Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/sphinxsearch-2.2.11/src/sphinxversion.h Examining data/sphinxsearch-2.2.11/src/yysphinxselect.h Examining data/sphinxsearch-2.2.11/src/yysphinxselect.c Examining data/sphinxsearch-2.2.11/src/yysphinxquery.h Examining data/sphinxsearch-2.2.11/src/yysphinxquery.c Examining data/sphinxsearch-2.2.11/src/yysphinxql.h Examining data/sphinxsearch-2.2.11/src/yysphinxql.c Examining data/sphinxsearch-2.2.11/src/yysphinxjson.h Examining data/sphinxsearch-2.2.11/src/yysphinxjson.c Examining data/sphinxsearch-2.2.11/src/yysphinxexpr.h Examining data/sphinxsearch-2.2.11/src/yysphinxexpr.c Examining data/sphinxsearch-2.2.11/src/wordbreaker.cpp Examining data/sphinxsearch-2.2.11/src/udfexample.c Examining data/sphinxsearch-2.2.11/src/tests.cpp Examining data/sphinxsearch-2.2.11/src/testrt.cpp Examining data/sphinxsearch-2.2.11/src/sphinxutils.h Examining data/sphinxsearch-2.2.11/src/sphinxutils.cpp Examining data/sphinxsearch-2.2.11/src/sphinxudf.h Examining data/sphinxsearch-2.2.11/src/sphinxudf.c Examining data/sphinxsearch-2.2.11/src/sphinxstemru.cpp Examining data/sphinxsearch-2.2.11/src/sphinxstemen.cpp Examining data/sphinxsearch-2.2.11/src/sphinxstemcz.cpp Examining data/sphinxsearch-2.2.11/src/sphinxstemar.cpp Examining data/sphinxsearch-2.2.11/src/sphinxstem.h Examining data/sphinxsearch-2.2.11/src/sphinxstd.h Examining data/sphinxsearch-2.2.11/src/sphinxstd.cpp Examining data/sphinxsearch-2.2.11/src/sphinxsoundex.cpp Examining data/sphinxsearch-2.2.11/src/sphinxsort.cpp Examining data/sphinxsearch-2.2.11/src/sphinxsearch.h Examining data/sphinxsearch-2.2.11/src/sphinxsearch.cpp Examining data/sphinxsearch-2.2.11/src/sphinxrt.h Examining data/sphinxsearch-2.2.11/src/sphinxrt.cpp Examining data/sphinxsearch-2.2.11/src/sphinxquery.h Examining data/sphinxsearch-2.2.11/src/sphinxquery.cpp Examining data/sphinxsearch-2.2.11/src/sphinxplugin.h Examining data/sphinxsearch-2.2.11/src/sphinxplugin.cpp Examining data/sphinxsearch-2.2.11/src/sphinxmetaphone.cpp Examining data/sphinxsearch-2.2.11/src/sphinxjson.h Examining data/sphinxsearch-2.2.11/src/sphinxjson.cpp Examining data/sphinxsearch-2.2.11/src/sphinxint.h Examining data/sphinxsearch-2.2.11/src/sphinxfilter.h Examining data/sphinxsearch-2.2.11/src/sphinxfilter.cpp Examining data/sphinxsearch-2.2.11/src/sphinxexpr.h Examining data/sphinxsearch-2.2.11/src/sphinxexpr.cpp Examining data/sphinxsearch-2.2.11/src/sphinxexcerpt.h Examining data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp Examining data/sphinxsearch-2.2.11/src/sphinxaot.cpp Examining data/sphinxsearch-2.2.11/src/sphinx.h Examining data/sphinxsearch-2.2.11/src/spelldump.cpp Examining data/sphinxsearch-2.2.11/src/searchd.cpp Examining data/sphinxsearch-2.2.11/src/llsphinxql.c Examining data/sphinxsearch-2.2.11/src/llsphinxjson.c Examining data/sphinxsearch-2.2.11/src/indextool.cpp Examining data/sphinxsearch-2.2.11/src/indexer.cpp Examining data/sphinxsearch-2.2.11/src/sphinx.cpp Examining data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc Examining data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.h Examining data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc Examining data/sphinxsearch-2.2.11/api/libsphinxclient/test.c Examining data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.h Examining data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c FINAL RESULTS: data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:28:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define vsnprintf _vsnprintf data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:383:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf ( client->local_error_buf, sizeof(client->local_error_buf), template, ap ); data/sphinxsearch-2.2.11/api/libsphinxclient/test.c:35:2: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf ( template, ap ); data/sphinxsearch-2.2.11/api/libsphinxclient/test.c:110:6: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ( k ? ",%u" : "%u", ( res->attr_types[j]==SPH_ATTR_MULTI ? mva[k] : (unsigned int)sphinx_get_mva64_value ( mva, k ) ) ); data/sphinxsearch-2.2.11/api/libsphinxclient/test.c:366:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ( ( j==0 ) ? "%s:" : " %s", status[k] ); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:54:10: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:54:19: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:261:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf ( stderr, format, ap ); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:987:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf ( stderr, sFmt, ap ); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:3157:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf ( pCur, sBuf+sizeof(sBuf)-pCur, INT64_FMT, uEntry ); data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:619:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf ( sMessage, MAX_MESSAGE_LENGTH, \ data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:628:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf ( sMessage, MAX_MESSAGE_LENGTH, \ data/sphinxsearch-2.2.11/src/indexer.cpp:29:10: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/sphinxsearch-2.2.11/src/indexer.cpp:29:19: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/sphinxsearch-2.2.11/src/indexer.cpp:30:10: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. #define popen _popen data/sphinxsearch-2.2.11/src/indexer.cpp:787:17: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. FILE * pPipe = popen ( hSource [ "xmlpipe_command" ].cstr(), RMODE ); data/sphinxsearch-2.2.11/src/indexer.cpp:825:17: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. FILE * pPipe = popen ( hSource [ "tsvpipe_command" ].cstr(), RMODE ); data/sphinxsearch-2.2.11/src/indexer.cpp:850:17: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. FILE * pPipe = popen ( hSource [ "csvpipe_command" ].cstr(), RMODE ); data/sphinxsearch-2.2.11/src/indexer.cpp:1743:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf ( stdout, SPHINX_BANNER ); data/sphinxsearch-2.2.11/src/indextool.cpp:493:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf ( stdout, INT64_FMT" documents, " INT64_FMT " words (" INT64_FMT " read, " INT64_FMT " merged, " INT64_FMT " skipped)\n", data/sphinxsearch-2.2.11/src/indextool.cpp:646:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf ( stdout, INT64_FMT" documents, " INT64_FMT " words (" INT64_FMT " read, " INT64_FMT " merged, " INT64_FMT " skipped)\n", data/sphinxsearch-2.2.11/src/indextool.cpp:758:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf ( stdout, SPHINX_BANNER ); data/sphinxsearch-2.2.11/src/indextool.cpp:939:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf ( stdout, SPHINX_BANNER ); data/sphinxsearch-2.2.11/src/searchd.cpp:483:18: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int iPrinted = vsnprintf ( m_dBuf.Begin(), m_dBuf.GetLength()-1, sTemplate, ap ); data/sphinxsearch-2.2.11/src/searchd.cpp:1548:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf ( sBuf+iLen, iBufSize, sFmt, ap ); data/sphinxsearch-2.2.11/src/searchd.cpp:1600:69: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void sphFatal ( const char * sFmt, ... ) __attribute__ ( ( format ( printf, 1, 2 ) ) ); data/sphinxsearch-2.2.11/src/searchd.cpp:1686:96: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void SubmitEx ( const char * sIndex, const char * sTemplate, ... ) __attribute__ ( ( format ( printf, 3, 4 ) ) ) data/sphinxsearch-2.2.11/src/searchd.cpp:3007:79: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. virtual void SendErrorReply ( const char *, ... ) __attribute__ ( ( format ( printf, 2, 3 ) ) ) = 0; data/sphinxsearch-2.2.11/src/searchd.cpp:3026:79: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. virtual void SendErrorReply ( const char *, ... ) __attribute__ ( ( format ( printf, 2, 3 ) ) ) {} data/sphinxsearch-2.2.11/src/searchd.cpp:3040:79: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. virtual void SendErrorReply ( const char *, ... ) __attribute__ ( ( format ( printf, 2, 3 ) ) ); data/sphinxsearch-2.2.11/src/searchd.cpp:3616:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf ( sBuf, iMaxStrLen, sTemplate, ap ); data/sphinxsearch-2.2.11/src/searchd.cpp:4255:88: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void Fail ( eAgentStats eStat, const char* sMessage, ... ) __attribute__ ( ( format ( printf, 3, 4 ) ) ); data/sphinxsearch-2.2.11/src/searchd.cpp:14130:77: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. bool MatchAddVa ( const char * sTemplate, ... ) __attribute__ ( ( format ( printf, 2, 3 ) ) ) data/sphinxsearch-2.2.11/src/searchd.cpp:15150:14: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int iLen = snprintf ( Get()+1, SPH_MAX_NUMERIC_STR-1, sFormat, tVal ); data/sphinxsearch-2.2.11/src/searchd.cpp:15215:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf ( sBuf, sizeof(sBuf), sTemplate, ap ); data/sphinxsearch-2.2.11/src/searchd.cpp:15279:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf ( sTmp, sizeof(sTmp), INT64_FMT, iRight ); data/sphinxsearch-2.2.11/src/searchd.cpp:15316:77: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. bool MatchAddVa ( const char * sTemplate, ... ) __attribute__ ( ( format ( printf, 2, 3 ) ) ) data/sphinxsearch-2.2.11/src/searchd.cpp:16975:20: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int iLen = snprintf ( dRows.Get(), SPH_MAX_NUMERIC_STR, nValues>0 ? "%u," : "%u", *pValues++ ); data/sphinxsearch-2.2.11/src/searchd.cpp:16984:20: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int iLen = snprintf ( dRows.Get(), SPH_MAX_NUMERIC_STR, nValues>2 ? INT64_FMT"," : INT64_FMT, iVal ); data/sphinxsearch-2.2.11/src/searchd.cpp:20001:15: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int iLen = snprintf ( dBuf, sizeof ( dBuf ), "SET GLOBAL %s = ( " INT64_FMT, dUservars[i].m_sName.cstr(), dVals[0] ); data/sphinxsearch-2.2.11/src/searchd.cpp:20004:13: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. iLen += snprintf ( dBuf+iLen, sizeof ( dBuf ), ", " INT64_FMT, dVals[j] ); data/sphinxsearch-2.2.11/src/searchd.cpp:22027:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf ( stdout, data/sphinxsearch-2.2.11/src/searchd.cpp:22469:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf ( stdout, ( j==0 ) ? ": " : " " ); data/sphinxsearch-2.2.11/src/searchd.cpp:23215:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf ( stdout, SPHINX_BANNER ); data/sphinxsearch-2.2.11/src/spelldump.cpp:342:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat ( szTmp, m_sAppend.cstr () ); // NOLINT data/sphinxsearch-2.2.11/src/spelldump.cpp:396:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ( szTmp, m_sAppend.cstr() ); // NOLINT data/sphinxsearch-2.2.11/src/spelldump.cpp:662:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ( szAppend, szStrip ); // NOLINT data/sphinxsearch-2.2.11/src/spelldump.cpp:732:10: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if ( sscanf ( sLine, "%c %s %s %s", &cNewFlag, sRemove, sAppend, sCondition )==4 ) // NOLINT data/sphinxsearch-2.2.11/src/sphinx.cpp:84:10: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. #define popen _popen data/sphinxsearch-2.2.11/src/sphinx.cpp:86:10: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/sphinxsearch-2.2.11/src/sphinx.cpp:86:19: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/sphinxsearch-2.2.11/src/sphinx.cpp:169:73: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void sphWarn ( const char * sTemplate, ... ) __attribute__ ( ( format ( printf, 1, 2 ) ) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:1702:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf ( stdout, sTemplate, ap ); data/sphinxsearch-2.2.11/src/sphinx.cpp:1849:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf ( sExp, sizeof(sExp), DOCID_FMT, uValue ); data/sphinxsearch-2.2.11/src/sphinx.cpp:1874:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ( sOut, sExp ); sOut += iExp; // NOLINT data/sphinxsearch-2.2.11/src/sphinx.cpp:1880:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ( sOut, sLast ); // NOLINT data/sphinxsearch-2.2.11/src/sphinx.cpp:2864:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ( (char*)m_sBuf+m_iFirst+1, (const char*)pSecond ); //NOLINT data/sphinxsearch-2.2.11/src/sphinx.cpp:16869:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ( INT64_FMT". id=" DOCID_FMT "\n", iRow+1, DOCINFO2ID ( pDocinfo ) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:17931:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf ( buf_all, "lemmatize_%s_all", AOT_LANGUAGES[j] ); // NOLINT data/sphinxsearch-2.2.11/src/sphinx.cpp:19788:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf _args; \ data/sphinxsearch-2.2.11/src/sphinx.cpp:20809:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf ( fp, INT64_FMT"/" INT64_FMT "\r", iRow, iRowsTotal ); data/sphinxsearch-2.2.11/src/sphinx.cpp:20981:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf ( fp, INT64_FMT"/" INT64_FMT "\r", iIndexEntry, m_iDocinfo ); data/sphinxsearch-2.2.11/src/sphinx.cpp:21359:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ( (char *)pWord, m_dNormalForms[*pIndex].m_sWord.cstr() ); // NOLINT data/sphinxsearch-2.2.11/src/sphinx.cpp:21494:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf ( buf, "lemmatize_%s", AOT_LANGUAGES[j] ); // NOLINT data/sphinxsearch-2.2.11/src/sphinx.cpp:21495:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf ( buf_all, "lemmatize_%s_all", AOT_LANGUAGES[j] ); // NOLINT data/sphinxsearch-2.2.11/src/sphinx.cpp:21904:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ( dList.Begin(), sFiles ); // NOLINT data/sphinxsearch-2.2.11/src/sphinx.cpp:22023:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat ( szReport, sString.cstr() ); // NOLINT data/sphinxsearch-2.2.11/src/sphinx.cpp:26986:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ( sDst, dValues[i] ); // NOLINT data/sphinxsearch-2.2.11/src/sphinx.cpp:27028:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf ( sValues[0], iBufSize, DOCID_FMT, m_uCurrentID ); data/sphinxsearch-2.2.11/src/sphinx.cpp:27029:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf ( sValues[1], iBufSize, DOCID_FMT, uNextID ); data/sphinxsearch-2.2.11/src/sphinx.cpp:27051:17: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. FILE * pPipe = popen ( szCommand, "r" ); data/sphinxsearch-2.2.11/src/sphinx.cpp:27086:17: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. FILE * pPipe = popen ( szCommand, "r" ); data/sphinxsearch-2.2.11/src/sphinx.cpp:27110:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf ( sValue, sizeof(sValue), DOCID_FMT, uLastIndexed ); data/sphinxsearch-2.2.11/src/sphinx.cpp:27114:17: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. FILE * pPipe = popen ( pCmd, "r" ); data/sphinxsearch-2.2.11/src/sphinx.cpp:28334:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf ( stdout, bRes ? "SQL-CONNECT: ok\n" : "SQL-CONNECT: FAIL\n" ); data/sphinxsearch-2.2.11/src/sphinx.cpp:29022:74: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void Error ( const char * sTemplate, ... ) __attribute__ ( ( format ( printf, 2, 3 ) ) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:29023:96: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. const char * DecorateMessage ( const char * sTemplate, ... ) const __attribute__ ( ( format ( printf, 2, 3 ) ) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:29239:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf ( szBufStart, iLeft, sTemplate, ap ); data/sphinxsearch-2.2.11/src/sphinx.cpp:30732:96: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. const char * DecorateMessage ( const char * sTemplate, ... ) const __attribute__ ( ( format ( printf, 2, 3 ) ) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:31005:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf ( m_dError.Begin(), m_dError.GetLength(), sTemplate, ap ); data/sphinxsearch-2.2.11/src/sphinxaot.cpp:964:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ( (char*)pWord, (char*)sBuf ); // NOLINT data/sphinxsearch-2.2.11/src/sphinxaot.cpp:1023:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ( (char*)pWord, (char*)sBuf ); // NOLINT data/sphinxsearch-2.2.11/src/sphinxaot.cpp:1092:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ( (char*)pWord, (char*)sBuf ); // NOLINT data/sphinxsearch-2.2.11/src/sphinxexpr.cpp:2901:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ( INT64_FMT, tNode.m_iConst ); data/sphinxsearch-2.2.11/src/sphinxexpr.cpp:2916:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ( ( tNode.m_iToken<256 ) ? " %c " : " op-%d ", tNode.m_iToken ); data/sphinxsearch-2.2.11/src/sphinxjson.cpp:502:6: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ( INT64_FMT"%s", sphJsonLoadBigint ( &p ), i<iLen-1 ? "," : "]\n" ); data/sphinxsearch-2.2.11/src/sphinxjson.cpp:889:15: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int iLen = snprintf ( (char *)dOut.Begin()+iOff, 32, INT64_FMT, sphJsonLoadBigint ( &p ) ); // NOLINT data/sphinxsearch-2.2.11/src/sphinxjson.cpp:936:36: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. case JSON_INT64_VECTOR: iLen = snprintf ( b, 32, INT64_FMT, sphJsonLoadBigint ( &p ) ); break; // NOLINT data/sphinxsearch-2.2.11/src/sphinxmetaphone.cpp:111:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat ( (char*)pPrimary, szAddPrimary ); // NOLINT data/sphinxsearch-2.2.11/src/sphinxmetaphone.cpp:112:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat ( (char*)pSecondary, szAddSecondary ); // NOLINT data/sphinxsearch-2.2.11/src/sphinxmetaphone.cpp:659:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ( (char*)pWord, (char*)sPrimary ); // NOLINT data/sphinxsearch-2.2.11/src/sphinxquery.cpp:54:74: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. bool Error ( const char * sTemplate, ... ) __attribute__ ( ( format ( printf, 2, 3 ) ) ); data/sphinxsearch-2.2.11/src/sphinxquery.cpp:55:76: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void Warning ( const char * sTemplate, ... ) __attribute__ ( ( format ( printf, 2, 3 ) ) ); data/sphinxsearch-2.2.11/src/sphinxquery.cpp:446:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf ( sBuf+iPrefix, sizeof(sBuf)-iPrefix, sTemplate, ap ); data/sphinxsearch-2.2.11/src/sphinxquery.cpp:465:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf ( sBuf+iPrefix, sizeof(sBuf)-iPrefix, sTemplate, ap ); data/sphinxsearch-2.2.11/src/sphinxquery.cpp:4308:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ( sHeader ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:4560:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf _args; \ data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:8905:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ( &(dVal[iValLen]), sTmp ); //NOLINT data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:8918:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ( &(dVal[iValLen]), sTmp ); //NOLINT data/sphinxsearch-2.2.11/src/sphinxstd.cpp:127:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ( pTrace, sTrace ); //NOLINT data/sphinxsearch-2.2.11/src/sphinxstd.cpp:698:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf ( sBuf, sizeof(sBuf), sTemplate, ap ); data/sphinxsearch-2.2.11/src/sphinxstd.cpp:717:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf ( sBuf, sizeof(sBuf), sTemplate, ap ); data/sphinxsearch-2.2.11/src/sphinxstd.h:33:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define