits = 1033
Lines analyzed = 157149 in approximately 3.90 seconds (40337 lines/second)
Physical Source Lines of Code (SLOC) = 117805
Hits@level = [0] 812 [1] 373 [2] 518 [3] 2 [4] 140 [5] 0
Hits@level+ = [0+] 1845 [1+] 1033 [2+] 660 [3+] 142 [4+] 140 [5+] 0
Hits/KSLOC@level+ = [0+] 15.6615 [1+] 8.76873 [2+] 5.60248 [3+] 1.20538 [4+] 1.1884 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.