vsnprintf _vsnprintf data/sphinxsearch-2.2.11/src/sphinxstd.h:123:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/sphinxsearch-2.2.11/src/sphinxstd.h:123:20: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/sphinxsearch-2.2.11/src/sphinxstd.h:285:73: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void sphDie ( const char * sMessage, ... ) __attribute__ ( ( format ( printf, 1, 2 ) ) ); data/sphinxsearch-2.2.11/src/sphinxstd.h:288:80: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void sphDieRestart ( const char * sMessage, ... ) __attribute__ ( ( format ( printf, 1, 2 ) ) ); data/sphinxsearch-2.2.11/src/sphinxstd.h:1719:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ( m_sValue, sString ); // NOLINT data/sphinxsearch-2.2.11/src/sphinxstd.h:1750:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ( m_sValue, rhs.m_sValue ); // NOLINT data/sphinxsearch-2.2.11/src/sphinxstd.h:1799:91: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. const CSphString & SetSprintf ( const char * sTemplate, ... ) __attribute__ ( ( format ( printf, 2, 3 ) ) ) data/sphinxsearch-2.2.11/src/sphinxstd.h:1805:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf ( sBuf, sizeof(sBuf), sTemplate, ap ); data/sphinxsearch-2.2.11/src/sphinxstd.h:1815:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf ( sBuf, sizeof(sBuf), sTemplate, ap ); data/sphinxsearch-2.2.11/src/sphinxstd.h:1970:89: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. CSphStringBuilder & Appendf ( const char * sTemplate, ... ) __attribute__ ( ( format ( printf, 2, 3 ) ) ) data/sphinxsearch-2.2.11/src/sphinxstd.h:1982:19: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int iPrinted = vsnprintf ( m_sBuffer+m_iUsed, iLeft, sTemplate, ap ); data/sphinxsearch-2.2.11/src/sphinxstd.h:2288:63: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void sphWarn ( const char *, ... ) __attribute__ ( ( format ( printf, 1, 2 ) ) ); data/sphinxsearch-2.2.11/src/sphinxstemcz.cpp:134:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat ( (char*)word, (char*)Rule.m_szAppend ); // NOLINT strcat data/sphinxsearch-2.2.11/src/sphinxutils.cpp:877:4: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl ( pBuffer, pBuffer, pArgs, szFilename, (char*)NULL ); data/sphinxsearch-2.2.11/src/sphinxutils.cpp:879:4: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl ( pBuffer, pBuffer, szFilename, (char*)NULL ); data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1026:32: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define LOC_ERROR2(_msg,_a) { snprintf ( m_sError, sizeof(m_sError), _msg, _a ); break; } data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1027:35: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define LOC_ERROR3(_msg,_a,_b) { snprintf ( m_sError, sizeof(m_sError), _msg, _a, _b ); break; } data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1028:38: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define LOC_ERROR4(_msg,_a,_b,_c) { snprintf ( m_sError, sizeof(m_sError), _msg, _a, _b, _c ); break; } data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1565:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf ( buf_all, "lemmatize_%s_all", AOT_LANGUAGES[j] ); //NOLINT data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1751:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf ( stdout, sFmt, ap ); data/sphinxsearch-2.2.11/src/sphinxutils.cpp:2240:3: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execvp ( g_pArgv[0], const_cast<char **> ( g_pArgv ) ); // using execvp instead execv to auto find addr2line in directories data/sphinxsearch-2.2.11/src/sphinxutils.h:184:66: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void sphWarning ( const char * sFmt, ... ) __attribute__((format(printf,1,2))); //NOLINT data/sphinxsearch-2.2.11/src/sphinxutils.h:185:63: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void sphInfo ( const char * sFmt, ... ) __attribute__((format(printf,1,2))); //NOLINT data/sphinxsearch-2.2.11/src/sphinxutils.h:186:67: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void sphLogFatal ( const char * sFmt, ... ) __attribute__((format(printf,1,2))); //NOLINT data/sphinxsearch-2.2.11/src/sphinxutils.h:187:67: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void sphLogDebug ( const char * sFmt, ... ) __attribute__((format(printf,1,2))); //NOLINT data/sphinxsearch-2.2.11/src/sphinxutils.h:188:68: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void sphLogDebugv ( const char * sFmt, ... ) __attribute__((format(printf,1,2))); //NOLINT data/sphinxsearch-2.2.11/src/sphinxutils.h:189:69: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void sphLogDebugvv ( const char * sFmt, ... ) __attribute__((format(printf,1,2))); //NOLINT data/sphinxsearch-2.2.11/src/tests.cpp:3714:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ( INT64_FMT" us sphere\n", sphMicroTimer()-tm ); data/sphinxsearch-2.2.11/src/tests.cpp:3720:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ( INT64_FMT" us flat\n", sphMicroTimer()-tm ); data/sphinxsearch-2.2.11/src/tests.cpp:3726:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ( INT64_FMT" us adaptive\n", sphMicroTimer()-tm ); data/sphinxsearch-2.2.11/src/udfexample.c:27:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/sphinxsearch-2.2.11/src/udfexample.c:27:18: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/sphinxsearch-2.2.11/src/yysphinxexpr.c:828:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/sphinxsearch-2.2.11/src/yysphinxjson.c:585:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/sphinxsearch-2.2.11/src/yysphinxql.c:2171:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/sphinxsearch-2.2.11/src/yysphinxquery.c:657:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/sphinxsearch-2.2.11/src/yysphinxselect.c:851:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/sphinxsearch-2.2.11/src/sphinxplugin.cpp:124:9: [3] (misc) LoadLibraryEx: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. return LoadLibraryEx ( libname, NULL, 0 ); data/sphinxsearch-2.2.11/src/tests.cpp:1611:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand ( 0 ); data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:135:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char local_error_buf[256]; ///< buffer to store 'local' error messages (eg. connect() error) data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:187:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * reqs [ MAX_REQS ]; data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:421:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( entry, ptr, len ); data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:1395:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char sBuf [ 256 ]; data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:1534:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( &sa.sin_addr, hp->h_addr_list[0], hp->h_length ); data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:1592:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( uaddr.sun_path, client->host, len + 1 ); data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:1772:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( &v, *cur, sizeof(unsigned short) ); data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:1781:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( &v, *cur, sizeof(unsigned int) ); data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:1824:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header_buf[32], *cur, *response; data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:1916:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16], *pbuf; data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:1980:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char req_header[32], *req, *p, *pmax; data/sphinxsearch-2.2.11/api/libsphinxclient/test.c:61:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * field_names[2]; data/sphinxsearch-2.2.11/api/libsphinxclient/test.c:236:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( docs[0], words, sizeof(words)-1 ); data/sphinxsearch-2.2.11/api/libsphinxclient/test.c:240:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( doc, filler, sizeof(filler)-1 ); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:403:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_sLastMessage[1024]; data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:437:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_sQuery[MAX_QUERY_LEN]; data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:580:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * m_sIndexWeight[SPHINXSE_MAX_FILTERS]; ///< points to query buffer; do NOT delete data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:583:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * m_sFieldWeight[SPHINXSE_MAX_FILTERS]; ///< points to query buffer; do NOT delete data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:611:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_sParseError[256]; data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:831:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[IO_SIZE]; data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:833:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[IO_SIZE]; data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:949:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sRes, sSrc, iLen ); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1026:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. share->m_sTableField = new char * [ share->m_iTableFields ]; data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1097:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). iPort = atoi(sPort); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1131:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). iPort = atoi(sPort); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1312:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_sQueryBuffer, sQuery, iLength ); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1454:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int iValue = atoi ( sValue ); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1682:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pWeights[*pCount] = atoi(sVal); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1866:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_pCur, pBytes, iBytes ); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2098:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int ha_sphinx::open ( const char * name, int, uint ) data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2154:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( &sin.sin_addr, &ip_addr, sizeof(ip_addr) ); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2171:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff2 [ GETHOSTBYNAME_BUFF_SIZE ]; data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2182:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sError[256]; data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2213:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sError[512]; data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2246:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sError[512]; data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2324:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sQueryBuf[1024]; data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2325:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sValueBuf[1024]; data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2432:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sQueryBuf[1024]; data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2440:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sValue[32]; data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2532:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sRes, m_pCur, iLen ); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2571:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sError[1024]; data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2580:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. m_dFields = new char * [ m_iFields ]; data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2842:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sError[256]; data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2925:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sHeader[8]; data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:3132:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf[1024]; // FIXME! magic size data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:3395:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sError[256]; data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:3634:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sBuffer, sConvert.c_ptr(), sConvert.length() + 1 ); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.h:84:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int open ( const char * name, int mode, uint test_if_locked ); data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:106:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sRes, sSrc, iLen ); data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:113:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sError[256]; data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:234:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_pCurrent, pBytes, iBytes ); data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:339:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_iPort = atoi(sPort); data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:384:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( &sin.sin_addr, &ip_addr, sizeof(ip_addr) ); data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:401:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff2 [ GETHOSTBYNAME_BUFF_SIZE ]; data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:412:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sError[256]; data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:481:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sError[1024]; data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:521:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sHeader[8]; data/sphinxsearch-2.2.11/src/indexer.cpp:62:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * g_dExt[EXT_COUNT] = { "sph", "spa", "spi", "spd", "spp", "spm", "spk", "sps", "spe" }; data/sphinxsearch-2.2.11/src/indexer.cpp:65:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char g_sMinidump[256]; data/sphinxsearch-2.2.11/src/indexer.cpp:243:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen ( sOutput, "w+" ); data/sphinxsearch-2.2.11/src/indexer.cpp:1381:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sFrom [ SPH_MAX_FILENAME_LEN ]; data/sphinxsearch-2.2.11/src/indexer.cpp:1382:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sTo [ SPH_MAX_FILENAME_LEN ]; data/sphinxsearch-2.2.11/src/indexer.cpp:1548:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen ( hSearchd["pid_file"].cstr(), "r" ); data/sphinxsearch-2.2.11/src/indexer.cpp:1562:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPipeName[64]; data/sphinxsearch-2.2.11/src/indexer.cpp:1664:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_iTopStops = atoi ( argv[i+2] ); data/sphinxsearch-2.2.11/src/indexer.cpp:1895:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fpDumpRows = fopen ( sDumpRows.cstr(), "wb+" ); data/sphinxsearch-2.2.11/src/indextool.cpp:41:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuffer[1024]; data/sphinxsearch-2.2.11/src/indextool.cpp:48:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( &dBuffer[iPos], sBuffer, iLen ); data/sphinxsearch-2.2.11/src/indextool.cpp:62:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuffer[READ_BUFFER_SIZE]; data/sphinxsearch-2.2.11/src/indextool.cpp:71:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( &dInBuffer[iPos], sBuffer, iLen ); data/sphinxsearch-2.2.11/src/indextool.cpp:91:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( &dOutBuffer[iPos], sToken, iLen+1 ); data/sphinxsearch-2.2.11/src/indextool.cpp:212:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int iFD = ::open ( sHeader.cstr(), SPH_O_BINARY | O_RDWR, 0644 ); data/sphinxsearch-2.2.11/src/indextool.cpp:368:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef char StringBuffer_t [ 3*SPH_MAX_WORD_LEN+16+128 ]; // { dict-keyowrd, 32bit number, 32bit number, 64bit number } data/sphinxsearch-2.2.11/src/indextool.cpp:425:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int iDocuments = atoi ( p1+1 ); data/sphinxsearch-2.2.11/src/indextool.cpp:438:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). iTotalDocuments += atoi ( sBuffer+strlen(sSearch) ); data/sphinxsearch-2.2.11/src/indextool.cpp:702:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * sTypes[iNumTypes] = { "rt_attr_uint", "rt_attr_bigint", "rt_attr_float", "rt_attr_timestamp", "rt_attr_string" }; data/sphinxsearch-2.2.11/src/indextool.cpp:1254:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen ( sFoldFile.cstr(), "rb" ); data/sphinxsearch-2.2.11/src/searchd.cpp:179:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * g_dProtoNames[PROTO_TOTAL] = data/sphinxsearch-2.2.11/src/searchd.cpp:278:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char g_sLogFilter[SPH_MAX_FILENAME_LEN] = "\0"; data/sphinxsearch-2.2.11/src/searchd.cpp:427:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * g_dThdStates[THD_STATE_TOTAL] = { data/sphinxsearch-2.2.11/src/searchd.cpp:511:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char g_sMysqlHandshake[128]; data/sphinxsearch-2.2.11/src/searchd.cpp:707:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * g_dApiCommands[SEARCHD_COMMAND_TOTAL] = data/sphinxsearch-2.2.11/src/searchd.cpp:778:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * m_sNames[eMaxStat]; data/sphinxsearch-2.2.11/src/searchd.cpp:1424:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * sWeekday[7] = { "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat" }; data/sphinxsearch-2.2.11/src/searchd.cpp:1425:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * sMonth[12] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" }; data/sphinxsearch-2.2.11/src/searchd.cpp:1525:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sTimeBuf[128]; data/sphinxsearch-2.2.11/src/searchd.cpp:1534:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf [ 1024 ]; data/sphinxsearch-2.2.11/src/searchd.cpp:1576:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sLast[256]; data/sphinxsearch-2.2.11/src/searchd.cpp:1804:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fdStopwait = ::open ( sPipeName.cstr(), O_WRONLY | O_NONBLOCK ); data/sphinxsearch-2.2.11/src/searchd.cpp:2072:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char g_sCrashInfo [SPH_TIME_PID_MAX_SIZE] = "[][]\n"; data/sphinxsearch-2.2.11/src/searchd.cpp:2076:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char g_sMinidump[SPH_TIME_PID_MAX_SIZE] = ""; data/sphinxsearch-2.2.11/src/searchd.cpp:2235:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sTimeBuf[SPH_TIME_PID_MAX_SIZE]; data/sphinxsearch-2.2.11/src/searchd.cpp:2366:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char sBuf [ 256 ]; data/sphinxsearch-2.2.11/src/searchd.cpp:2434:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( &uAddr, ppAddrs[0], sizeof(DWORD) ); data/sphinxsearch-2.2.11/src/searchd.cpp:2438:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf [ SPH_ADDRESS_SIZE ]; data/sphinxsearch-2.2.11/src/searchd.cpp:2460:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( uaddr.sun_path, sPath, len + 1 ); data/sphinxsearch-2.2.11/src/searchd.cpp:2484:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sAddress[SPH_ADDRESS_SIZE]; data/sphinxsearch-2.2.11/src/searchd.cpp:2624:11: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). iPort = atol(sPart); data/sphinxsearch-2.2.11/src/searchd.cpp:2663:18: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tRes.m_iPort = atol ( sParts[1].cstr() ); data/sphinxsearch-2.2.11/src/searchd.cpp:3226:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_pBufferPtr, pMy, iLen ); data/sphinxsearch-2.2.11/src/searchd.cpp:3359:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pNew, m_pBuffer, iOldBufferSize ); data/sphinxsearch-2.2.11/src/searchd.cpp:3460:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pBuf, m_pCur, iLen ); data/sphinxsearch-2.2.11/src/searchd.cpp:3568:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pNew, m_pCur, iCur ); data/sphinxsearch-2.2.11/src/searchd.cpp:3601:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dBuf [ 2048 ]; data/sphinxsearch-2.2.11/src/searchd.cpp:3945:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( dWeights.Begin(), m_pWeights, sizeof(dWeights[0]) * dWeights.GetLength() ); data/sphinxsearch-2.2.11/src/searchd.cpp:3951:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_pWeights, dWeights.Begin(), sizeof(dWeights[0]) * dWeights.GetLength() ); data/sphinxsearch-2.2.11/src/searchd.cpp:4068:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( dWeights.Begin(), m_pWeights, sizeof(dWeights[0]) * dWeights.GetLength() ); data/sphinxsearch-2.2.11/src/searchd.cpp:4074:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_pWeights, dWeights.Begin (), sizeof ( dWeights[0] ) * dWeights.GetLength () ); data/sphinxsearch-2.2.11/src/searchd.cpp:6652:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sSetError[MAX_ERROR_SET_BUFFER]; data/sphinxsearch-2.2.11/src/searchd.cpp:6779:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf[256]; data/sphinxsearch-2.2.11/src/searchd.cpp:6912:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sTimeBuf [ SPH_TIME_PID_MAX_SIZE ]; data/sphinxsearch-2.2.11/src/searchd.cpp:7023:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sTimeBuf[SPH_TIME_PID_MAX_SIZE]; data/sphinxsearch-2.2.11/src/searchd.cpp:7043:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * sModes [ SPH_MATCH_TOTAL ] = { "all", "any", "phr", "bool", "ext", "scan", "ext2" }; data/sphinxsearch-2.2.11/src/searchd.cpp:7044:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * sSort [ SPH_SORT_TOTAL ] = { "rel", "attr-", "attr+", "tsegs", "ext", "expr" }; data/sphinxsearch-2.2.11/src/searchd.cpp:7225:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * sOps[2][2] = { { "<", "<=" }, { ">=", ">" } }; data/sphinxsearch-2.2.11/src/searchd.cpp:7231:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * sOps[2][2] = { { ">", ">=" }, { "<", "<=" } }; data/sphinxsearch-2.2.11/src/searchd.cpp:7246:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * sOps[2][2] = { { "<", "<=" }, { ">=", ">" } }; data/sphinxsearch-2.2.11/src/searchd.cpp:7252:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * sOps[2][2] = { { ">", ">=" }, { "<", "<=" } }; data/sphinxsearch-2.2.11/src/searchd.cpp:7445:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sTimeBuf[SPH_TIME_PID_MAX_SIZE]; data/sphinxsearch-2.2.11/src/searchd.cpp:7614:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sTimeBuf[SPH_TIME_PID_MAX_SIZE]; data/sphinxsearch-2.2.11/src/searchd.cpp:9269:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf[64]; data/sphinxsearch-2.2.11/src/searchd.cpp:9272:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sBuf, sStr, iLen ); data/sphinxsearch-2.2.11/src/searchd.cpp:9275:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi ( sBuf ); data/sphinxsearch-2.2.11/src/searchd.cpp:10646:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( dQuery.Begin()+iOff, tQuery.m_sQuery.cstr(), iLen ); data/sphinxsearch-2.2.11/src/searchd.cpp:11571:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_iOffset = atoi ( dArgs[1].cstr() ); data/sphinxsearch-2.2.11/src/searchd.cpp:11572:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_iLimit = atoi ( dArgs[2].cstr() ); data/sphinxsearch-2.2.11/src/searchd.cpp:13610:36: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. iRespLen += 4 + strlen ( (const char *)dQueries[i].m_dRes.Begin() ); data/sphinxsearch-2.2.11/src/searchd.cpp:13620:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. tOut.SendString ( (const char *)dQueries[i].m_dRes.Begin() ); data/sphinxsearch-2.2.11/src/searchd.cpp:15060:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sVarLen[20] = {0}; // max 18 for packed number, +1 more just for fun data/sphinxsearch-2.2.11/src/searchd.cpp:15112:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pBuf, m_pBuf ? m_pBuf : m_dBuf, m_iLen ); data/sphinxsearch-2.2.11/src/searchd.cpp:15166:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pStr, sMsg, iLen ); data/sphinxsearch-2.2.11/src/searchd.cpp:15211:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf[1024]; data/sphinxsearch-2.2.11/src/searchd.cpp:15278:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sTmp[SPH_MAX_NUMERIC_STR]; data/sphinxsearch-2.2.11/src/searchd.cpp:15284:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_dBuf[4096]; data/sphinxsearch-2.2.11/src/searchd.cpp:15801:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. dResults[i] = (const char *)dQueries[i].m_dRes.Begin(); data/sphinxsearch-2.2.11/src/searchd.cpp:15885:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf[16]; data/sphinxsearch-2.2.11/src/searchd.cpp:15978:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sTmp[SPH_MAX_WORD_LEN]; data/sphinxsearch-2.2.11/src/searchd.cpp:17043:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pOutStr, pStr, iLen ); data/sphinxsearch-2.2.11/src/searchd.cpp:17068:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pOutStr, pString, iLen ); data/sphinxsearch-2.2.11/src/searchd.cpp:17094:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pOutStr, pStr, iLen ); data/sphinxsearch-2.2.11/src/searchd.cpp:17124:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pOutStr, dTmp.Begin(), iLen ); data/sphinxsearch-2.2.11/src/searchd.cpp:17662:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( g_sLogFilter, tStmt.m_sSetValue.cstr(), iLen ); data/sphinxsearch-2.2.11/src/searchd.cpp:18197:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * dStates [ SPH_QSTATE_TOTAL ] = { SPH_QUERY_STATES }; data/sphinxsearch-2.2.11/src/searchd.cpp:18217:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sTime[32]; data/sphinxsearch-2.2.11/src/searchd.cpp:18286:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sFileName[SPH_MAX_FILENAME_LEN]; data/sphinxsearch-2.2.11/src/searchd.cpp:19121:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sFrom [ SPH_MAX_FILENAME_LEN ]; data/sphinxsearch-2.2.11/src/searchd.cpp:19122:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sTo [ SPH_MAX_FILENAME_LEN ]; data/sphinxsearch-2.2.11/src/searchd.cpp:19155:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sFile [ SPH_MAX_FILENAME_LEN ]; data/sphinxsearch-2.2.11/src/searchd.cpp:19170:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sHeaderName [ SPH_MAX_FILENAME_LEN ]; data/sphinxsearch-2.2.11/src/searchd.cpp:19187:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sFile [ SPH_MAX_FILENAME_LEN ]; data/sphinxsearch-2.2.11/src/searchd.cpp:19247:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf [ SPH_MAX_FILENAME_LEN ]; data/sphinxsearch-2.2.11/src/searchd.cpp:19633:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sNewPath[SPH_MAX_FILENAME_LEN]; data/sphinxsearch-2.2.11/src/searchd.cpp:19696:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sOld [ SPH_MAX_FILENAME_LEN ]; data/sphinxsearch-2.2.11/src/searchd.cpp:19698:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sCurTest [ SPH_MAX_FILENAME_LEN ]; data/sphinxsearch-2.2.11/src/searchd.cpp:19844:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sNewPath [ SPH_MAX_FILENAME_LEN ]; data/sphinxsearch-2.2.11/src/searchd.cpp:19942:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dBuf[512]; data/sphinxsearch-2.2.11/src/searchd.cpp:20318:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sOld [ SPH_MAX_FILENAME_LEN ]; data/sphinxsearch-2.2.11/src/searchd.cpp:20320:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sCurTest [ SPH_MAX_FILENAME_LEN ]; data/sphinxsearch-2.2.11/src/searchd.cpp:20697:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pCurrent->m_iPort = atoi ( pAnchor ); data/sphinxsearch-2.2.11/src/searchd.cpp:20798:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tDesc.m_bBlackhole = ( atoi ( sOptValue )!=0 ); data/sphinxsearch-2.2.11/src/searchd.cpp:21264:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf [ 8192 ]; data/sphinxsearch-2.2.11/src/searchd.cpp:21267:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen ( g_sConfigFile.cstr (), "rb" ); data/sphinxsearch-2.2.11/src/searchd.cpp:21283:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sError [ 1024 ]; data/sphinxsearch-2.2.11/src/searchd.cpp:21679:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int iFD = ::open ( g_sLogFile.cstr(), O_CREAT | O_RDWR | O_APPEND, S_IREAD | S_IWRITE ); data/sphinxsearch-2.2.11/src/searchd.cpp:21695:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int iFD = ::open ( g_sQueryLogFile.cstr(), O_CREAT | O_RDWR | O_APPEND, S_IREAD | S_IWRITE ); data/sphinxsearch-2.2.11/src/searchd.cpp:21856:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char sBuf[1024]; data/sphinxsearch-2.2.11/src/searchd.cpp:21902:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sBuf, sArg, iToCopy ); data/sphinxsearch-2.2.11/src/searchd.cpp:21942:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szBinary[MAX_PATH]; data/sphinxsearch-2.2.11/src/searchd.cpp:21946:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPath[MAX_PATH]; data/sphinxsearch-2.2.11/src/searchd.cpp:22362:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf [ SPH_ADDRESS_SIZE ]; data/sphinxsearch-2.2.11/src/searchd.cpp:22363:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sListen [ 256 ]; data/sphinxsearch-2.2.11/src/searchd.cpp:22392:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( uaddr.sun_path, tDesc.m_sUnix.cstr(), len+1 ); data/sphinxsearch-2.2.11/src/searchd.cpp:22662:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sClientIP[SPH_ADDRPORT_SIZE]; data/sphinxsearch-2.2.11/src/searchd.cpp:22761:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sClientName[SPH_ADDRPORT_SIZE]; data/sphinxsearch-2.2.11/src/searchd.cpp:22877:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int iValue = atoi ( sValue.cstr() ); data/sphinxsearch-2.2.11/src/searchd.cpp:23045:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( p, sHandshake1, sizeof(sHandshake1)-1 ); data/sphinxsearch-2.2.11/src/searchd.cpp:23046:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( p+sizeof(sHandshake1)-1, sVersion, iLen+1 ); data/sphinxsearch-2.2.11/src/searchd.cpp:23047:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( p+sizeof(sHandshake1)+iLen, sHandshake2, sizeof(sHandshake2)-1 ); data/sphinxsearch-2.2.11/src/searchd.cpp:23165:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). g_iLogFile = open ( sLog, O_CREAT | O_RDWR | O_APPEND, S_IREAD | S_IWRITE ); data/sphinxsearch-2.2.11/src/searchd.cpp:23204:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPipeName[64]; data/sphinxsearch-2.2.11/src/searchd.cpp:23286:57: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). OPT ( "-p", "--port" ) { bOptPort = true; iOptPort = atoi ( argv[++i] ); } data/sphinxsearch-2.2.11/src/searchd.cpp:23390:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen ( sPid, "r" ); data/sphinxsearch-2.2.11/src/searchd.cpp:23394:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf[16]; data/sphinxsearch-2.2.11/src/searchd.cpp:23399:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int iPid = atoi(sBuf); data/sphinxsearch-2.2.11/src/searchd.cpp:23408:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPipeName[64]; data/sphinxsearch-2.2.11/src/searchd.cpp:23461:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fdPipe = ::open ( sPipeName.cstr(), O_RDONLY | O_NONBLOCK ); data/sphinxsearch-2.2.11/src/searchd.cpp:23575:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int iDevNull = open ( "/dev/null", O_RDWR ); data/sphinxsearch-2.2.11/src/searchd.cpp:23592:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). g_iPidFD = ::open ( g_sPidFile.scstr(), O_CREAT | O_WRONLY, S_IREAD | S_IWRITE ); data/sphinxsearch-2.2.11/src/searchd.cpp:23630:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). g_iQueryLogFile = open ( hSearchd["query_log"].cstr(), O_CREAT | O_RDWR | O_APPEND, S_IREAD | S_IWRITE ); data/sphinxsearch-2.2.11/src/searchd.cpp:23820:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sPid[16]; data/sphinxsearch-2.2.11/src/spelldump.cpp:32:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szBuf[3]; data/sphinxsearch-2.2.11/src/spelldump.cpp:33:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( szBuf, szSet+2, 2 ); data/sphinxsearch-2.2.11/src/spelldump.cpp:141:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * pFile = fopen ( szFilename, "rt" ); data/sphinxsearch-2.2.11/src/spelldump.cpp:145:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szWordBuffer [MAX_STR_LENGTH]; data/sphinxsearch-2.2.11/src/spelldump.cpp:327:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char szTmp [ MAX_STR_LENGTH]; data/sphinxsearch-2.2.11/src/spelldump.cpp:386:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char szTmp [MAX_STR_LENGTH]; data/sphinxsearch-2.2.11/src/spelldump.cpp:450:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_dCharset [256]; data/sphinxsearch-2.2.11/src/spelldump.cpp:484:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuffer [MAX_STR_LENGTH]; data/sphinxsearch-2.2.11/src/spelldump.cpp:517:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * pFile = fopen ( szFilename, "rt" ); data/sphinxsearch-2.2.11/src/spelldump.cpp:556:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szBuffer [ MAX_STR_LENGTH ]; data/sphinxsearch-2.2.11/src/spelldump.cpp:557:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szCondition [ MAX_STR_LENGTH ]; data/sphinxsearch-2.2.11/src/spelldump.cpp:558:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szStrip [ MAX_STR_LENGTH ]; data/sphinxsearch-2.2.11/src/spelldump.cpp:559:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szAppend [ MAX_STR_LENGTH ]; data/sphinxsearch-2.2.11/src/spelldump.cpp:681:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuffer [MAX_STR_LENGTH]; data/sphinxsearch-2.2.11/src/spelldump.cpp:682:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sCondition [MAX_STR_LENGTH]; data/sphinxsearch-2.2.11/src/spelldump.cpp:683:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sRemove [MAX_STR_LENGTH]; data/sphinxsearch-2.2.11/src/spelldump.cpp:684:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sAppend [MAX_STR_LENGTH]; data/sphinxsearch-2.2.11/src/spelldump.cpp:886:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * pFile = fopen ( m_sCharsetFile.cstr (), "rt" ); data/sphinxsearch-2.2.11/src/spelldump.cpp:892:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szBuffer [MAX_CHARSET_LENGTH]; data/sphinxsearch-2.2.11/src/spelldump.cpp:922:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dLocaleC[256], dLocaleUser[256]; data/sphinxsearch-2.2.11/src/spelldump.cpp:966:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_sRules[3]; data/sphinxsearch-2.2.11/src/spelldump.cpp:1069:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * pFile = fopen ( sResult.cstr (), "wt" ); data/sphinxsearch-2.2.11/src/sphinx.cpp:417:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_iFD = ::open ( sName.cstr(), iMode, 0644 ); data/sphinxsearch-2.2.11/src/sphinx.cpp:419:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_iFD = ::open ( sName.cstr(), iMode, 0644 ); data/sphinxsearch-2.2.11/src/sphinx.cpp:1848:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sExp[32]; data/sphinxsearch-2.2.11/src/sphinx.cpp:1996:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int iFD = ::open ( sPath, O_RDONLY ); data/sphinxsearch-2.2.11/src/sphinx.cpp:2012:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int iFD = ::open ( sFile, SPH_O_READ, 0644 ); data/sphinxsearch-2.2.11/src/sphinx.cpp:2321:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( d.AddN ( dMappings.GetLength() ), dMappings.Begin(), dMappings.GetLength() ); data/sphinxsearch-2.2.11/src/sphinx.cpp:2385:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( dMappings.AddN ( iLen+1 ), pNode->m_sTo.cstr(), iLen+1 ); data/sphinxsearch-2.2.11/src/sphinx.cpp:2734:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( &m_dWords [ iPos+1 ], dWords[i].cstr(), iLen ); data/sphinxsearch-2.2.11/src/sphinx.cpp:2829:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_sBuf, pFirst, m_iFirst+1 ); data/sphinxsearch-2.2.11/src/sphinx.cpp:3083:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pCurDocPtr, pToken, iTokenLen ); data/sphinxsearch-2.2.11/src/sphinx.cpp:3118:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_dLargeBuffer.Begin(), szBuffer, iBufferLength ); data/sphinxsearch-2.2.11/src/sphinx.cpp:3574:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_dBuffer.Begin(), pBufPtr, iBufSize ); data/sphinxsearch-2.2.11/src/sphinx.cpp:3845:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_pData, pLC->m_pData, sizeof(int)*m_iChunks*CHUNK_SIZE ); // NOLINT sizeof(int) data/sphinxsearch-2.2.11/src/sphinx.cpp:3908:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_pChunk[i], pOldChunk, sizeof(int)*CHUNK_SIZE ); // NOLINT sizeof(int) data/sphinxsearch-2.2.11/src/sphinx.cpp:3997:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_sError [ 1024 ]; data/sphinxsearch-2.2.11/src/sphinx.cpp:4037:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sErrorBuffer[32]; data/sphinxsearch-2.2.11/src/sphinx.cpp:4867:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sErrBuf[SPH_UDF_ERROR_LEN+1]; data/sphinxsearch-2.2.11/src/sphinx.cpp:4876:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sErrBuf[SPH_UDF_ERROR_LEN+1]; data/sphinxsearch-2.2.11/src/sphinx.cpp:5154:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sDst, sSrc, iLen ); data/sphinxsearch-2.2.11/src/sphinx.cpp:5171:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sDst, sSrc, iLen ); data/sphinxsearch-2.2.11/src/sphinx.cpp:5314:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuffer[1024]; data/sphinxsearch-2.2.11/src/sphinx.cpp:6502:52: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. pWordforms = m_pMultiWordforms->m_Hash ( (const char *)m_dStoredTokens[m_iStart+1].m_sToken ); data/sphinxsearch-2.2.11/src/sphinx.cpp:6518:51: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. pWordforms = m_pMultiWordforms->m_Hash ( (const char *)m_dStoredTokens[m_iStart].m_sToken ); data/sphinxsearch-2.2.11/src/sphinx.cpp:7046:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szNumber[256]; data/sphinxsearch-2.2.11/src/sphinx.cpp:7228:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pCopy, pData, uDataSize ); data/sphinxsearch-2.2.11/src/sphinx.cpp:7733:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_iFD = ::open ( m_sName.cstr(), SPH_O_NEW, 0644 ); data/sphinxsearch-2.2.11/src/sphinx.cpp:7824:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_pPool, pBuf, iPut ); data/sphinxsearch-2.2.11/src/sphinx.cpp:8230:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pOut, m_pBuff+m_iBuffPos, iLen ); data/sphinxsearch-2.2.11/src/sphinx.cpp:8253:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pOut, m_pBuff+m_iBuffPos, iLen ); data/sphinxsearch-2.2.11/src/sphinx.cpp:8269:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pOut, m_pBuff+m_iBuffPos, iSize ); data/sphinxsearch-2.2.11/src/sphinx.cpp:8435:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf[64]; data/sphinxsearch-2.2.11/src/sphinx.cpp:8457:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_iFD = ::open ( sFilename.cstr(), SPH_O_READ, 0644 ); data/sphinxsearch-2.2.11/src/sphinx.cpp:8701:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pDest, m_pCurrent, iBytes ); data/sphinxsearch-2.2.11/src/sphinx.cpp:10619:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( DOCINFO2ATTRS ( pTmpDocinfo ), pAttrs, (iOldStride - DOCINFO_IDSIZE)*sizeof(DWORD) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:11561:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pBuf+1, pKeyword, iLen ); data/sphinxsearch-2.2.11/src/sphinx.cpp:13052:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( DOCINFO2ATTRS ( pDocinfo ), pSource->m_tDocInfo.m_pDynamic, sizeof(CSphRowitem)*m_tSchema.GetRowSize() ); data/sphinxsearch-2.2.11/src/sphinx.cpp:13077:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pHits, pDocHits->First(), iDocHits*sizeof(CSphWordHit) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:13116:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( DOCINFO2ATTRS ( pDocinfo ), pSource->m_tDocInfo.m_pDynamic, sizeof(CSphRowitem)*m_tSchema.GetRowSize() ); data/sphinxsearch-2.2.11/src/sphinx.cpp:13163:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( DOCINFO2ATTRS ( pDocinfo ), pSrc, sizeof(CSphRowitem)*m_tSchema.GetRowSize() ); data/sphinxsearch-2.2.11/src/sphinx.cpp:13229:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pHits, pJoinedHits->First(), iJoinedHits*sizeof(CSphWordHit) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:13495:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( dMvaPool.Begin(), pEntry, iDocinfoStride * sizeof(DWORD) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:13527:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pDocinfo, pEntry, iDocinfoStride*sizeof(DWORD) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:14157:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_sWord[MAX_KEYWORD_BYTES]; data/sphinxsearch-2.2.11/src/sphinx.cpp:14864:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( dRow.Begin(), pDstRow, iStride * sizeof ( CSphRowitem ) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:14889:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( dRow.Begin(), pSrcRow, iStride * sizeof ( CSphRowitem ) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:14961:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( dPhantomKiller.Begin()+iOldLen, dKillList.Begin(), sizeof(SphDocID_t)*iKillLen ); data/sphinxsearch-2.2.11/src/sphinx.cpp:14978:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( dMinRow.Begin(), pDstIndex->m_dMinRow.Begin(), sizeof(CSphRowitem)*dMinRow.GetLength() ); data/sphinxsearch-2.2.11/src/sphinx.cpp:15093:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf [ 16+3*SPH_MAX_WORD_LEN ]; data/sphinxsearch-2.2.11/src/sphinx.cpp:15107:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sBuf, pWord, iLen+1 ); data/sphinxsearch-2.2.11/src/sphinx.cpp:15145:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf [ 16+3*SPH_MAX_WORD_LEN ]; data/sphinxsearch-2.2.11/src/sphinx.cpp:15180:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sBuf, pWord, iLen ); data/sphinxsearch-2.2.11/src/sphinx.cpp:15192:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sBuf, pWord+1, iLen-- ); // chops star, copies trailing zero, updates iLen data/sphinxsearch-2.2.11/src/sphinx.cpp:15196:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sBuf+1, pWord, ++iLen ); // copies everything incl trailing zero, updates iLen data/sphinxsearch-2.2.11/src/sphinx.cpp:15229:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sBuf+1, pWord, iLen ); data/sphinxsearch-2.2.11/src/sphinx.cpp:15237:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sBuf, pWord, iLen ); data/sphinxsearch-2.2.11/src/sphinx.cpp:15377:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_pKillList.GetWritePtr(), pKillist, sizeof(SphDocID_t)*iCount ); data/sphinxsearch-2.2.11/src/sphinx.cpp:16220:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_iLockFD = ::open ( sName.cstr(), SPH_O_NEW, 0644 ); data/sphinxsearch-2.2.11/src/sphinx.cpp:17435:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pTarget + DOCINFO_IDSIZE, pSource + 1, iStride * sizeof(DWORD) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:17552:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sFrom [ SPH_MAX_FILENAME_LEN ]; data/sphinxsearch-2.2.11/src/sphinx.cpp:17553:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sTo [ SPH_MAX_FILENAME_LEN ]; data/sphinxsearch-2.2.11/src/sphinx.cpp:17930:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_all[20]; data/sphinxsearch-2.2.11/src/sphinx.cpp:17994:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. strncpy ( (char *)sTokenized, dKeywords[iTokenized].m_sNormalized.scstr(), sizeof(sTokenized) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:18012:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. strncpy ( (char *)sTmp, dChildren[iChild]->m_dWords[iAotKeyword].m_sWord.scstr(), sizeof(sTmp) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:18014:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. strncpy ( (char *)sTmp2, dKeywords[iTokenized].m_sTokenized.scstr(), sizeof(sTmp2) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:18147:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sWord, tInfo.m_sTokenized.cstr(), iLen ); data/sphinxsearch-2.2.11/src/sphinx.cpp:18657:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sFixed [ MAX_KEYWORD_BYTES ]; data/sphinxsearch-2.2.11/src/sphinx.cpp:18661:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sFixed+1, sPrefix, iPrefix ); data/sphinxsearch-2.2.11/src/sphinx.cpp:18959:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf [ MAX_KEYWORD_BYTES ]; data/sphinxsearch-2.2.11/src/sphinx.cpp:18989:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf [ MAX_KEYWORD_BYTES ]; data/sphinxsearch-2.2.11/src/sphinx.cpp:19626:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sFile [ SPH_MAX_FILENAME_LEN ]; data/sphinxsearch-2.2.11/src/sphinx.cpp:19904:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sWord[MAX_KEYWORD_BYTES], sLastWord[MAX_KEYWORD_BYTES]; data/sphinxsearch-2.2.11/src/sphinx.cpp:20071:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sArenaWord, sWord, iLen ); data/sphinxsearch-2.2.11/src/sphinx.cpp:21238:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * pFile = fopen ( szFilename, "rb" ); data/sphinxsearch-2.2.11/src/sphinx.cpp:21359:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. strcpy ( (char *)pWord, m_dNormalForms[*pIndex].m_sWord.cstr() ); // NOLINT data/sphinxsearch-2.2.11/src/sphinx.cpp:21492:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/sphinxsearch-2.2.11/src/sphinx.cpp:21493:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_all[20]; data/sphinxsearch-2.2.11/src/sphinx.cpp:21939:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen ( sName, "rb" ); data/sphinxsearch-2.2.11/src/sphinx.cpp:22320:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pBuf, dTokens[0].cstr(), dTokens[0].Length()+1 ); data/sphinxsearch-2.2.11/src/sphinx.cpp:22377:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( dNewCharset.Begin(), tSettings.m_sCaseFolding.cstr(), dNewCharset.GetLength() ); data/sphinxsearch-2.2.11/src/sphinx.cpp:22421:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuffer [ 6*SPH_MAX_WORD_LEN + 512 ]; // enough to hold 2 UTF-8 words, plus some whitespace overhead data/sphinxsearch-2.2.11/src/sphinx.cpp:22572:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szBuf [ MAX_KEYWORD_BYTES ]; data/sphinxsearch-2.2.11/src/sphinx.cpp:22654:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pWord, sStemmed, iLen ); data/sphinxsearch-2.2.11/src/sphinx.cpp:23209:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_dBlocksWords.Begin()+iOff, sKey, iAppendBytes ); data/sphinxsearch-2.2.11/src/sphinx.cpp:23420:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_sClippedWord[MAX_KEYWORD_BYTES]; ///< keyword storage for cliiped word data/sphinxsearch-2.2.11/src/sphinx.cpp:23519:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_pKeywordChunk, sWord, iLen ); data/sphinxsearch-2.2.11/src/sphinx.cpp:23537:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_sClippedWord, sWord, MAX_KEYWORD_BYTES-4 ); data/sphinxsearch-2.2.11/src/sphinx.cpp:23850:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sClone, tWord.m_sKeyword, iLen+1 ); data/sphinxsearch-2.2.11/src/sphinx.cpp:24070:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_pKeywordChunk, tEntry.m_sKeyword, iLen ); data/sphinxsearch-2.2.11/src/sphinx.cpp:24240:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pTemp, dChunk[0], ( dChunk[1]-dChunk[0] )*sizeof(CSphWordHit) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:24242:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( dChunk[0] + ( dChunk[2]-dChunk[1] ), pTemp, ( dChunk[1]-dChunk[0] )*sizeof(CSphWordHit) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:24261:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pOut, dChunk[iChunk], iChunkHits*sizeof(CSphWordHit) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:24266:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( dChunk[0], pTemp, ( dChunk.Last()-dChunk[0] )*sizeof(CSphWordHit) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:24407:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_dPackedKeywords.Begin()+iOff+1, pWord, iLen ); data/sphinxsearch-2.2.11/src/sphinx.cpp:24586:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sTag[256], sAttr[256]; data/sphinxsearch-2.2.11/src/sphinx.cpp:26064:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sMinibuffer[8192]; data/sphinxsearch-2.2.11/src/sphinx.cpp:26474:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sBuf + 1, sWord, iBytes ); data/sphinxsearch-2.2.11/src/sphinx.cpp:26509:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sBuf + 1, sWord, iBytes ); data/sphinxsearch-2.2.11/src/sphinx.cpp:26622:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sBuf + 1, sWord, iBytes ); data/sphinxsearch-2.2.11/src/sphinx.cpp:26632:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sBuf + 1, sWord, iBytes ); data/sphinxsearch-2.2.11/src/sphinx.cpp:26814:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szBuf [MAX_NUMBER_LEN]; data/sphinxsearch-2.2.11/src/sphinx.cpp:26934:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf [ 1024 ]; data/sphinxsearch-2.2.11/src/sphinx.cpp:27025:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sValues [ MACRO_COUNT ] [ iBufSize ]; data/sphinxsearch-2.2.11/src/sphinx.cpp:27026:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * pValues [ MACRO_COUNT ]; data/sphinxsearch-2.2.11/src/sphinx.cpp:27091:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dBuf [MAX_BUF_SIZE]; data/sphinxsearch-2.2.11/src/sphinx.cpp:27108:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sValue[32]; data/sphinxsearch-2.2.11/src/sphinx.cpp:28412:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf [ 1024 ]; data/sphinxsearch-2.2.11/src/sphinx.cpp:28604:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf [ 1024 ]; data/sphinxsearch-2.2.11/src/sphinx.cpp:28645:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sPort[64]; data/sphinxsearch-2.2.11/src/sphinx.cpp:29126:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dOut[4]; data/sphinxsearch-2.2.11/src/sphinx.cpp:29232:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char sBuf[1024]; data/sphinxsearch-2.2.11/src/sphinx.cpp:29981:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( dBuf.Begin()+dBuf.GetLength(), m_pFieldBuffer, m_iFieldBufferLen ); data/sphinxsearch-2.2.11/src/sphinx.cpp:30047:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_pFieldBuffer + m_iFieldBufferLen, pCharacters, iLen ); data/sphinxsearch-2.2.11/src/sphinx.cpp:30328:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szColumnName[MAX_NAME_LEN]; data/sphinxsearch-2.2.11/src/sphinx.cpp:30418:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szOutConn [2048]; data/sphinxsearch-2.2.11/src/sphinx.cpp:30641:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf [ 1024 ]; data/sphinxsearch-2.2.11/src/sphinx.cpp:30657:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szState[16] = ""; data/sphinxsearch-2.2.11/src/sphinx.cpp:30658:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szMessageText[1024] = ""; data/sphinxsearch-2.2.11/src/sphinx.cpp:30673:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szDriver[MAX_LEN]; data/sphinxsearch-2.2.11/src/sphinx.cpp:30674:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szDriverAttrs[MAX_LEN]; data/sphinxsearch-2.2.11/src/sphinx.cpp:31489:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char sBuf[256]; data/sphinxsearch-2.2.11/src/sphinx.cpp:31771:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_sWord + iMatch, m_pBuf, iDelta ); data/sphinxsearch-2.2.11/src/sphinx.cpp:31885:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_sBuf.Begin()+iOff, sName, iLen ); data/sphinxsearch-2.2.11/src/sphinx.cpp:31938:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_dWordBuf.Begin() + iOff + 1, tWord.m_sKeyword, iWordLen ); data/sphinxsearch-2.2.11/src/sphinx.cpp:32089:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dInfixBuf[3*SPH_MAX_WORD_LEN+4]; data/sphinxsearch-2.2.11/src/sphinx.cpp:32090:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( dInfixBuf, sInfix, iBytes ); data/sphinxsearch-2.2.11/src/sphinx.cpp:32978:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sInfix[256]; data/sphinxsearch-2.2.11/src/sphinx.cpp:33244:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf [ 3*SPH_MAX_WORD_LEN+4 ]; data/sphinxsearch-2.2.11/src/sphinx.h:1395:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_pDynamic, rhs.m_pDynamic, iDynamic*sizeof(CSphRowitem) ); data/sphinxsearch-2.2.11/src/sphinx.h:2233:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * const MACRO_VALUES [ MACRO_COUNT ]; data/sphinxsearch-2.2.11/src/sphinxaot.cpp:49:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_Prefix[4]; data/sphinxsearch-2.2.11/src/sphinxaot.cpp:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_Flexia[24]; data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:553:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_sTmpWord, sWord, iLen ); data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:594:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( &m_dStarBuffer[iOff], sWord, iLen ); data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:706:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( &dResult[iOutLen], pSrc, iLen ); data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:712:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf[16]; data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:718:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( dResult.Begin()+iOutLen, sBuf, iPassLen ); data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:720:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( dResult.Begin()+iOutLen+iPassLen, pPost, iPostLen ); data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:3417:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( &dResult[iOutLen], sChunkSeparator.cstr(), iSeparatorLen ); data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:3437:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( &dResult[iOutLen], &(dPassageText[dPassageHeads[iBest]]), iLen ); data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:3441:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( &dResult[iOutLen], sChunkSeparator.cstr(), iSeparatorLen ); data/sphinxsearch-2.2.11/src/sphinxexpr.cpp:310:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pData, pEntry->m_pData, uDataLen ); data/sphinxsearch-2.2.11/src/sphinxexpr.cpp:2965:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. tArgs.arg_values = new char * [ tArgs.arg_count ]; data/sphinxsearch-2.2.11/src/sphinxexpr.cpp:6093:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sError [ SPH_UDF_ERROR_LEN ]; data/sphinxsearch-2.2.11/src/sphinxfilter.cpp:561:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_dVal.Begin()+iPacked, sVal, iLen ); data/sphinxsearch-2.2.11/src/sphinxfilter.cpp:565:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_dVal.Begin(), sVal, iLen ); data/sphinxsearch-2.2.11/src/sphinxfilter.cpp:621:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_dVal.Begin() + iOfs + iPacked, sRef.cstr(), iLen ); data/sphinxsearch-2.2.11/src/sphinxfilter.cpp:625:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_dVal.Begin() + iOfs, sRef.cstr(), iLen ); data/sphinxsearch-2.2.11/src/sphinxfilter.cpp:1201:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_dVal.Begin()+iPacked, pRef->cstr(), iLen ); data/sphinxsearch-2.2.11/src/sphinxfilter.cpp:1316:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_dMerged.Begin()+iOff, m_dExt[i].m_pBegin, sizeof ( m_dMerged[0] ) * m_dExt[i].m_iLen ); data/sphinxsearch-2.2.11/src/sphinxint.h:2009:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_sLastKeyword, pWord, iLen ); data/sphinxsearch-2.2.11/src/sphinxint.h:2405:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pPtr, m_pMarkerTokenized, PROXY_MARKER_LEN ); data/sphinxsearch-2.2.11/src/sphinxint.h:2414:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pPtr, pToken, iTokenLen+1 ); data/sphinxsearch-2.2.11/src/sphinxint.h:2444:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szTmp [256]; data/sphinxsearch-2.2.11/src/sphinxint.h:2488:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pCurDocPtr, szTmp, iLen ); data/sphinxsearch-2.2.11/src/sphinxint.h:2501:43: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. m_dFieldLengths[i] = strlen ( (const char *)pFields[i] ); data/sphinxsearch-2.2.11/src/sphinxint.h:2512:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pDoc->m_dFieldStorage[i].Begin(), pFields[i], iFieldLen+1 ); data/sphinxsearch-2.2.11/src/sphinxint.h:2533:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pCurDocPtr, pToken, iTokenLen ); data/sphinxsearch-2.2.11/src/sphinxint.h:2571:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int iDoc = atoi ( (const char*)pToken ); data/sphinxsearch-2.2.11/src/sphinxint.h:2630:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pCurDoc->m_dFieldStorage[iField].Begin()+iStoredLen-1, szTmp, iTmpLen+1 ); data/sphinxsearch-2.2.11/src/sphinxint.h:2709:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( tTo.m_pDynamic, tFrom.m_pDynamic, iDynamic*sizeof(CSphRowitem) ); data/sphinxsearch-2.2.11/src/sphinxjson.cpp:135:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( p, s, iLen ); data/sphinxsearch-2.2.11/src/sphinxjson.cpp:154:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf[8] = { 0 }; data/sphinxsearch-2.2.11/src/sphinxjson.cpp:171:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sBuf, s+2, 4 ); data/sphinxsearch-2.2.11/src/sphinxjson.cpp:1141:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sVal[32]; data/sphinxsearch-2.2.11/src/sphinxjson.cpp:1142:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sVal, s, iLen ); data/sphinxsearch-2.2.11/src/sphinxmetaphone.cpp:597:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sOriginal, pWord, iLength + 1 ); data/sphinxsearch-2.2.11/src/sphinxmetaphone.cpp:610:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat ( (char *) sOriginal, " " ); // NOLINT data/sphinxsearch-2.2.11/src/sphinxplugin.cpp:78:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * g_dPluginTypes[PLUGIN_TOTAL] = { "udf", "ranker", "index_token_filter", "query_token_filter" }; data/sphinxsearch-2.2.11/src/sphinxplugin.cpp:136:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char sError[256]; data/sphinxsearch-2.2.11/src/sphinxplugin.h:151:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char * g_dPluginTypes[PLUGIN_TOTAL]; data/sphinxsearch-2.2.11/src/sphinxquery.cpp:438:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf[256]; data/sphinxsearch-2.2.11/src/sphinxquery.cpp:442:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sBuf, sPrefix, iPrefix ); data/sphinxsearch-2.2.11/src/sphinxquery.cpp:457:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf[256]; data/sphinxsearch-2.2.11/src/sphinxquery.cpp:461:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sBuf, sPrefix, iPrefix ); data/sphinxsearch-2.2.11/src/sphinxquery.cpp:768:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sNumberBuf[NUMBER_BUF_LEN]; data/sphinxsearch-2.2.11/src/sphinxquery.cpp:771:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sNumberBuf, sToken, iNumberLen ); data/sphinxsearch-2.2.11/src/sphinxquery.cpp:776:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_tPendingToken.tInt.iValue = atoi ( sNumberBuf ); data/sphinxsearch-2.2.11/src/sphinxquery.cpp:1731:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szError [ SPH_UDF_ERROR_LEN ]; data/sphinxsearch-2.2.11/src/sphinxrt.cpp:301:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( dKlist.Begin()+iOff, m_dLargeKlist.Begin(), sizeof(m_dLargeKlist[0]) * m_dLargeKlist.GetLength() ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:317:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_dLargeKlist.Begin()+iOff, pDocs, sizeof(m_dLargeKlist[0]) * iCount ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:602:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pOut->Begin()+iOff, pData, iLen ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:741:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_tPackedWord+1+iMatch, pIn, iDelta ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:1781:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( &m_dStrings[iOff], dLen, iLenPacked ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:1782:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( &m_dStrings[iOff+iLenPacked], pStr, iLen ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:1799:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_dMvas.Begin()+iDst, dMvas.Begin()+iMva, (iCount+1)*sizeof(dMvas[0]) ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:2386:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( dDst.Begin() + uOff, pSrc, uWriteLen ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:2405:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( dDst.Begin()+iLen, pSrc, ( uCount+1 )*sizeof(DWORD) ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:3084:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( dSegmentKlist.Begin() + iAdded, pSeg->GetKlist().Begin(), sizeof(dSegmentKlist[0]) * pSeg->GetKlist().GetLength() ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:3089:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pKlist->m_dKilled.Begin(), dSegmentKlist.Begin(), sizeof(dSegmentKlist[0]) * dSegmentKlist.GetLength() ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:3114:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_dNewSegmentKlist.Begin()+iOff, dAccKlist.Begin(), sizeof(SphDocID_t)*iDiskLiveKLen ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:3140:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_dRamChunks.Begin() + m_iDoubleBuffer, dSegments.Begin(), sizeof(dSegments[0]) * dSegments.GetLength() ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:3421:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pFixedRow, pRow, iStride*sizeof(CSphRowitem) ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:3490:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. sphDictCmpStrictly ( (const char *)pWords[i]->m_sWord+1, *pWords[i]->m_sWord, (const char *)pWord->m_sWord+1, *pWord->m_sWord )<0 ) ) data/sphinxsearch-2.2.11/src/sphinxrt.cpp:3509:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. sphDictCmpStrictly ( (const char *)pWords[i]->m_sWord+1, *pWords[i]->m_sWord, (const char *)pWord->m_sWord+1, *pWord->m_sWord )==0 ) ) ) data/sphinxsearch-2.2.11/src/sphinxrt.cpp:3677:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sMinWord[SPH_MAX_KEYWORD_LEN]; data/sphinxsearch-2.2.11/src/sphinxrt.cpp:3683:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sMinWord, pWord->m_sWord+1, iMinWordLen ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:3690:56: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. || ( m_bKeywordDict && sphDictCmpStrictly ( (const char *)pWords[i]->m_sWord+1, pWords[i]->m_sWord[0], sMinWord, iMinWordLen )==0 ) ) ) data/sphinxsearch-2.2.11/src/sphinxrt.cpp:4048:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_iLockFD = ::open ( sLock.cstr(), SPH_O_NEW, 0644 ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:4483:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pSeg->m_pKlist->m_dKilled.Begin(), dLegacy.Begin(), sizeof(pSeg->m_pKlist->m_dKilled[0]) * dLegacy.GetLength() ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:4710:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sWord+1+iMatch, pIn, iDelta ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:4757:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sLastWord, sWord, iWordLen+2 ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:4813:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( (void *)tCP.m_sWord, sWord+1, sWord[0]+1 ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:6079:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_dWordBuf.Begin() + iOff, pWord->m_sWord, iWordLen ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:6470:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_pStorage, STATIC2DOCINFO ( pMatch->m_pStatic ), sizeof(CSphRowitem)*m_iStaticSize ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:6645:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( tGuard.m_dRamChunks.Begin(), m_dRamChunks.Begin(), sizeof(m_dRamChunks[0]) * m_dRamChunks.GetLength() ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:6646:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( tGuard.m_dDiskChunks.Begin(), m_dDiskChunks.Begin(), sizeof(m_dDiskChunks[0]) * m_dDiskChunks.GetLength() ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:7491:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sWord, tInfo.m_sTokenized.cstr(), iLen ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:7837:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pDst, pSrc, sizeof(DWORD)*(uCount+1) ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:7955:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sFrom [ SPH_MAX_FILENAME_LEN ]; data/sphinxsearch-2.2.11/src/sphinxrt.cpp:7956:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sTo [ SPH_MAX_FILENAME_LEN ]; data/sphinxsearch-2.2.11/src/sphinxrt.cpp:8030:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sFileName[SPH_MAX_FILENAME_LEN]; data/sphinxsearch-2.2.11/src/sphinxrt.cpp:8110:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( DOCINFO2ATTRS ( pNewDocinfo ), pAttrs, m_tSchema.GetRowSize()*sizeof(CSphRowitem) ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:8219:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pCombined+iCount, pIndex->GetKillList(), sizeof(SphDocID_t) * pIndex->GetKillListSize() ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:8435:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( dKlist.Begin()+iOff, pIndex->GetKillList(), sizeof(SphDocID_t)*pIndex->GetKillListSize() ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:8578:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sFile [ SPH_MAX_FILENAME_LEN ]; data/sphinxsearch-2.2.11/src/sphinxrt.cpp:9421:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). const int iLockFD = ::open ( sName.cstr(), SPH_O_NEW, 0644 ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:10133:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * sTypes[iNumTypes] = { "rt_attr_uint", "rt_attr_bigint", "rt_attr_float", "rt_attr_timestamp", "rt_attr_string", "rt_attr_multi", "rt_attr_multi_64", "rt_attr_json", "rt_attr_bool" }; data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:1186:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( *ppRow, tSrc.m_pDocinfo, iStride*sizeof(CSphRowitem) ); data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:5651:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_tTestMatch.m_pDynamic, pCand->m_pDocinfo, m_iInlineRowitems*sizeof(CSphRowitem) ); data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:6635:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sErrorBuf [ SPH_UDF_ERROR_LEN ]; data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:8601:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pPack, m_dFieldTF.Begin(), m_dFieldTF.GetLength()*sizeof(m_dFieldTF[0]) ); data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:8885:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sTmp[MAX_STR_LEN]; data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:9467:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( &m_InlineAttrs[iLen], pChunk->m_pDocinfo, iStride*sizeof(CSphRowitem) ); data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:9566:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( &m_dDocs[0], &m_pNode->m_Docs[m_iDocIndex], sizeof(ExtDoc_t)*iDoc ); data/sphinxsearch-2.2.11/src/sphinxsort.cpp:780:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. inline static char * FormatInt ( char sBuf[32], T v ) data/sphinxsearch-2.2.11/src/sphinxsort.cpp:780:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. inline static char * FormatInt ( char sBuf[32], T v ) data/sphinxsearch-2.2.11/src/sphinxsort.cpp:1482:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sNew, sDst, iDst ); data/sphinxsearch-2.2.11/src/sphinxsort.cpp:1484:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sNew+iDst+1, sSrc, iSrc ); data/sphinxsearch-2.2.11/src/sphinxsort.cpp:1553:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_dRowBuf.Begin(), pOld->m_pDynamic, sizeof(m_dRowBuf[0]) * m_dRowBuf.GetLength() ); data/sphinxsearch-2.2.11/src/sphinxsort.cpp:2902:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf[32]; data/sphinxsearch-2.2.11/src/sphinxsort.cpp:4285:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pDst, pVal, iElemLen ); data/sphinxsearch-2.2.11/src/sphinxsort.cpp:4294:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pDst, pVal, iElemLen ); data/sphinxsearch-2.2.11/src/sphinxsort.cpp:4467:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sBuf1, pStr1, iLen ); data/sphinxsearch-2.2.11/src/sphinxsort.cpp:4468:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sBuf2, pStr2, iLen ); data/sphinxsearch-2.2.11/src/sphinxsort.cpp:4477:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pBuf1, pStr1, iLen ); data/sphinxsearch-2.2.11/src/sphinxsort.cpp:4478:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pBuf2, pStr2, iLen ); data/sphinxsearch-2.2.11/src/sphinxsort.cpp:4741:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_dBuf.Begin(), pStr, iLen ); data/sphinxsearch-2.2.11/src/sphinxstd.cpp:39:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuffer [ 1024 ]; data/sphinxsearch-2.2.11/src/sphinxstd.cpp:694:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf[1024]; data/sphinxsearch-2.2.11/src/sphinxstd.cpp:713:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf[1024]; data/sphinxsearch-2.2.11/src/sphinxstd.cpp:1295:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[64]; data/sphinxsearch-2.2.11/src/sphinxstd.h:1785:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_sValue, sValue, iLen ); data/sphinxsearch-2.2.11/src/sphinxstd.h:1801:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf[1024]; data/sphinxsearch-2.2.11/src/sphinxstd.h:1814:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf[1024]; data/sphinxsearch-2.2.11/src/sphinxstd.h:2024:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_sBuffer+m_iUsed, sText, iLen+1 ); data/sphinxsearch-2.2.11/src/sphinxstd.h:2037:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( m_sBuffer, rhs.m_sBuffer, m_iUsed+1 ); data/sphinxsearch-2.2.11/src/sphinxstd.h:2087:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pNew, m_sBuffer, m_iUsed+1 ); data/sphinxsearch-2.2.11/src/sphinxstd.h:2126:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). , m_iValue ( sString ? atoi ( sString ) : 0 ) data/sphinxsearch-2.2.11/src/sphinxstemcz.cpp:179:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. RemoveChars ( (char *) pRules[i].m_szSuffix, '!' ); data/sphinxsearch-2.2.11/src/sphinxstemcz.cpp:188:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. RemoveChars ( (char *) g_dPalatalizeRules[i].m_szSuffix, '!' ); data/sphinxsearch-2.2.11/src/sphinxstemcz.cpp:189:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. RemoveChars ( (char *) g_dPalatalizeRules[i].m_szAppend, '!' ); data/sphinxsearch-2.2.11/src/sphinxudf.c:146:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( out->field_tf, in, fields*sizeof(int) ); data/sphinxsearch-2.2.11/src/sphinxutils.cpp:358:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sMemLimit[256]; data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1000:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen ( sFileName, "rb" ); data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1013:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf [ L_BUFFER ] = { 0 }; data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1015:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sToken [ L_TOKEN ] = { 0 }; data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1242:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sStepback [ L_STEPBACK+1 ]; data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1243:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sStepback, sCtx, iCtx ); data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1564:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_all[20]; data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1854:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char CBuf[uMaxIndex+1]; data/sphinxsearch-2.2.11/src/sphinxutils.cpp:2030:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char g_sSafeInfoBuf [ 1024 ]; data/sphinxsearch-2.2.11/src/sphinxutils.cpp:2061:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char g_pBacktrace[4096]; data/sphinxsearch-2.2.11/src/sphinxutils.cpp:2063:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * g_pArgv[128] = { "addr2line", "-e", "./searchd", "0x0", NULL }; data/sphinxsearch-2.2.11/src/sphinxutils.cpp:2355:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sFileName[SPH_MAX_FILENAME_LEN]; data/sphinxsearch-2.2.11/src/sphinxutils.h:127:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_sError [ 1024 ]; data/sphinxsearch-2.2.11/src/testrt.cpp:182:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). COMMIT_STEP = atoi ( argv[1] ); data/sphinxsearch-2.2.11/src/tests.cpp:48:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen ( g_sTmpfile, "w+" ); data/sphinxsearch-2.2.11/src/tests.cpp:246:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). for ( int iCur=0; dTests[iCur] && atoi ( dTests[iCur++] )<=iRun; ) data/sphinxsearch-2.2.11/src/tests.cpp:301:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sTok4[SPH_MAX_WORD_LEN+1]; data/sphinxsearch-2.2.11/src/tests.cpp:572:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen ( sName, "rb" ); data/sphinxsearch-2.2.11/src/tests.cpp:735:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen ( "doc/sphinx.html", "rb" ); data/sphinxsearch-2.2.11/src/tests.cpp:749:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sRef, sBuf, iLen+1 ); data/sphinxsearch-2.2.11/src/tests.cpp:763:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( sBuf, sRef, iLen+1 ); data/sphinxsearch-2.2.11/src/tests.cpp:2018:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fpRes = fopen ( "benchsort/res.csv", "w+" ); data/sphinxsearch-2.2.11/src/tests.cpp:2046:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen ( sFile.cstr(), "w+" ); data/sphinxsearch-2.2.11/src/tests.cpp:2067:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen ( sHits, "rb+" ); data/sphinxsearch-2.2.11/src/tests.cpp:2515:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_dFields[m_iMaxFields][m_iMaxFieldLen]; data/sphinxsearch-2.2.11/src/tests.cpp:3047:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen ( CORPUS, "rb" ); data/sphinxsearch-2.2.11/src/tests.cpp:3111:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( p+1, pSnow->p, pSnow->l ); data/sphinxsearch-2.2.11/src/tests.cpp:3115:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/sphinxsearch-2.2.11/src/tests.cpp:3116:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( buf, p+1, *p+1 ); data/sphinxsearch-2.2.11/src/tests.cpp:3450:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf[64]; data/sphinxsearch-2.2.11/src/tests.cpp:3456:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sTest1[16] = "\xD9\x80\xD9\x80\xD9\x80\xD9\x80\0abcdef"; data/sphinxsearch-2.2.11/src/tests.cpp:3457:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sRef1[16] = "\0\0\0\0\0\0\0\0\0abcdef"; data/sphinxsearch-2.2.11/src/tests.cpp:3471:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( dTest22.Begin() + iOff, sTest2, sizeof(sTest2) ); data/sphinxsearch-2.2.11/src/tests.cpp:3829:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen ( g_sTmpfile, "wb" ); data/sphinxsearch-2.2.11/src/tests.cpp:3835:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen ( g_sTmpfile, "rb" ); data/sphinxsearch-2.2.11/src/tests.cpp:3869:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. CSphString sTmp ( (const char *)pFields[i] ); data/sphinxsearch-2.2.11/src/wordbreaker.cpp:233:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen ( sDict, "rb" ); data/sphinxsearch-2.2.11/src/wordbreaker.cpp:238:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf[512]; data/sphinxsearch-2.2.11/src/wordbreaker.cpp:251:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int iFreq = atoi(p); data/sphinxsearch-2.2.11/src/wordbreaker.cpp:402:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen ( sTestFile, "rb" ); data/sphinxsearch-2.2.11/src/wordbreaker.cpp:406:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf[1024]; data/sphinxsearch-2.2.11/src/wordbreaker.cpp:515:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen ( sBenchFile, "rb" ); data/sphinxsearch-2.2.11/src/wordbreaker.cpp:520:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf[512]; data/sphinxsearch-2.2.11/src/wordbreaker.cpp:563:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuf[1024]; data/sphinxsearch-2.2.11/src/yysphinxexpr.c:1075:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; data/sphinxsearch-2.2.11/src/yysphinxexpr.c:1267:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yymsgbuf[128]; data/sphinxsearch-2.2.11/src/yysphinxjson.c:832:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; data/sphinxsearch-2.2.11/src/yysphinxjson.c:1024:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yymsgbuf[128]; data/sphinxsearch-2.2.11/src/yysphinxql.c:2418:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; data/sphinxsearch-2.2.11/src/yysphinxql.c:2610:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yymsgbuf[128]; data/sphinxsearch-2.2.11/src/yysphinxquery.c:904:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; data/sphinxsearch-2.2.11/src/yysphinxquery.c:1096:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yymsgbuf[128]; data/sphinxsearch-2.2.11/src/yysphinxselect.c:1098:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; data/sphinxsearch-2.2.11/src/yysphinxselect.c:1290:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yymsgbuf[128]; data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:428:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return s ? chain ( client, s, 1+strlen(s) ) : NULL; data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:1101:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return s ? strlen(s) : 0; data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:1203:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = s ? (int)strlen(s) : 0; data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:1585:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen ( client->host ); data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:2306:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(index) data/sphinxsearch-2.2.11/api/libsphinxclient/sphinxclient.c:2307:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(words) data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:634:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). void SendString ( const char * v ) { int iLen = strlen(v); SendDword(iLen); SendBytes ( v, iLen ); } data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:846:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stat_print ( thd, sphinx_hton_name, strlen(sphinx_hton_name), _key, _keylen, _val, _vallen ); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:918:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sMessageType, strlen ( sMessageType ), data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:919:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pTls->m_pHeadTable->m_tStats.m_sLastMessage, strlen ( pTls->m_pHeadTable->m_tStats.m_sLastMessage ) ); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:946:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iLen = strlen(sSrc); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1191:97: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pShare = (CSphSEShare*) sphinx_hash_search ( &sphinx_open_tables, (const uchar *) table_name, strlen(table_name) ); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1194:96: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pShare = (CSphSEShare*) sphinx_hash_search ( &sphinx_open_tables, (const byte *) table_name, strlen(table_name) ); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1196:81: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pShare = (CSphSEShare*) sphinx_hash_search ( &sphinx_open_tables, table_name, strlen(table_name) ); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1222:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pShare->m_iTableNameLen = strlen(table_name); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1392:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * p = s + strlen(s); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1532:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( !strncmp ( sValue, dSortModes[i].m_sName, strlen ( dSortModes[i].m_sName ) ) ) data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1535:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_sSortBy = sValue + strlen ( dSortModes[i].m_sName ); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1562:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( !strncmp ( sValue, dGroupModes[i].m_sName, strlen ( dGroupModes[i].m_sName ) ) ) data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1565:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_sGroupBy = sValue + strlen ( dGroupModes[i].m_sName ); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1880:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen ( m_sSortBy ) data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1881:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen ( m_sQuery ) data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1882:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen ( m_sIndex ) data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1883:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen ( m_sGroupBy ) data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1884:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen ( m_sGroupSortBy ) data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1885:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen ( m_sGroupDistinct ) data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1886:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen ( m_sComment ) data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1887:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen ( m_sSelect ); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1889:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iReqSize += 4 + strlen(m_sRankExpr); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1893:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iReqSize += 12 + strlen ( tFilter.m_sAttrName ); // string attr-name; int type; int exclude-flag data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1902:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iReqSize += 16 + strlen ( m_sGeoLatAttr ) + strlen ( m_sGeoLongAttr ); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1902:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iReqSize += 16 + strlen ( m_sGeoLatAttr ) + strlen ( m_sGeoLongAttr ); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1904:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iReqSize += 8 + strlen(m_sIndexWeight[i] ); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1906:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iReqSize += 8 + strlen(m_sFieldWeight[i] ); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:1913:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iReqSize += strlen ( pOverride->m_sName ) + 12 + uSize*pOverride->m_dIds.elements(); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2206:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( saun.sun_path, sHost, sizeof(saun.sun_path)-1 ); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2292:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( pTable->m_tStats.m_sLastMessage, mysql_error ( pConn ), sizeof ( pTable->m_tStats.m_sLastMessage ) ); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2565:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( pTable->m_tStats.m_sLastMessage, sMessage, sizeof(pTable->m_tStats.m_sLastMessage) ); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2617:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strncmp ( sTableField, sAtPrefix, strlen(sAtPrefix) ) ) data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2619:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sTableField += strlen(sAtPrefix); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2761:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( pTable->m_sQuery, pString->str_value.c_ptr(), sizeof(pTable->m_sQuery) ); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2890:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_iCurrentKeyLen = strlen(pTable->m_sQuery); data/sphinxsearch-2.2.11/mysqlse/ha_sphinx.cc:2988:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( pTable->m_tStats.m_sLastMessage, sMessage, sizeof(pTable->m_tStats.m_sLastMessage) ); data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:103:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iLen = strlen(sSrc); data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:221:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). void SendString ( const char * v ) { SendString ( v, strlen(v) ); } data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:275:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iSize = 15 + strlen(m_sHost) + strlen(m_sIndex); data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:275:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iSize = 15 + strlen(m_sHost) + strlen(m_sIndex); data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:436:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( saun.sun_path, m_sHost, sizeof(saun.sun_path)-1 ); data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:643:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy ( sMessage, "insufficient arguments", MAX_MESSAGE_LENGTH ); data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:655:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy ( sMessage, "first three arguments must be of string type", MAX_MESSAGE_LENGTH ); data/sphinxsearch-2.2.11/mysqlse/snippets_udf.cc:665:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy ( sMessage, "failed to parse connection string", MAX_MESSAGE_LENGTH ); data/sphinxsearch-2.2.11/src/indexer.cpp:328:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define LOC_TOKEQ(_arg) ( iTokLen==(int)strlen(_arg) && strncasecmp ( sTok, _arg, iTokLen )==0 ) data/sphinxsearch-2.2.11/src/indexer.cpp:1510:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ::write ( STDERR_FILENO, sFail1, strlen(sFail1) ); data/sphinxsearch-2.2.11/src/indexer.cpp:1511:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ::write ( STDERR_FILENO, g_sMinidump, strlen(g_sMinidump) ); data/sphinxsearch-2.2.11/src/indexer.cpp:1512:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ::write ( STDERR_FILENO, sFail2, strlen(sFail2) ); data/sphinxsearch-2.2.11/src/indexer.cpp:1513:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ::write ( STDERR_FILENO, sFailVer, strlen(sFailVer) ); data/sphinxsearch-2.2.11/src/indextool.cpp:88:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen ( (char *)sToken ); data/sphinxsearch-2.2.11/src/indextool.cpp:438:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iTotalDocuments += atoi ( sBuffer+strlen(sSearch) ); data/sphinxsearch-2.2.11/src/indextool.cpp:480:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( sWord, dWords[i], sizeof ( dWords[i] ) ); data/sphinxsearch-2.2.11/src/llsphinxjson.c:651:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ data/sphinxsearch-2.2.11/src/llsphinxjson.c:1642:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return yy2_scan_bytes(yystr,strlen(yystr) ,yyscanner); data/sphinxsearch-2.2.11/src/llsphinxql.c:1069:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ data/sphinxsearch-2.2.11/src/llsphinxql.c:2669:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return yy_scan_bytes(yystr,strlen(yystr) ,yyscanner); data/sphinxsearch-2.2.11/src/searchd.cpp:1480:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat ( sBuf, "\n" ); // NOLINT data/sphinxsearch-2.2.11/src/searchd.cpp:1484:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sphWrite ( g_iLogFile, sTtyBuf, strlen(sTtyBuf) ); data/sphinxsearch-2.2.11/src/searchd.cpp:1486:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sphWrite ( g_iLogFile, sBuf, strlen(sBuf) ); data/sphinxsearch-2.2.11/src/searchd.cpp:1489:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sphWrite ( STDOUT_FILENO, sTtyBuf, strlen(sTtyBuf) ); data/sphinxsearch-2.2.11/src/searchd.cpp:1537:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * sTtyBuf = sBuf + strlen(sBuf); data/sphinxsearch-2.2.11/src/searchd.cpp:1538:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( sTtyBuf, sBanner, 32 ); // 32 is arbitrary; just something that is enough and keeps lint happy data/sphinxsearch-2.2.11/src/searchd.cpp:1540:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen(sBuf); data/sphinxsearch-2.2.11/src/searchd.cpp:1577:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( sLast, sBuf, iLen ); data/sphinxsearch-2.2.11/src/searchd.cpp:2451:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen ( sPath ); data/sphinxsearch-2.2.11/src/searchd.cpp:2472:14: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). int iMask = umask ( 0 ); data/sphinxsearch-2.2.11/src/searchd.cpp:2475:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask ( iMask ); data/sphinxsearch-2.2.11/src/searchd.cpp:2614:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen(sPart); data/sphinxsearch-2.2.11/src/searchd.cpp:3093:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = sStr ? strlen(sStr) : 0; data/sphinxsearch-2.2.11/src/searchd.cpp:3113:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen(sStr); data/sphinxsearch-2.2.11/src/searchd.cpp:3209:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen(sStr); data/sphinxsearch-2.2.11/src/searchd.cpp:3620:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iStrLen = strlen(sBuf); data/sphinxsearch-2.2.11/src/searchd.cpp:5876:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen ( sIndexes ) data/sphinxsearch-2.2.11/src/searchd.cpp:6543:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iQueryLen = strlen(szQuery); data/sphinxsearch-2.2.11/src/searchd.cpp:6571:63: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case SPH_MATCH_ANY: pQuery->m_eRanker = SPH_RANK_MATCHANY; strncpy ( szRes, "\"/1", 8 ); break; data/sphinxsearch-2.2.11/src/searchd.cpp:7123:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iLen = strlen ( pSrc ); data/sphinxsearch-2.2.11/src/searchd.cpp:7680:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return iRespLen + 4 +strlen ( pRes->m_sError.cstr() ); data/sphinxsearch-2.2.11/src/searchd.cpp:7683:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iRespLen += 4+strlen ( pRes->m_sWarning.cstr() ); data/sphinxsearch-2.2.11/src/searchd.cpp:7689:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iRespLen += 4 + strlen ( pRes->m_sWarning.cstr() ); data/sphinxsearch-2.2.11/src/searchd.cpp:7702:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iRespLen += 4 + strlen ( pRes->m_tSchema.m_dFields[i].m_sName.cstr() ); // namelen, name data/sphinxsearch-2.2.11/src/searchd.cpp:7704:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iRespLen += 8 + strlen ( pRes->m_tSchema.GetAttr(i).m_sName.cstr() ); // namelen, name, type data/sphinxsearch-2.2.11/src/searchd.cpp:7731:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iRespLen += 12 + strlen ( pRes->m_hWordStats.IterateGetKey().cstr() ); // wordlen, word, docs, hits data/sphinxsearch-2.2.11/src/searchd.cpp:7831:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iRespLen += strlen ( pStr ); data/sphinxsearch-2.2.11/src/searchd.cpp:8147:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen ( pString ); data/sphinxsearch-2.2.11/src/searchd.cpp:13084:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen ( sIndex ) data/sphinxsearch-2.2.11/src/searchd.cpp:13610:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iRespLen += 4 + strlen ( (const char *)dQueries[i].m_dRes.Begin() ); data/sphinxsearch-2.2.11/src/searchd.cpp:13667:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iRespLen += 4 + strlen ( dKeywords[i].m_sTokenized.cstr () ); data/sphinxsearch-2.2.11/src/searchd.cpp:13668:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iRespLen += 4 + strlen ( dKeywords[i].m_sNormalized.cstr () ); data/sphinxsearch-2.2.11/src/searchd.cpp:13727:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iReqSize = 4+strlen(sIndexes); // indexes string data/sphinxsearch-2.2.11/src/searchd.cpp:13730:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iReqSize += 8 + strlen ( m_tUpd.m_dAttrs[i] ); data/sphinxsearch-2.2.11/src/searchd.cpp:14046:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tOut.SendInt ( 8 + strlen ( sReport.cstr() ) ); data/sphinxsearch-2.2.11/src/searchd.cpp:14065:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_sPattern.Reserve ( 2*strlen ( sPattern ) ); data/sphinxsearch-2.2.11/src/searchd.cpp:14612:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iRespLen += 4 + strlen ( dStatus[i].cstr() ); data/sphinxsearch-2.2.11/src/searchd.cpp:15015:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iErrorLen = strlen(sError)+1; // including the trailing zero data/sphinxsearch-2.2.11/src/searchd.cpp:15068:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iMsgLen = strlen(sMessage) + 1; // FIXME! does or doesn't the trailing zero necessary in Ok packet? data/sphinxsearch-2.2.11/src/searchd.cpp:15159:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iLen = strlen ( sMsg ); data/sphinxsearch-2.2.11/src/searchd.cpp:16274:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tOut.SendInt ( strlen ( m_sName ) + 12 + m_iLength ); data/sphinxsearch-2.2.11/src/searchd.cpp:16488:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iReqSize = strlen(sIndexes) + m_sBegin.Length() + m_sEnd.Length(); // indexes string data/sphinxsearch-2.2.11/src/searchd.cpp:16497:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tOut.SendBytes ( sIndexes, strlen(sIndexes) ); data/sphinxsearch-2.2.11/src/searchd.cpp:17054:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iLen = strlen ( pString ); data/sphinxsearch-2.2.11/src/searchd.cpp:20265:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int iRes = ::read ( m_iFD, pBuf, iCount ); data/sphinxsearch-2.2.11/src/searchd.cpp:20398:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int iRes = ::read ( g_dPipes[i].m_iFD, &uStatus, sizeof(DWORD) ); data/sphinxsearch-2.2.11/src/searchd.cpp:20662:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen ( sSub.cstr() ) + 1 > sizeof(((struct sockaddr_un *)0)->sun_path) ) data/sphinxsearch-2.2.11/src/searchd.cpp:21861:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen(sBuf); data/sphinxsearch-2.2.11/src/searchd.cpp:21886:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sBuf += strlen(sBuf); data/sphinxsearch-2.2.11/src/searchd.cpp:21891:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iArgLen = strlen(sArg); data/sphinxsearch-2.2.11/src/searchd.cpp:22386:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen ( tDesc.m_sUnix.cstr() ); data/sphinxsearch-2.2.11/src/searchd.cpp:22500:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iRespLen = 4 + strlen(sMessage); data/sphinxsearch-2.2.11/src/searchd.cpp:22621:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy ( sClientName, "(local)", SPH_ADDRESS_SIZE ); data/sphinxsearch-2.2.11/src/searchd.cpp:23034:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen ( sVersion ); data/sphinxsearch-2.2.11/src/searchd.cpp:23036:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_iMysqlHandshake = sizeof(sHandshake1) + strlen(sVersion) + sizeof(sHandshake2) - 1; data/sphinxsearch-2.2.11/src/searchd.cpp:23040:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_iMysqlHandshake = sizeof(sHandshake1) + strlen(SPHINX_VERSION) + sizeof(sHandshake2) - 1; data/sphinxsearch-2.2.11/src/searchd.cpp:23157:3: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask ( 066 ); data/sphinxsearch-2.2.11/src/searchd.cpp:23500:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int iRead = ::read ( fdPipe, &uStatus, sizeof(DWORD) ); data/sphinxsearch-2.2.11/src/searchd.cpp:23822:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iPidLen = strlen(sPid); data/sphinxsearch-2.2.11/src/spelldump.cpp:153:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iPos = strlen ( szWordBuffer ) - 1; data/sphinxsearch-2.2.11/src/spelldump.cpp:255:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_iCondLen = szCondition ? strlen ( szCondition ) : 0; data/sphinxsearch-2.2.11/src/spelldump.cpp:256:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_iStripLen = szStrip ? strlen ( szStrip ) : 0; data/sphinxsearch-2.2.11/src/spelldump.cpp:257:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_iAppendLen = szAppend ? strlen ( szAppend ) : 0; data/sphinxsearch-2.2.11/src/spelldump.cpp:269:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_iWordLen = strlen ( sWord.cstr () ); data/sphinxsearch-2.2.11/src/spelldump.cpp:338:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( szTmp, sWord.cstr (), m_iWordLen - m_iStripLen ); data/sphinxsearch-2.2.11/src/spelldump.cpp:398:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( szTmp + m_iAppendLen, sWord.cstr () + m_iStripLen, m_iWordLen - m_iStripLen ); data/sphinxsearch-2.2.11/src/spelldump.cpp:778:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLengthL = strlen ( szRangeL ); data/sphinxsearch-2.2.11/src/spelldump.cpp:779:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLengthU = strlen ( szRangeU ); data/sphinxsearch-2.2.11/src/spelldump.cpp:1094:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iFlagLen = strlen ( pWord->m_sFlags.cstr () ); data/sphinxsearch-2.2.11/src/spelldump.cpp:1164:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iWordLength = strlen ( dWords[i].m_sWord.cstr() ); data/sphinxsearch-2.2.11/src/sphinx.cpp:362:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int64_t iRead = ::read ( iFD, pBuf, iCount ); data/sphinxsearch-2.2.11/src/sphinx.cpp:1491:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pTokenizer->SetBuffer ( (const BYTE*)szQuery, strlen(szQuery) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:1852:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iExp = strlen ( sExp ); data/sphinxsearch-2.2.11/src/sphinx.cpp:1853:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iMacro = strlen ( sMacro ); data/sphinxsearch-2.2.11/src/sphinx.cpp:1857:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iRes = strlen ( sTemplate ); data/sphinxsearch-2.2.11/src/sphinx.cpp:1873:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( sOut, sLast, sCur-sLast ); sOut += sCur-sLast; data/sphinxsearch-2.2.11/src/sphinx.cpp:1882:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert ( (int)strlen(sRes)==iRes ); data/sphinxsearch-2.2.11/src/sphinx.cpp:2291:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (int)strlen(sFrom) > MAX_KEYWORD_BYTES ) data/sphinxsearch-2.2.11/src/sphinx.cpp:2293:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (int)strlen(sTo)>MAX_KEYWORD_BYTES ) data/sphinxsearch-2.2.11/src/sphinx.cpp:2823:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_iFirst = strlen ( (const char*)pFirst ); data/sphinxsearch-2.2.11/src/sphinx.cpp:2842:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iSecond = strlen ( (const char*)pSecond ); data/sphinxsearch-2.2.11/src/sphinx.cpp:2863:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert ( m_iFirst + strlen ( (const char*)pSecond ) < sizeof(m_sBuf) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:2892:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( (char *)tToken.m_sToken, (const char *)sToken, sizeof(tToken.m_sToken) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:3074:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iTokenLen = strlen ( (const char*)pToken ); data/sphinxsearch-2.2.11/src/sphinx.cpp:3144:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iTokenLen = strlen ( (const char *)pToken ); data/sphinxsearch-2.2.11/src/sphinx.cpp:3344:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (const char*)m_dUTF8Buffer + strlen ( (const char*)m_dUTF8Buffer ); data/sphinxsearch-2.2.11/src/sphinx.cpp:3356:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SetBuffer ( (const BYTE*)sNewPtr, strlen ( sNewPtr ) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:3469:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( (char*)m_dUTF8Buffer, RPL_SPECIAL_STOPWORD, MAX_TOKEN_LEN ); data/sphinxsearch-2.2.11/src/sphinx.cpp:3499:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( (char*)m_dUTF8Buffer, RPL_SPECIAL_STOPWORD, MAX_TOKEN_LEN ); data/sphinxsearch-2.2.11/src/sphinx.cpp:3940:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iSpecials = strlen(sSpecials); data/sphinxsearch-2.2.11/src/sphinx.cpp:4038:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( sErrorBuffer, m_pCurrent, sizeof(sErrorBuffer) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:5096:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iQueryLen = sQuery ? strlen ( sQuery ) : 0; data/sphinxsearch-2.2.11/src/sphinx.cpp:5580:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( (char*)m_sAccumBlend, (char*)m_sAccum, sizeof(m_sAccumBlend) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:5912:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return ( iCheck==(int)strlen(sRef) && memcmp ( sCheck, sRef, iCheck )==0 ); data/sphinxsearch-2.2.11/src/sphinx.cpp:6102:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( (char*)m_sAccum, (char*)pMapTo, sizeof(m_sAccum) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:6106:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_iLastTokenLen = strlen ( (char*)m_sAccum ); data/sphinxsearch-2.2.11/src/sphinx.cpp:6455:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( (char *)tStart.m_sToken, m_pCurrentForm->m_dNormalForm[m_iOutputPending].m_sForm.cstr(), sizeof(tStart.m_sToken) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:6602:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( (char *)tEnd.m_sToken, pCurForm->m_dNormalForm[0].m_sForm.cstr(), sizeof(tEnd.m_sToken) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:6624:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( (char *)tDst.m_sToken, pCurForm->m_dNormalForm[0].m_sForm.cstr(), sizeof(tDst.m_sToken) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:7028:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen(sRef); data/sphinxsearch-2.2.11/src/sphinx.cpp:7049:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( szNumber, m_pStart+pVal->m_iStart, iLen ); data/sphinxsearch-2.2.11/src/sphinx.cpp:7918:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = szString ? strlen ( szString ) : 0; data/sphinxsearch-2.2.11/src/sphinx.cpp:7937:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert ( strlen(sTag)<64 ); // huge tags are nonsense data/sphinxsearch-2.2.11/src/sphinx.cpp:7938:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). PutBytes ( sTag, strlen(sTag) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:8432:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert ( strlen(sTag)<64 ); // huge tags are nonsense data/sphinxsearch-2.2.11/src/sphinx.cpp:8434:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen(sTag); data/sphinxsearch-2.2.11/src/sphinx.cpp:8792:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( (char*)m_sLastKeyword, (char*)m_sKeyword, sizeof(m_sLastKeyword) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:11241:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert ( strlen ( (char *)pHit->m_sKeyword )<sizeof(m_sLastKeyword)-1 ); data/sphinxsearch-2.2.11/src/sphinx.cpp:11242:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( (char*)m_tLastHit.m_sKeyword, (char*)pHit->m_sKeyword, sizeof(m_sLastKeyword) ); // OPTIMIZE? data/sphinxsearch-2.2.11/src/sphinx.cpp:11380:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen ( tCol.m_sName.cstr() ); data/sphinxsearch-2.2.11/src/sphinx.cpp:11557:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen ( pKeyword ); // OPTIMIZE! remove this and memcpy and check if thats faster data/sphinxsearch-2.2.11/src/sphinx.cpp:12975:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = sData ? strlen ( sData ) : 0; data/sphinxsearch-2.2.11/src/sphinx.cpp:14242:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert ( iMatch<=(int)strlen(m_sWord) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:15094:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert ( strlen ( (const char*)pWord ) < 16+3*SPH_MAX_WORD_LEN ); data/sphinxsearch-2.2.11/src/sphinx.cpp:15101:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen ( (const char*)pWord ); data/sphinxsearch-2.2.11/src/sphinx.cpp:15147:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen ( (const char*)pWord ); data/sphinxsearch-2.2.11/src/sphinx.cpp:15172:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iLen = strlen ( (const char*)pWord ); data/sphinxsearch-2.2.11/src/sphinx.cpp:15250:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen ( (const char*)pWord ); data/sphinxsearch-2.2.11/src/sphinx.cpp:16104:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iWordLen = sWord ? strlen ( sWord ) : 0; data/sphinxsearch-2.2.11/src/sphinx.cpp:16892:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_pTokenizer->SetBuffer ( (BYTE*)sBuf.cstr(), strlen ( sBuf.cstr() ) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:17971:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( (char *)sTokenized, sMultiform ? (const char*)sMultiform : (const char*)sWord, sizeof(sTokenized) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:17994:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( (char *)sTokenized, dKeywords[iTokenized].m_sNormalized.scstr(), sizeof(sTokenized) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:18012:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( (char *)sTmp, dChildren[iChild]->m_dWords[iAotKeyword].m_sWord.scstr(), sizeof(sTmp) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:18014:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( (char *)sTmp2, dKeywords[iTokenized].m_sTokenized.scstr(), sizeof(sTmp2) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:18136:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pTokenizer->SetBuffer ( (const BYTE *)szQuery, strlen(szQuery) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:18612:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int iLen = strlen ( sFull ); data/sphinxsearch-2.2.11/src/sphinx.cpp:18960:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( sBuf, tKeyword.m_sWord.cstr(), sizeof(sBuf) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:18992:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( sBuf, dLemmas[i].cstr(), sizeof(sBuf) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:19979:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int iLastWordLen = strlen(sLastWord); data/sphinxsearch-2.2.11/src/sphinx.cpp:20007:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int iNewWordLen = strlen(sWord); data/sphinxsearch-2.2.11/src/sphinx.cpp:20069:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int iLen = strlen ( sWord ); data/sphinxsearch-2.2.11/src/sphinx.cpp:20094:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int iLen = bWordDict ? strlen ( tCP.m_sWord ) : 0; data/sphinxsearch-2.2.11/src/sphinx.cpp:20100:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i, tCP.m_sWord, (DWORD)strlen ( tCP.m_sWord ), (int64_t)tCP.m_iWordlistOffset, data/sphinxsearch-2.2.11/src/sphinx.cpp:20101:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tRefCP.m_sWord, (DWORD)strlen ( tRefCP.m_sWord ), (int64_t)tRefCP.m_iWordlistOffset )); data/sphinxsearch-2.2.11/src/sphinx.cpp:20187:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int iLastWordLen = strlen(sWord); data/sphinxsearch-2.2.11/src/sphinx.cpp:21812:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLength = strlen ( (const char *)(pWord + 1) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:21868:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLength = strlen ( (const char *)(pWord + 1) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:21903:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). CSphFixedVector<char> dList ( 1+strlen(sFiles) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:22144:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( GetWordID ( pFrom, strlen ( (const char*)pFrom ), true ) ) data/sphinxsearch-2.2.11/src/sphinx.cpp:22177:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bool bFirstDestIsStop = !GetWordID ( pTo, strlen ( (const char*)pTo ), true ); data/sphinxsearch-2.2.11/src/sphinx.cpp:22186:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bool bStop = ( !GetWordID ( pDestToken, strlen ( (const char*)pDestToken ), true ) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:22651:80: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const sb_symbol * sStemmed = sb_stemmer_stem ( pStemmer, (sb_symbol*)pWord, strlen ( (const char*)pWord ) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:23176:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wrDict.PutBytes ( g_sTagInfixEntries, strlen ( g_sTagInfixEntries ) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:23316:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wrDict.PutBytes ( g_sTagInfixBlocks, strlen ( g_sTagInfixBlocks ) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:23324:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iBytes = strlen ( m_dBlocks[i].m_sInfix ); data/sphinxsearch-2.2.11/src/sphinx.cpp:23837:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int iLen = strlen ( tWord.m_sKeyword ); // OPTIMIZE? data/sphinxsearch-2.2.11/src/sphinx.cpp:23913:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int iLen = strlen ( m_dCheckpoints[i].m_sWord ); data/sphinxsearch-2.2.11/src/sphinx.cpp:23992:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen ( pWord->m_sKeyword ); data/sphinxsearch-2.2.11/src/sphinx.cpp:24033:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen ( (char*)tEntry.m_sKeyword ) + 1; data/sphinxsearch-2.2.11/src/sphinx.cpp:24090:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen ( (const char *)pWord ); data/sphinxsearch-2.2.11/src/sphinx.cpp:24100:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen ( (const char *)pWord ); data/sphinxsearch-2.2.11/src/sphinx.cpp:24110:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen ( (const char *)pWord ); data/sphinxsearch-2.2.11/src/sphinx.cpp:24374:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen ( (const char *)pWord ); data/sphinxsearch-2.2.11/src/sphinx.cpp:24540:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_dTags[i].m_iTagLen = strlen ( dKnown[i] ); data/sphinxsearch-2.2.11/src/sphinx.cpp:24603:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( sTag, s, p-s ); data/sphinxsearch-2.2.11/src/sphinx.cpp:24624:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_dTags.Last().m_iTagLen = strlen ( sTag ); data/sphinxsearch-2.2.11/src/sphinx.cpp:24644:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( sAttr, s, p-s ); data/sphinxsearch-2.2.11/src/sphinx.cpp:24707:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_dTags.Last().m_iTagLen = strlen ( sTag.cstr() ); data/sphinxsearch-2.2.11/src/sphinx.cpp:24743:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dTag.m_iTagLen = strlen(sTag); data/sphinxsearch-2.2.11/src/sphinx.cpp:25502:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen ( pTag->m_dAttrs[iAttr].cstr() ); data/sphinxsearch-2.2.11/src/sphinx.cpp:25809:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( (char *)dStorage.Begin(), sRe2.c_str(), dStorage.GetLength() ); data/sphinxsearch-2.2.11/src/sphinx.cpp:25828:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if ( strstr ( sSplit + strlen ( sSplitter ), sSplitter ) ) data/sphinxsearch-2.2.11/src/sphinx.cpp:25837:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tRegExp.m_sTo = sSplit + strlen ( sSplitter ); data/sphinxsearch-2.2.11/src/sphinx.cpp:26046:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen(sLine); data/sphinxsearch-2.2.11/src/sphinx.cpp:26473:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iBytes = strlen ( (const char*)sWord ); data/sphinxsearch-2.2.11/src/sphinx.cpp:26501:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iStemmedLen = strlen ( ( const char *)sBuf ); data/sphinxsearch-2.2.11/src/sphinx.cpp:26621:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iBytes = strlen ( (const char*)sWord ); data/sphinxsearch-2.2.11/src/sphinx.cpp:26631:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iBytes = strlen ( (const char*)sWord ); data/sphinxsearch-2.2.11/src/sphinx.cpp:26719:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iFieldBytes = (int) strlen ( (char*)sField ); data/sphinxsearch-2.2.11/src/sphinx.cpp:26732:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iFieldBytes = (int) strlen ( (char*)sField ); data/sphinxsearch-2.2.11/src/sphinx.cpp:26743:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iFieldBytes = (int) strlen ( (char*)sTextToIndex ); data/sphinxsearch-2.2.11/src/sphinx.cpp:26832:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( szBuf, pDigit, pPtr - pDigit ); data/sphinxsearch-2.2.11/src/sphinx.cpp:26958:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strncmp ( dMacroses[i], sCur, strlen ( dMacroses[i] ) )==0 ) data/sphinxsearch-2.2.11/src/sphinx.cpp:26960:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sCur += strlen ( dMacroses[i] ); data/sphinxsearch-2.2.11/src/sphinx.cpp:26961:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iLen += strlen ( dValues[i] ); data/sphinxsearch-2.2.11/src/sphinx.cpp:26984:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strncmp ( dMacroses[i], sCur, strlen ( dMacroses[i] ) )==0 ) data/sphinxsearch-2.2.11/src/sphinx.cpp:26987:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sCur += strlen ( dMacroses[i] ); data/sphinxsearch-2.2.11/src/sphinx.cpp:26988:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sDst += strlen ( dValues[i] ); data/sphinxsearch-2.2.11/src/sphinx.cpp:29235:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iBufLen = strlen ( sBuf ); data/sphinxsearch-2.2.11/src/sphinx.cpp:29240:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iBufLen = strlen ( sBuf ); data/sphinxsearch-2.2.11/src/sphinx.cpp:29649:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen(szName); data/sphinxsearch-2.2.11/src/sphinx.cpp:30688:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || !strncmp ( szDriver, "SQL Server Native Client", strlen("SQL Server Native Client") ) ) data/sphinxsearch-2.2.11/src/sphinx.cpp:31604:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iCheckpointOnlySize = (int)(m_iInfixBlocksOffset - strlen ( g_sTagInfixBlocks ) - m_iDictCheckpointsOffset); data/sphinxsearch-2.2.11/src/sphinx.cpp:31694:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_iWordsEnd = m_dInfixBlocks.Begin()->m_iOffset - strlen ( g_sTagInfixEntries ); data/sphinxsearch-2.2.11/src/sphinx.cpp:31696:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_iWordsEnd -= strlen ( g_sTagInfixEntries ); data/sphinxsearch-2.2.11/src/sphinx.cpp:31769:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert ( iMatch<=(int)strlen ( (char *)m_sWord ) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:32061:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( sphDictCmp ( sSubstring, iSubLen, pCheckpoint->m_sWord, strlen ( pCheckpoint->m_sWord ) )<0 ) data/sphinxsearch-2.2.11/src/sphinx.cpp:32451:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen ( (const char *)sWord ); data/sphinxsearch-2.2.11/src/sphinx.cpp:32680:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iWordsEnd = rdDict.UnzipInt() - strlen ( g_sTagInfixEntries ); data/sphinxsearch-2.2.11/src/sphinx.cpp:32876:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int iLen = strlen ( (const char*)pReader->GetWord() ); data/sphinxsearch-2.2.11/src/sphinx.cpp:32970:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wrDict.PutBytes ( g_sTagInfixBlocks, strlen ( g_sTagInfixBlocks ) ); data/sphinxsearch-2.2.11/src/sphinx.cpp:33247:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( sBuf, sWord.cstr(), sizeof(sBuf) ); data/sphinxsearch-2.2.11/src/sphinxaot.cpp:705:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const char * b = a + strlen(a) - 1; data/sphinxsearch-2.2.11/src/sphinxaot.cpp:1504:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( (char*)m_sToken, (char*)m_sOrigToken, sizeof(m_sToken) ); data/sphinxsearch-2.2.11/src/sphinxaot.cpp:1576:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( (char*)m_sOrigToken, (char*)pToken, sizeof(m_sOrigToken) ); data/sphinxsearch-2.2.11/src/sphinxaot.cpp:1631:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( (char*)m_sToken, (char*)m_sOrigToken, sizeof(m_sToken) ); data/sphinxsearch-2.2.11/src/sphinxaot.cpp:1721:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( (char*)m_sOrigToken, (char*)pToken, sizeof(m_sOrigToken) ); data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:340:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen ( sWord ); data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:443:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iQueryLen = strlen ( sQuery ); // FIXME!!! get length as argument data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:469:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( (char *)m_sTmpWord, MAGIC_WORD_SENTENCE, sizeof(m_sTmpWord) ); data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:470:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). AddWord ( pDict->GetWordID ( m_sTmpWord ), strlen ( (char*)m_sTmpWord ), iQPos ); data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:475:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( (char *)m_sTmpWord, MAGIC_WORD_PARAGRAPH, sizeof(m_sTmpWord) ); data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:476:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). AddWord ( pDict->GetWordID ( m_sTmpWord ), strlen ( (char*)m_sTmpWord ), iQPos ); data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:484:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). AddWord ( pDict->GetWordID ( m_sTmpWord ), strlen ( (char*)m_sTmpWord ), iQPos ); data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:590:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen ( sWord ); data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:622:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( (char *)m_sTmpWord, tWord.m_sWord.cstr(), sizeof(m_sTmpWord) ); data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:1190:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( (char *)m_sTmpWord, MAGIC_WORD_SENTENCE, sizeof(m_sTmpWord) ); data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:1192:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( (char *)m_sTmpWord, MAGIC_WORD_PARAGRAPH, sizeof(m_sTmpWord) ); data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:1278:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( (char *)m_sTmpWord, tWord.m_sWord.cstr(), sizeof(m_sTmpWord) ); data/sphinxsearch-2.2.11/src/sphinxexcerpt.cpp:3856:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iDataLen = strlen ( pData ); data/sphinxsearch-2.2.11/src/sphinxexpr.cpp:983:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen ( (const char*) *ppStr ); data/sphinxsearch-2.2.11/src/sphinxexpr.cpp:1915:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iHash = strlen ( sKey ); data/sphinxsearch-2.2.11/src/sphinxexpr.cpp:3137:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = ( pRes ? strlen(pRes) : 0 ); data/sphinxsearch-2.2.11/src/sphinxexpr.cpp:3211:68: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert ( iNameStart>=0 && iNameLen>0 && iNameStart+iNameLen<=(int)strlen ( m_sExpr ) ); data/sphinxsearch-2.2.11/src/sphinxint.h:1790:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return sphDictCmp ( sWord, iLen, tCP.m_sWord, strlen ( tCP.m_sWord ) ); data/sphinxsearch-2.2.11/src/sphinxint.h:1802:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return sphDictCmpStrictly ( sWord, iLen, tCP.m_sWord, strlen ( tCP.m_sWord ) ); data/sphinxsearch-2.2.11/src/sphinxint.h:2460:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_dFieldLengths[i] = pFields[i] ? strlen ( (const char*)pFields[i] ) : 0; data/sphinxsearch-2.2.11/src/sphinxint.h:2501:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_dFieldLengths[i] = strlen ( (const char *)pFields[i] ); data/sphinxsearch-2.2.11/src/sphinxint.h:2529:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iTokenLen = strlen ( (const char*)pToken ); data/sphinxsearch-2.2.11/src/sphinxint.h:2568:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iTokenLen = strlen ( (const char *)pToken ); data/sphinxsearch-2.2.11/src/sphinxint.h:2600:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). AppendToField ( pCurDoc, iField, tStored.m_sToken, strlen ( (const char*)tStored.m_sToken ), m_pMarkerMorph ); data/sphinxsearch-2.2.11/src/sphinxjson.cpp:564:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen ( sData ); data/sphinxsearch-2.2.11/src/sphinxmetaphone.cpp:596:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLength = strlen ( (const char *)pWord ); data/sphinxsearch-2.2.11/src/sphinxmetaphone.cpp:617:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Word.iLengthPadded = strlen ( (const char *)sOriginal ); data/sphinxsearch-2.2.11/src/sphinxquery.cpp:441:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iPrefix = strlen(sPrefix); data/sphinxsearch-2.2.11/src/sphinxquery.cpp:460:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iPrefix = strlen(sPrefix); data/sphinxsearch-2.2.11/src/sphinxquery.cpp:1075:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( (char*)sTmp, sToken, MAX_TOKEN_BYTES ); data/sphinxsearch-2.2.11/src/sphinxquery.cpp:1711:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int OPTION_RELAXED_LEN = strlen ( OPTION_RELAXED ); data/sphinxsearch-2.2.11/src/sphinxquery.cpp:1745:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_iQueryLen = sQuery ? strlen(sQuery) : 0; data/sphinxsearch-2.2.11/src/sphinxrt.cpp:1614:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = pStr ? strlen ( pStr ) : 0; data/sphinxsearch-2.2.11/src/sphinxrt.cpp:1764:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = pStr ? strlen ( pStr ) : 0; data/sphinxsearch-2.2.11/src/sphinxrt.cpp:4720:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iCalcWordLen = strlen ( (const char *)sWord+1 ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:5091:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int iLen = m_bKeywordDict ? strlen ( tCP.m_sWord ) : 0; data/sphinxsearch-2.2.11/src/sphinxrt.cpp:5092:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( m_bKeywordDict && ( !tCP.m_sWord || ( !strlen ( tRefCP.m_sWord ) || !strlen ( tCP.m_sWord ) ) ) ) data/sphinxsearch-2.2.11/src/sphinxrt.cpp:5092:78: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( m_bKeywordDict && ( !tCP.m_sWord || ( !strlen ( tRefCP.m_sWord ) || !strlen ( tCP.m_sWord ) ) ) ) data/sphinxsearch-2.2.11/src/sphinxrt.cpp:5095:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i, iSegment, tCP.m_sWord, (DWORD)strlen ( tCP.m_sWord ), tCP.m_iOffset, data/sphinxsearch-2.2.11/src/sphinxrt.cpp:5096:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tRefCP.m_sWord, (DWORD)strlen ( tRefCP.m_sWord ), tRefCP.m_iOffset )); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:6220:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iCheckpointNameLen = strlen ( pCurCheckpoint->m_sWord ); data/sphinxsearch-2.2.11/src/sphinxrt.cpp:7480:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pTokenizer->SetBuffer ( (BYTE *)sQuery, strlen ( sQuery ) ); data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:1212:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( (char*)sTmp, tWord.m_sWord.cstr(), sizeof(sTmp) ); data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:1526:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( (char*)sTmpWord, m_tWord.m_sWord.cstr(), sizeof(sTmpWord) ); data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:7843:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen ( sArgs ); data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:8900:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iValLen = strlen ( dVal.Begin() ); data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:8901:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iTotalLen = iValLen+strlen(sTmp); data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:8913:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iValLen = strlen ( dVal.Begin() ); data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:8914:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iTotalLen = iValLen+strlen(sTmp); data/sphinxsearch-2.2.11/src/sphinxsearch.cpp:8971:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen ( szWord ); data/sphinxsearch-2.2.11/src/sphinxsort.cpp:783:10: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. return strncpy ( sBuf, "-2147483648", 32 ); data/sphinxsearch-2.2.11/src/sphinxsort.cpp:785:10: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. return strncpy ( sBuf, "-9223372036854775808", 32 ); data/sphinxsearch-2.2.11/src/sphinxsort.cpp:1479:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iSrc = strlen ( sSrc ); data/sphinxsearch-2.2.11/src/sphinxsort.cpp:1480:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iDst = strlen ( sDst ); data/sphinxsearch-2.2.11/src/sphinxsort.cpp:3518:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen(sBuffer); data/sphinxsearch-2.2.11/src/sphinxsort.cpp:3713:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tState.m_tSubKeys[iField] = JsonKey_t ( pTok, strlen ( pTok ) ); data/sphinxsearch-2.2.11/src/sphinxsort.cpp:3724:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tState.m_tSubKeys[iField] = JsonKey_t ( pTok, strlen ( pTok ) ); data/sphinxsearch-2.2.11/src/sphinxsort.cpp:3737:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tState.m_tSubKeys[iField] = JsonKey_t ( pTok, strlen(pTok) ); data/sphinxsearch-2.2.11/src/sphinxstd.cpp:126:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * pTrace = (char*) ::malloc ( strlen(sTrace) + 1 ); data/sphinxsearch-2.2.11/src/sphinxstd.h:1716:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = 1+strlen(sString); data/sphinxsearch-2.2.11/src/sphinxstd.h:1747:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = 1+strlen(rhs.m_sValue); data/sphinxsearch-2.2.11/src/sphinxstd.h:1760:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen(m_sValue); data/sphinxsearch-2.2.11/src/sphinxstd.h:1768:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( sRes.m_sValue, m_sValue+iStart, iCount ); data/sphinxsearch-2.2.11/src/sphinxstd.h:1853:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strncmp ( m_sValue, sPrefix, strlen(sPrefix) )==0; data/sphinxsearch-2.2.11/src/sphinxstd.h:1861:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iVal = strlen ( m_sValue ); data/sphinxsearch-2.2.11/src/sphinxstd.h:1862:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iSuffix = strlen ( sSuffix ); data/sphinxsearch-2.2.11/src/sphinxstd.h:1873:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const char * sEnd = m_sValue + strlen(m_sValue) - 1; data/sphinxsearch-2.2.11/src/sphinxstd.h:1883:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return m_sValue ? (int)strlen(m_sValue) : 0; data/sphinxsearch-2.2.11/src/sphinxstd.h:2019:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen ( sText ); data/sphinxsearch-2.2.11/src/sphinxstemar.cpp:80:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define AR_WORD_LENGTH ((int)(strlen((char*)word) / sizeof(ar_char))) data/sphinxsearch-2.2.11/src/sphinxstemcz.cpp:125:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iWordLength = strlen ( (char*)word ); data/sphinxsearch-2.2.11/src/sphinxstemcz.cpp:149:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iWordLength = strlen ( (char *)word ); data/sphinxsearch-2.2.11/src/sphinxstemcz.cpp:167:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLength = strlen ( szString ); data/sphinxsearch-2.2.11/src/sphinxutils.cpp:65:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * p = sLine + strlen(sLine) - 1; data/sphinxsearch-2.2.11/src/sphinxutils.cpp:359:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ( sMemLimit, pEntry->cstr(), sizeof(sMemLimit) ); data/sphinxsearch-2.2.11/src/sphinxutils.cpp:362:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen ( sMemLimit ); data/sphinxsearch-2.2.11/src/sphinxutils.cpp:901:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). iBytesRead = read ( iRead, (void*)&(dResult [iTotalRead]), BUFFER_SIZE ); data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1025:28: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). #define LOC_ERROR(_msg) { strncpy ( m_sError, _msg, sizeof(m_sError) ); break; } data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1046:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen(sBuf); data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1233:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(m_sError) ) data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1339:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iLen = strlen ( szPathName ); data/sphinxsearch-2.2.11/src/sphinxutils.cpp:1965:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int iValue = strlen ( pValue ); data/sphinxsearch-2.2.11/src/tests.cpp:163:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pTokenizer->SetBuffer ( (BYTE*)dTests[iCur], strlen ( dTests[iCur] ) ); data/sphinxsearch-2.2.11/src/tests.cpp:249:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pTokenizer->SetBuffer ( (BYTE*)dTests[iCur], strlen ( dTests[iCur] ) ); data/sphinxsearch-2.2.11/src/tests.cpp:272:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pTokenizer->SetBuffer ( (BYTE*)dTests2[iCur], strlen ( dTests2[iCur] ) ); data/sphinxsearch-2.2.11/src/tests.cpp:305:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pTokenizer->SetBuffer ( (BYTE*)sLine4, strlen(sLine4) ); data/sphinxsearch-2.2.11/src/tests.cpp:329:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pShortTokenizer->SetBuffer ( (BYTE*)(dTestsShort [iCur]), strlen ( (const char*)dTestsShort [iCur] ) ); data/sphinxsearch-2.2.11/src/tests.cpp:351:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pTokenizer->SetBuffer ( (BYTE*)sLine4, strlen(sLine4) ); data/sphinxsearch-2.2.11/src/tests.cpp:364:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pTokenizer->SetBuffer ( (BYTE*)sLine4, strlen(sLine4) ); data/sphinxsearch-2.2.11/src/tests.cpp:379:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pTokenizer->SetBuffer ( (BYTE*)sLine5, strlen(sLine5) ); data/sphinxsearch-2.2.11/src/tests.cpp:390:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pTokenizer->SetBuffer ( (BYTE*)sLine6, strlen(sLine6) ); data/sphinxsearch-2.2.11/src/tests.cpp:429:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pTokenizer->SetBuffer ( (BYTE*)sTest1, strlen(sTest1) ); data/sphinxsearch-2.2.11/src/tests.cpp:440:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pTokenizer->SetBuffer ( (BYTE*)sTest2, strlen(sTest2) ); data/sphinxsearch-2.2.11/src/tests.cpp:449:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pTokenizer->SetBuffer ( (BYTE*)sTest3, strlen(sTest3) ); data/sphinxsearch-2.2.11/src/tests.cpp:467:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pTokenizer->SetBuffer ( (BYTE*)sTest4, strlen(sTest4) ); data/sphinxsearch-2.2.11/src/tests.cpp:477:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pTokenizer->SetBuffer ( (BYTE*)sTest5, strlen(sTest5) ); data/sphinxsearch-2.2.11/src/tests.cpp:487:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pTokenizer->SetBuffer ( (BYTE*)sTest6, strlen(sTest6) ); data/sphinxsearch-2.2.11/src/tests.cpp:497:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pTokenizer->SetBuffer ( (BYTE*)sTest7, strlen(sTest7) ); data/sphinxsearch-2.2.11/src/tests.cpp:515:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pTokenizer->SetBuffer ( (BYTE*)sTest10, strlen(sTest10) ); data/sphinxsearch-2.2.11/src/tests.cpp:532:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pTokenizer->SetBuffer ( (BYTE*)sTest20, strlen(sTest20) ); data/sphinxsearch-2.2.11/src/tests.cpp:2898:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pTok->SetBuffer ( (BYTE*)sTest[i], strlen ( sTest[i] ) ); data/sphinxsearch-2.2.11/src/tests.cpp:3035:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SN_set_current ( pSnow, strlen(test), (const symbol *)test ); data/sphinxsearch-2.2.11/src/tests.cpp:3038:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stem_en ( (BYTE*)test, strlen(test) ); data/sphinxsearch-2.2.11/src/tests.cpp:3119:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int ll = strlen ( (char*)p+1 ); data/sphinxsearch-2.2.11/src/tests.cpp:3831:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fwrite ( dTest[iTest], 1, strlen ( dTest[iTest] ), fp ); data/sphinxsearch-2.2.11/src/wordbreaker.cpp:291:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int iLen = strlen(sWord); data/sphinxsearch-2.2.11/src/wordbreaker.cpp:389:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * e = p + strlen(p) - 1; data/sphinxsearch-2.2.11/src/wordbreaker.cpp:571:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * pMax = sBuf + strlen(sBuf); data/sphinxsearch-2.2.11/src/yysphinxexpr.c:975:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define yystrlen strlen data/sphinxsearch-2.2.11/src/yysphinxjson.c:732:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define yystrlen strlen data/sphinxsearch-2.2.11/src/yysphinxql.c:2318:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define yystrlen strlen data/sphinxsearch-2.2.11/src/yysphinxquery.c:804:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define yystrlen strlen data/sphinxsearch-2.2.11/src/yysphinxselect.c:998:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define yystrlen strlen ANALYSIS SUMMARY: Hits = 1033 Lines analyzed = 157149 in approximately 3.90 seconds (40337 lines/second) Physical Source Lines of Code (SLOC) = 117805 Hits@level = [0] 812 [1] 373 [2] 518 [3] 2 [4] 140 [5] 0 Hits@level+ = [0+] 1845 [1+] 1033 [2+] 660 [3+] 142 [4+] 140 [5+] 0 Hits/KSLOC@level+ = [0+] 15.6615 [1+] 8.76873 [2+] 5.60248 [3+] 1.20538 [4+] 1.1884 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.